1 / 39

Strategic Risk Management: Improving Your Organization’s Chances for Success

Strategic Risk Management: Improving Your Organization’s Chances for Success. RIMS Conference 2012 Philadelphia. Two perspectives: IBM Paychex. Strategic Risk Management Defined (RIMS).

dannon
Download Presentation

Strategic Risk Management: Improving Your Organization’s Chances for Success

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Strategic Risk Management: Improving Your Organization’s Chances for Success RIMS Conference 2012 Philadelphia Two perspectives: IBM Paychex

  2. Strategic Risk Management Defined (RIMS) Enterprise Risk Management(“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Strategic Risk Management (“SRM”) is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution.

  3. Today’s Panel Stuart Horn Director, Enterprise Risk Management IBM Armonk, New York Stuart is Director of Enterprise Risk Management at IBM, in the role since 2008. The ERM program has a global scope over all IBM business lines and internal operations, which reaches 170 countries, over $100B of revenue, and 400K employees. During his 27 years at IBM, Stuart has had experience in application development, IT services delivery, consulting, and business process services interacting and overseeing working operations centers globally. This background provides him the institutional knowledge to implement, align, and customize ERM for IBM's context. Frank Fiorille Director of Risk Management Paychex, Inc. Rochester, NY Frank is the Director of Enterprise Risk Management at Paychex, a leading provider of payroll, human resource, and benefits outsourcing solutions for small- to medium-sized businesses. The company has more than 100 offices and serves approximately 564,000 payroll clients and 12 million employees nationwide. Fiorille has over 20 years experience in risk management and credit and joined Paychex in 2002 to lead the company’s initiative to build an enterprise wide risk apparatus. John Phelps Director, Business Risk Solutions Florida Blue Jacksonville, Fl. Moderator

  4. Company Profile • Revenue: $107B • Operating Net Income: $16.3B • Workforce: 433K • Countries: 170 Countries • Acquisitions: 130 Companies since 2000 • Capital Expenditures: $50B over past 12 years

  5. IBM’s ERM mission is about enhancing the odds of success Take advantage of the scale and scope of IBM’s globally integrated enterprise to improve performance through enhanced identification and management of enterprise risks. IBM’s ERM Mission Statement IBM’s ERM Mission ERM is an approach to identify, assess and address risk in the Formulation of the Strategy of an Enterprise ERM is an approach to identify, assess and address risk in the Execution of the decided Strategy of an Enterprise ERM is an approach to identify, assess and address risk in the Operations of an Enterprise Doing business in new places and new ways while providing new solutions presents new risks we may be unfamiliar with

  6. Sales & Distribution (S&D) Opportunity to Order Global Technology Services (GTS) Order to Cash Software Group (SWG) Major Markets - North America - Europe - Japan Sales Incentives Systems & Technology Group (STG) HW Product Mgmt Transformation Service Labor Mgmt Transformation Global Business Services (GBS) HR Mkting & Comms Finance Legal Sales Ops Supply Chain RESO IT Risk management is centered in the Business Units, where risk is taken for commercial gain Business Units - Senior Vice Presidents IBM Organization At a Glance Geographies Business Units Processes & Functions • Lead and Own strategic and operational risk management • Set the tone to take and manage risks across the business for commercial gain ERM Steering Committee ERM Executive Council • Oversee program • Effectiveness of risk mgmt • Cross enterprise collaboration Growth Markets

  7. ERM reports to CFO, but takes an enterprise-wide view of strategic and operational risks CEO CFO General Counsel Strategy BU CFO Chief Trust & Compliance Officer CFO, S&D General Auditor Tax Treasury Corporate Development CFO, STG Chief Risk Officer Controller CFO, SWG Enterprise Risk Mgmt Financial Risk Assess Pension Fund Risk & Insurance Management Corporate Business Controls CFO, GBS • Enterprise Risk Mgmt Department (3 Headcount): • Supports the ERM Steering Committee and Executive Councils in assisting the business in identifying and managing enterprise level risks • Sets standards for ERM assessment & reporting • Integrates risk with strategy & execution • Institutionalizes ERM knowledge CFO, GTS

