1 / 47

Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia

Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia. October 16, 1997. Agenda. “Know yourself” - a starting point for Enterprise Risk Management A model for Enterprise Risk Management Four focal points of Enterprise Risk Management

heatherr
Download Presentation

Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Risk ManagementPresented to The Audit Directors RoundtableAtlanta, Georgia October 16, 1997

  2. Agenda • “Know yourself” - a starting point for Enterprise Risk Management • A model for Enterprise Risk Management • Four focal points of Enterprise Risk Management • The Unconscious Conspiracy • Sustainable Enterprise Risk Management

  3. Unprotected Transitional “Go ahead.....” Know yourself - three kinds of risk environment Processes, systems not in place Cultural attitudes not supportive Basics not strong Typical of: Start-ups, JV’s, different cultures, speed to market. Challenges: Lack of capability; where to start. Financial control processes moderate History of problems, surprises Rapid change, rapid growth situations Challenges: High stress, over-stretched, resource constrained; Fire-fighting Well established systems, common processes Pockets of slackness, many areas for improvement Basics well in place Challenges: Operational, strategic; Unconscious Conspiracy

  4. Risk EnvironmentOF #1 • How would you describe your current risk environment? • Unprotected • Transitional • Go Ahead

  5. Risk Readiness Ten indicators of ability to anticipate and manage risk: (COSO, CoCO, etc.) • Objectives and risks • Policies and parameters • Values and ethics • Responsibility and accountability • Trust and communication • Skills and tools • Systems and discipline • Scanning and questioning • Monitoring and follow-up • Assessment and reporting

  6. Overall Risk ReadinessOF #2 • How would you describe your organization’s overall risk readiness? • Very ready • Ready • Fairly ready • Somewhat ready • Very unready

  7. The Enterprise Risk Model • What are you trying to accomplish? • What gets in your way? • What are you doing to manage this? • Where do you feel the most exposed?

  8. n R - C = E (O) Enterprise Risk Model Set Expectations Assess Performance against expectations Identify Risks Business Strategies & Objectives Monitor Risk Environment Risk Management Measure / Assess Risk & Control Assess & Mitigate Exposure

  9. Set Expectations Assess Performance against expectations Identify Risks Business Strategies & Objectives Monitor Risk Environment Risk Management Measure / Assess Risk & Control Assess & Mitigate Exposure Enterprise Risk Model • Financing • Risk Management • Significance • Uncertainty • Avoidance • Risk • Capital • Identification • Monitoring • Measurement • Exposure • Control • Mitigation • Transfer

  10. Set Expectations Assess Performance against expectations Identify Risks Business Strategies & Objectives Monitor Risk Environment Risk Management Measure / Assess Risk & Control Assess & Mitigate Exposure Enterprise Risk Model • Financing - Economic resources available for use in pursuing objectives and risk management activities • Risk Management - The business process of managing uncertainty and significance of risk to an acceptable level of exposure • Significance - Importance and magnitude of meaning, influence or effect • Uncertainty - The level of the unknown regarding a future outcome • Avoidance - Declining an opportunity because expectation does not justify the risk involved • Risk - Anything of variable uncertainty and significance that interferes with achievement of objectives • Capital - Financial resources that support objectives and that enable survival under adverse outcomes • Identification - Recognizing or establishing objectives, risks or exposures as being of a particular type or origin • Monitoring - The process of continuous identification and measurement • Measurement - Assessing the likelihood and significance of risks, exposures and related objectives • Exposure - Susceptibility of objectives to risk remaining after control and mitigation activities • Control - Action to correct or reduce uncertainty to an acceptable level • Mitigation - Action to correct or reduce significance of risks and outcomes to an acceptable level (such as through diversification, financing, transfer, etc.) • Transfer - Sharing a portion of risk and potential reward with another party

  11. R (O) Enterprise Risk Model - Risk Risk (a) Risk is a function of Business Objectives (b) Risk is lost Opportunity • Risk - Anything of variable certainty and impact that interferes with achievement of objectives

  12. n C Enterprise Risk Model - Control & Mitigate Control & Mitigate Retain & Manage/Mitigate Risk Mitigate - (Detect & Correct) Hedge Risk, diversify, finance Self Insure Avoid Risk Control (Prevent) to reduce likelihood Re-engineer to avoid risk Change objectives (opportunity) Transfer Risk to others Purchase insurance • Control - Action to correct or reduce certainty to an acceptable level • Mitigation - Action to correct or reduce significance of risks and outcomes to an acceptable level (such as through diversification, financing, transfer, etc.)