  8. Setting the context for ERM is important and unique to each company Recognizing emerging risks provides value by driving business change • Exiting Businesses • Setting Strategic Direction • Acquisitions Shifting market mix to enable growth • BRIC country revenue up 16%(constant currency) • Growth Markets are 22% of Geographic Revenue (constant currency)

  9. Risk Management is explicit in Board & Executive responsibilities Proxy Statement General Information – Board of Directors …The Board is responsible for overseeing management in the execution of its responsibilities and for assessing the Company's approach to risk management… … an overall review of risk is inherent in the Board’s consideration of the Company’s long-term strategies and in the transactions and other matters presented to the Board... … the Board's three committees, each of which examines various components of enterprise risk as part of their responsibilities… Executive Compensation Section of the IBM Proxy …motivate our leaders to deliver a high degree of business performance without encouraging excessive risk taking; …emphasis on longer-term financial success and prudent risk management… …our compensation program and policies do not encourage excessive risk taking…

  10. Risk is an integral part of IBM’s Business Leadership Model Anticipate and prepare for managing risk in execution Integrate risk actions into management systems Consider risk in the formulation of strategy

  11. Supplement market insight with external risks, challenge the innovation process, question assumptions, and assess the viability execution Marketplace assumptions, Client priorities, Technology shifts • Marketplace Insight • External risks • Migration of client value risks • Competitive risks • Innovation Focus • Identify & cover discontinuities • New risk take-over offerings • Execution • Capabilities required to effectively manage the risks inherent in the business design Business Design Alternatives

  12. Corporate strategy and growth priorities guide the business unit strategies & execution Strategy cycle emphasizes risks associated with enterprise initiatives and achieving growth • Consider new risks which may emerge in the pursuit of growth strategies • Identify other key risks that could be obstacles to achieving unit’s objectives • Cross-business unit interdependencies Strategy Cycle Execution Cycle Execution cycle emphasizes risks associated with execution of strategy • Risk associated with the execution of strategies, actions to manage them, and metrics for measuring the effectiveness of the actions • Provide discrete allocation of funds or resources (as appropriate) • Cross-business unit interdependencies

  13. Scenario-based analysis to test and improve flexibility and resiliency Scenarios where the company exceeds or misses performance objectives Consider external risk factors, business context, and unit interdependencies Identify upside opportunities where we can help clients address the risk

  14. Summary • Inform strategy with consideration of risk • Understand the risks the company can and should take on and how to be appropriately compensated for taking on those risks • Prepare to manage risk in the execution of strategies • Identify additional actions to take to improve the chances of success • Manage risk in ongoing operations • Are there process changes or standards that should be set or augmented or are there opportunities to collaborate on best practices to increase uniformity • Provide value • Keep line of sight to the elephants and gorillas in the room • Enhance strategy effectiveness by engaging cross-enterprise to address interdependencies and take advantage of scale • Transparency of risks and effective management enables greater appetite and tolerance in pursuit of commercial gain

  15. Paychex Profile • Provider of comprehensive payroll, human resource, and benefits outsourcing solutions for small to medium sized businesses • Approximately 564,000 clients • More than 100 offices nationwide

  16. Board & Executive Engagement Paychex 2011 Annual Report Company Strategy “We are focused on achieving strong, long-term financial performance by…” Paychex 2011 Form 10-K Item 1A. Risk Factors “Our future results of operations are subject to a number of risks and uncertainties.  These risks and uncertainties could cause actual results to differ materially from historical and current results and from our projections…” Corporate Governance “…lead the Board, particularly as it focuses on strategic risks and opportunities facing the Company.” Risk Oversight “One of the functions of the Board is oversight of risks inherent in the operation of the Company’s business.  The Board fulfills this function through reports from officers for oversight of particular risks within the Company, through legal review of the Company’s strategic plan, and through delegation of certain risk oversight functions…” Paychex 2011 Proxy Statement