  13. Enterprise Risk Model - Exposure Exposure Function of the Certainty of Risk Occurrence, & Significanceof Risk, if it occurred Measured on a spectrum of acceptable ----- unacceptable E • Exposure - Susceptibility of objectives to risk remaining after control and mitigation activities

  14. Risk Exposure VH Unacceptable M Significance Caution Acceptable VL M VH Certainty

  15. Current Risk Assessment ProcessOF # 3 • How would you describe your satisfaction with your current enterprise risk management process? • Setting expectations • Identifying risks • Measuring and assessing risks • Assessing and mitigating exposure • Monitoring risk environment and risk management • Assessing performance against expectations

  16. Focal points for Enterprise Risk Management Basics Examples: Financial processes (purchasing, payments, accounting) Typical Risk Classes: Information, Methods, Technology, Ethics Examples: Structure (accountability, responsibility); Tone: trust, motivation, ethics, enablement Typical Risk Classes: People, Organizational, Environment Behavior Examples: Production, sales, distribution, design, engineering, human resources, service Typical Risk Classes: Operational; Methods, Materials & equipment; Interest, Liquidity, Concentration, Market, Environment Business Examples: Unconscious Conspiracy issues - sales practices; product liability; Challenger; transportation disasters Typical Risk Classes: Ethics, Environment, Organization Burning

  17. Unprotected Transitional “Go ahead.....” Supporting different starting points.. ? ? ? Basics ? ? ? Behavior ? ? ? Business ? ? ? Burning Build It Fix It Demonstrate It

  18. Focal Point for Risk ManagementOF #4 • What is your organization’s focal point for risk management at this time? 1. Basics 2. Behavior 3. Business 4. Burning 5. Any combination or all of the above

  19. Basics The value of Enterprise Risk Management Reduce fraud, Minimize error, Increase efficiency & effectiveness

  20. Risk Management Focus - Basics Objective: Integrity of assets, transactions, reporting Risk Classes: Methods & systems; Facilities; People; Information; Environment; Technology Control Procedural Risk Frameworks (globally established); Guidance materials; Policy infrastructure (Corporate, accounting); Established through training; Customized for “hostility” of local environment Assessed by audit, or self assessed; Metrics from benchmarking, compliance Risk Consequences: Fraud, error, inefficiency; ineffectiveness Basics

  21. Four focal points Common Cultural Specific Core Basics Behavior Business Burning Capability issues: - what, how, where Policies, procedures, processes; Reengineering, Business process redesign; Quality improvement processes; Benchmarking; best practices; Handbooks; Training; Surveys, questionnaires, audits

  22. Basics The value of Enterprise Risk Management Reduce fraud, Minimize error, Increase efficiency & effectiveness Behavior Reduce fraud& error; Increase efficiency & effectiveness; Engage & enthuse; Minimize penalty

  23. Risk Management Focus - Behavior Objective: Standards of ethics, trust, integrity, openness of communication, learning, responsiveness ....... Risk Classes: People; Environment; Control Ethics policy infrastructure; Tone at the top; attention to detail Culture creation / development processes Customized for “hostility” of local environment Assessed by culture profiles; Metrics from benchmarking - internal & external Risk Consequences: Fraud, Ineffectiveness, Loss of key people Regulatory penalty, Loss of reputation, ....... Behavior

  24. Four focal points Common Cultural Specific Core Basics Behavior Business Burning Commitment issues - why, whether Structural issues - accountability, responsibility, authority Leadership issues Cultural issues - trust, motivation Workshops, conferences, workgroups, surveys,

  25. Basics The value of Enterprise Risk Management Reduce fraud, Minimize error, Increase efficiency & effectiveness Behavior Reduce fraud& error; Increase efficiency & effectiveness; Engage & enthuse; Minimize penalty Business Avoid or transfer risk Quantify risk uncertainty for specific risks Use capital market techniques to manage certain risks Improve quality / timeliness / price / delivery / technology Reduce costs / downtime / lost productivity Improve relationships with customers / employees / suppliers / regulators / investors / creditors Protect against criminal / civil / regulatory penalties Improve achievement of business objectives

  26. Risk Management Focus - Business Objective: Achievement of business objectives Strategic; Group; division; department; team Risk Classes: Methods & systems; Facilities; People; Information; Environment; Technology; Operations; Market; Credit; Control Business Risk Frameworks (globally established); Impact & likelihood assessments Business risk management assessment Avoid (Prevent, Re-engineer) Retain & manage (Detect, Correct, Hedge..) Transfer (purchase insurance; self-insure) Policy infrastructure; Engagement of key people; Assessed by audit, or management self assessed; Metrics based on business risk Risk Consequences: Failure to achieve business objectives Business

  27. Four focal points Common Cultural Specific Core Basics Behavior Business Burning Objectives / Purpose issues Operational risks; Legal / regulatory; Capital / financial; Strategic Measurement - analysis, hedge, transfer, avoid Assessment - workshop, survey, interview Engage, enable, enthuse

  28. Basics The value of Enterprise Risk Management Reduce fraud, Minimize error, Increase efficiency & effectiveness Behavior Reduce fraud& error; Increase efficiency & effectiveness; Engage & enthuse; Minimize penalty Business Avoid or transfer risk Quantify risk uncertainty for specific risks Use capital market techniques to manage certain risks Improve quality / timeliness / price / delivery / technology Reduce costs / downtime / lost productivity Improve relationships with customers / employees / suppliers / regulators / investors / creditors Protect against criminal / civil / regulatory penalties Improve achievement of business objectives Protect against fundamental risk Burning

  29. Risk Management Focus - Burning Objective: Protection from fundamental risk Achieve quantum leap opportunity Risk Classes: All.... Control Structured format for open dialogue Heightened awareness of unconscious conspiracy Cross-silo workshops, conferences, meetings Knowledge / memory management Governance processes Risk Consequences: Massive fraud, or error; Disaster Loss of competitive position Loss of value Burning

  30. The Unconscious Conspiracy • Disaster events • No single “cause” • Environment, technology, structure, culture, systems, processes, people all play a role • The organization had all the information about the risk - but no one person had it all, or made the connections. • A number of indicators of unconscious conspiracy were available..... in hindsight.

  31. The Unconscious ConspiracyIndicators... • Today’s “Business Imperative” - industry wide • Hot opportunity • High reliance on a few wizards • Dominating objective • Unchallenged assumptions • Dominating individual • .......

  32. Four focal points Common Cultural Specific Core Basics Behavior Business Burning Learning issues - fundamental issues that are stuck at awareness / action stages Accessed by workshops - shared awareness, moving the unconscious conspiracy to conscious awareness and action Issues are normally fundamental, sometimes critical to survival

  33. Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational

  34. Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Avoid Transfer Insurance Risk Management Capital Market Strategies

  35. Avoid Transfer Capital Market Strategies Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Insurance Risk Management Operational Uncertainty (non-quantified)

  36. Avoid Transfer Insurance Risk Management Capital Market Strategies Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Risk & control frameworks & Gap analysis Operational Uncertainty (non-quantified) Systems quality & integrity

  37. Avoid Transfer Insurance Risk Management Capital Market Strategies Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Risk & control Maps & Gap analysis Operational Uncertainty (non-quantified) Systems quality & integrity Culture profiles Control environment change management

  38. Avoid Transfer Insurance Risk Management Capital Market Strategies Integrated Risk Management Burning Basics Behavior Business Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Risk & control frameworks & Gap analysis Operational Uncertainty (non-quantified) Systems quality & integrity Business Risk Management Self-assessment of exposure - leading to Action Risk & Control frameworks Culture profiles Control environment change management

  39. Burning Basics Behavior Business Avoid Transfer Insurance Risk Management Capital Market Strategies Integrated Risk Management Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Risk & control frameworks & Gap analysis Operational Uncertainty (non-quantified) Systems quality & integrity Business Risk Management Self-assessment of exposure - leading to Action Risk & Control frameworks Governance review Facilitated business & strategic risk assessment Diagnostics Culture profiles Control environment change management

  40. Burning Basics Behavior Business Avoid Transfer Insurance Risk Management Capital Market Strategies Integrated Risk Management Policies Procedures Fraud protection Information Systems Governance Accountability Tone Values Ethics Trust Unconscious Conspiracy Strategic Operational Quantify uncertainty Risk & control frameworks & Gap analysis Operational Uncertainty (non-quantified) Systems quality & integrity Business Risk Management Self-assessment of exposure - leading to Action Risk & Control frameworks Governance review Facilitated business & strategic risk assessment Diagnostics Culture profiles Control environment change management Internal Audit based on integrated Risk Framework

  41. Enterprise Risk Management Implementation approaches Cultural Common Specific Core Basics Behavior Business Burning Facilitated workshop Risk Profiles Risk Frameworks Quantitative methods Insurance methods Procedural frameworks Surveys Enterprise risk framework database

  42. What are the major challenges you face in developing an integrated approach risk management?

  43. What do you think needs to be done to manage these challenges?

  44. Sustainable Risk Management aligns People, Objectives, Risks • Builds Employee Involvement • Creates Business Value • Builds a Global Connection • Enhances Teamwork • Anticipates risk

  45. Basics The value of Enterprise Risk Management Reduce fraud, Minimize error, Increase efficiency & effectiveness Behavior Reduce fraud& error; Increase efficiency & effectiveness; Engage & enthuse; Minimize penalty Business Avoid or transfer risk Quantify risk uncertainty for specific risks Use capital market techniques to manage certain risks Improve quality / timeliness / price / delivery / technology Reduce costs / downtime / lost productivity Improve relationships with customers / employees / suppliers / regulators / investors / creditors Protect against criminal / civil / regulatory penalties Improve achievement of business objectives Protect against fundamental risk Burning

  46. Presentation Evaluation

  47. Next Steps • Incorporate group brainstorms and Option Finder exercises into a report of today’s session • Distribute report to all participants • Other?

More Related