  17. Strategic Risk Management • A comprehensive process to identify, evaluate and manage strategic risks to reduce uncertainty AND maximize opportunities • Guiding Principles of SRM: • Primary component of an organization’s ERM process • Ultimate goal is protecting and enhancing shareholder value • Effected by boards of directors, executive management and others • A strategic approach to risk and managing uncertainty is necessary to achieve company objectives • Continuous process Related Impacts Interdependencies Corporate Tolerance Risk/Opportunity Adapt/Improve Risk Profile Informed Decisions Identify Align to Corporate Objectives Assess Analyze Mitigate/Control Monitor/Report Frequency & Severity Retain/Finance Or Transfer

  18. Establishing Context STAKEHOLDER EXPECTATIONS  Setting strategy, objectives, tone, policies, risk appetite and accountabilities; monitoring performance. ENABLING CULTURE, EMERGING STANDARDS PROCESS & TECHNOLOGY & NEW REQUIREMENTS Identifying and assessing risks that may affect the ability to achieve objectives; determining risk response strategies and control activities. Operating in accordance with objectives; ensuring adherence to laws and regulations, internal policies and procedures, and stakeholder commitments. ETHICAL CULTURE Extended Enterprise & Value Chain 

  19. Strategic Risk Management Process New Strategy & Risks Long term growth in shareholder value Maximizing return on capital Business Planning & Strategy Risk Strategy Capital Management, Business Performance Monitoring Risk Identification & Assessment Market, product, customer, operational strategy Regulatory Capital Calculation Economic Capital Allocation New ventures, risk/capital impact Corporate governance Risk Framework, Control & Monitoring Maximizing operational cost effectiveness Optimizing volume and profitability Operational & Change Mgmt (Systems, Processes, People) Projects (Objectives, Resources, Risk, Capital) 10

  20. Why Integrate ERM with Strategy? “Paychex, like most firms, makes money and creates value by taking intelligent risks and loses money or gets in trouble by failing to manage risk effectively.” Classic Risks Creative Risks “You’ve got to ante up to get into the game or stay in business.” “The strategic bets that we place during our poker game or try new things.” 22

  21. Paychex Strategic Process External Pressures Shareholder Expectations Regulators Rating Agencies Stakeholders Board of Directors Internal Forces “Enabling Activities” Political Cultural Objectives Strategy Appetite Tolerance Ethics Guidance Information Risk ERM Process Opportunity Protect and Enhance Shareholder Value

  22. Paychex Profile • Provider of comprehensive payroll, human resource, and benefits outsourcing solutions for small to medium sized businesses • Approximately 564,000 clients • More than 100 offices nationwide

  23. Board & Executive Engagement Paychex 2011 Annual Report Company Strategy “We are focused on achieving strong, long-term financial performance by…” Paychex 2011 Form 10-K Item 1A. Risk Factors “Our future results of operations are subject to a number of risks and uncertainties.  These risks and uncertainties could cause actual results to differ materially from historical and current results and from our projections…” Corporate Governance “…lead the Board, particularly as it focuses on strategic risks and opportunities facing the Company.” Risk Oversight “One of the functions of the Board is oversight of risks inherent in the operation of the Company’s business.  The Board fulfills this function through reports from officers for oversight of particular risks within the Company, through legal review of the Company’s strategic plan, and through delegation of certain risk oversight functions…” Paychex 2011 Proxy Statement

  24. Strategic Risk Management • A comprehensive process to identify, evaluate and manage strategic risks to reduce uncertainty AND maximize opportunities • Guiding Principles of SRM: • Primary component of an organization’s ERM process • Ultimate goal is protecting and enhancing shareholder value • Effected by boards of directors, executive management and others • A strategic approach to risk and managing uncertainty is necessary to achieve company objectives • Continuous process Related Impacts Interdependencies Corporate Tolerance Risk/Opportunity Adapt/Improve Risk Profile Informed Decisions Identify Align to Corporate Objectives Assess Analyze Mitigate/Control Monitor/Report Frequency & Severity Retain/Finance Or Transfer

  25. Establishing Context STAKEHOLDER EXPECTATIONS  Setting strategy, objectives, tone, policies, risk appetite and accountabilities; monitoring performance. ENABLING CULTURE, EMERGING STANDARDS PROCESS & TECHNOLOGY & NEW REQUIREMENTS Identifying and assessing risks that may affect the ability to achieve objectives; determining risk response strategies and control activities. Operating in accordance with objectives; ensuring adherence to laws and regulations, internal policies and procedures, and stakeholder commitments. ETHICAL CULTURE Extended Enterprise & Value Chain 

  26. Strategic Risk Management Process New Strategy & Risks Long term growth in shareholder value Maximizing return on capital Business Planning & Strategy Risk Strategy Capital Management, Business Performance Monitoring Risk Identification & Assessment Market, product, customer, operational strategy Regulatory Capital Calculation Economic Capital Allocation New ventures, risk/capital impact Corporate governance Risk Framework, Control & Monitoring Maximizing operational cost effectiveness Optimizing volume and profitability Operational & Change Mgmt (Systems, Processes, People) Projects (Objectives, Resources, Risk, Capital) 10

  27. Why Integrate ERM with Strategy? “Paychex, like most firms, makes money and creates value by taking intelligent risks and loses money or gets in trouble by failing to manage risk effectively.” Classic Risks Creative Risks “You’ve got to ante up to get into the game or stay in business.” “The strategic bets that we place during our poker game or try new things.” 29

  28. Paychex Strategic Process External Pressures Shareholder Expectations Regulators Rating Agencies Stakeholders Board of Directors Internal Forces “Enabling Activities” Political Cultural Objectives Strategy Appetite Tolerance Ethics Guidance Information Risk ERM Process Opportunity Protect and Enhance Shareholder Value

  29. The Paychex ERM Framework Paychex ERM Framework Culture: Enabling Activities: “Become a part of the company’s DNA” Mission: Protect and enhance shareholder value • Integration • Operational processes • Strategic planning • Quality process • Competency models • Product development • Capital projects • Performance management • Infrastructure • Vision/Goals • Governance • Oversight structure • Common language • Policies • Technology • Tools • Techniques • Tolerance/appetite • Monte Carlo simulation Process Identify Risks & Opportunities   Monitor & Report Results Assess Risks & Opportunities Business goals, objectives and strategies   Integrate Results Develop Action Plans Implement Strategy   31

  30. Environmental Scan

  31. Identify & Assess Risk Internal Fraud Failed Processes Interactive Risk Assessments Identifying the effectiveness of processes and controls via interactive participation with subject matter experts. Step 1: Pre-work: Step 2: Workshop 5 Assurance of preparedness Enhance risk mitigation Reporting / Mitigation Identification Scoring 2 4 9 Human Error Vendor Failure Failed Systems 7 Impact Operating Risk • Business unit identifies risks associated with operational errors. • Voting technology is utilized to score/rank the risks 15 Impact 3 3 Step 3: Mitigation Step 4: Results Redeploy resources Measure for cumulative impact 5 6 8 1 4 10 12 14 13 2 11 • Top-ranked risks are identified and reviewed to assess counter-measures • Key risks are identified and better understood creating awareness and accountability 1 3 Likelihood 2 5 4 Vulnerability

  32. Residual Risk Inherent Risk • Risk Velocity • Slow • Average • Fast Dimensioning Risk Inherent Risk = Impact x Likelihood Residual Risk = Inherent Risk x Uncontrolled Management Effectiveness High High Critical Under-controlled Risk 1 Risk 1 Risk 2 Risk 2 Risk 7 Risk 3 Risk 3 Risk 4 Risk 4 Risk 8 Risk 5 Risk 5 Impact Risk 6 Inherent Risk Risk 6 Risk 9 Risk 10 Risk 7 Risk 8 Risk 9 Risk 10 Nominal Over-controlled Low High Low High Likelihood Management Control Effectiveness Methodology– Top enterprise level risks are dimensioned using a proprietary 10 factor probability risk scoring formula. Risk velocity is incorporated and weighted in the calculation of inherent and residual risk to represent how quickly the onset of each risk measured translates to impact. 34

  33. Risk Scenario Planning “The present moment used to be the unimaginable future” Possible - “might” happen (future knowledge) Plausible - “could” happen (current knowledge) Probable - “likely to” happen (current trends) Preferable - “want to” happen (value judgements) Ranges of Usefulness U Uncertainty F S H Predictability Forecasting Scenario Planning “Hoping” time Distance into the future

  34. Key Risks Detail 1. Credit/ACH Regulatory Compliance 2. 1. 2. Risk Description Risk of financial loss due to client defaults, dependencies on banking partner lines of credit, NACHA rules/regulations, unsecured credit and reliance on ACH as vehicle for collection and recovery Risk Description Maintaining compliance for all products and services with applicable federal, state and local statutes, laws and regulations; ensuring timeliness and accuracy of regulatory change on Paychex platforms • Primary Organization Owner(s) - Risk Management • Risk Type -(K) Known Primary Indicators Bad debt write-offs, National Economic Indicators, ACH return activity, regional/industry factors, credit agency reporting CEI/DSO indicators Mitigation Strategies • Branch and client transaction thresholds • Credit bureau monitoring; consumer and commercial credit review • Credit policies, including secured funding and security deposits • Monitoring for credit deterioration, industry/economic data and bankruptcy • Allowance for doubtful accounts (reserve) • Fraud industry coalition • Trending -Small businesses continue to hold course even though threat of a double-dip recession is starting to look more plausible. Access to credit continues to be elusive for many struggling businesses as evident by the SBA adding “extra support” to lenders to boost loan approvals; however, SBA-backed loans make up only a small portion of over all business loans market. Balance sheets have improved as businesses continue to deleverage due to caution about the future economic outlook and legislative landscape. • Results- While soft credit risk exposure has nearly doubled over the past several years to over $266 billion dollars, credit losses are down 82% from approximately $11 million to just $2.0 million last year. • Primary Organization Owner(s) – Risk Management • Risk Type - U1 (Unknown) • Primary Indicators • Regulatory activity, laws enacted, warranties/penalties, lawsuits, enforcement activity, regulatory inquiries • Mitigation Strategies • Monitoring enforcement trends, relevant publications and industry news • Strong regulatory agency relationships • Active participation in Payroll Consortium • Ongoing review and audit of compliance • Increased training for applicable personnel • Change management control process • Trending - Increasing pre-election pressures on the administration and Congress around lingering economic weakness and the debt ceiling may result in ad-hoc measures requiring compressed implementation timeframes. Debt ceiling legislation does not include a payroll tax reduction, but a push for an extension of the current employee payroll tax reduction through 2012. The Obama jobs proposal contains aspects which, if enacted, could present operational and systemic challenges, with a reduced implementation period. • Results- Despite the extraordinary environment of accelerated legislative changes under the Obama administration heightened by the recent recession, Paychex has been able to execute required changes with minimal to no adverse impact. 36

  35. ERM Dashboards Providing the Board and senior management with greater risk transparency Compliance with risk policies and regulations • Exposures vs. policy limits • Regulatory compliance Earnings-at-risk • Major internal drivers • Key external variables Risk/return performance tracking • Business units • Customer segments • Products Real time risk reporting • One touch visibility • Drill down capabilities • 24x7 escalation • Early warning signals

  36. Value Preservation to Value Creation The discipline of risk management has evolved from strictly a value preservation-based focus to a balanced focus between protecting assets and creating or enhancing value. • Target Models (3B); Lifetime Value Models • Churn Models; Discount Engine Models • Upsell Models; Sales Territory Models • Model Risk • $100M Revenue Over Past 5 Years • EGTRRA Restatement • PBS, HRO, 401(k) Service Fees • Entrepreneurial • Risk • Public Relations & Marketing Initiatives • Industry Coalitions • Client/CPA Webinars • Regulatory • Compliance Risk Risk Management A flexible and dynamic risk management discipline is uniquely positioned to quickly adapt to change and identify opportunistic risk to create new streams of revenue and increase value • EDI Program • RCX Stale Date Fees • Taxpay Premium Processing Fee • Credit Risk • Federal Deposit Frequency Program • Client Penalty Abatement Service • IRS/Paychex Partnerships • Operating • Risk • Future/White • Space

  37. Questions?

More Related