1 / 31

UNISA 2006

UNISA 2006. Nicky Downing – CEO Guideline Risk Technologies Africa (Pty) Ltd. Presentation Objectives.

khuong
Download Presentation

UNISA 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNISA 2006 Nicky Downing – CEO Guideline Risk Technologies Africa (Pty) Ltd

  2. Presentation Objectives • This presentation aims to address the key aspects that should be considered in the design of and implementation of a successful Enterprise Risk Management Framework that is workable at all levels of any organisation

  3. What is Enterprise Risk?

  4. Enterprise Risk defined • The risk of loss, through failure of people, processes, systems or the impact or influence of external events including, economic, political, or market related, as a result of activities of the Enterprise, in the course of conducting its business towards the achievement of its goals and objectives.

  5. What is Enterprise Risk Management?

  6. Enterprise Risk Management • Is a central part of any organization’s strategic management. It is the process whereby an organization both methodically and intuitively addresses the risk attached to its activities with the goal of achieving sustained benefits within each activity and across the portfolio of activities.

  7. Enterprise Risk Management • Risk management is recognized as an integral part of sound organizational management and is being promoted internationally and in South Africa as good business practice applicable to the public and private sectors.

  8. Enterprise Risk Management defined • No entity operates in a risk-free environment, and enterprise risk management does not create such an environment. Rather, enterprise risk management enables management to operate more effectively in environments filled with risks. • All organizations can benefit from improved enterprise risk management procedures in meeting objectives related to strategic direction, operations, reporting and compliance. • Enterprise risk management provides management with enhanced capabilities to align risk appetite and strategy, link growth, risk and return, minimize operational surprises and losses, identify and manage cross-enterprise risks and rationalize capital.

  9. Enterprise Risk Management defined • The identification and evaluation of actual and potential risk areas as they pertain to the company as a total entity, evaluated in line with company processes at each level of the organization, connected to the achievement of objectives and strategic goals, followed by the effective management thereof.

  10. ERM Risk Best Practice: • The sometimes conflicting and confusing issues of how to integrate the process of identifying the risk, universally measuring that risk and effectively managing the risk so as to add value to the organization is one of the key inhibiting factors regarding implementation of the ideal ERM framework.

  11. What is an Enterprise Risk Management Framework?

  12. An ERM Framework: • The fundamental premise underlying the Enterprise Risk Management – Integrated Framework is that all entities, whether for-profit or not, exist to realize value for their stakeholders. • The ongoing identification and mitigation of risks, as well as knowing what opportunities to seize, are critical to protecting and growing stakeholder value. • Enterprise risk management supports value creation by enabling management to deal effectively with uncertainty, explicitly consider risk in investment decisions and minimize risks to achieving entity objectives.

  13. ERM Adding value to the Business An Organisation, through Enterprise risk management, should seek to help drive decisions which balance risk and reward, thereby adding value to business. This would involve the following: • Communication of the Enterprise Risk Management Strategy throughout the organization; • Promotion of the management of enterprise risk as part of the group’s culture of risk management; • Identification and classification of Enterprise risk exposures uniformly across the organization;

  14. ERM Adding value to the Business • Evaluation of enterprise risks by means of qualitative and quantitative approaches; • Controlling of enterprise risks through effective internal controls, mitigating techniques, policies and reporting; • Continuous monitoring of new enterprise risk threats in order to be pro-active in developing appropriate mitigating strategies;

  15. ERM Adding value to the Business • Ensuring the minimization of the cost of enterprise risk by determining a realistic risk appetite, effective involvement of third parties (insurance) and the use of the most efficient approach to allocate capital to address risk exposures; and • Effective management of the main components of the enterprise risk model, namely, risk self-assessments, incident/event management and key risk indicators, scenario analysis and ERM information integration.

  16. Success is achieved by… • The group seeking, to help drive decisions which balance risk and reward, thereby adding value to business, through an integrated Enterprise Wide approach to risk management. • This is achieved by implementing the main components of and ERM Model:

  17. The components of an ERM Model • Structured Risk self-assessment • Incident/event Management • Internal Audit Findings Management • Key Risk Indicator Management

  18. The components of an ERM Model • Structured Risk self-assessment – This entails a risk assessment methodology that will enable the users to identify and assess risks and controls as part of their risk management process. This activity will form part of each risk owners normal job description and function.

  19. A Structured Self Risk Assessment Approach

  20. The components of an ERM Model • Incident/event management – The incident/event management component should include a centralized loss/event database for the Group that will enable users to track losses and events, against pre-defined descriptions, as well as to manage these events in terms of preventative action and control measures. • Each event category is linked back to a Primary Risk Classification, identified process, sub-process, task, objectives, and strategic goals. The purpose of the link is to uniformly evaluate risk within each component.

  21. The components of an ERM Model • Internal Audit findings - All findings that require action plans must be linked back to a Primary Risk Classification, process, sub-process, task, objectives and strategic goals. The purpose of the link is to uniformly evaluate risk within each component and provide management with a single view of the entire risk management process and its status within each component in a unified format.

  22. The components of an ERM Model • Key risk indicators – Key risk indicators are quantitative measures intended to provide management with insight on their risk exposure and to determine the effectiveness of risk control measures. • KRI’s can provide management with early warning indicators to serve as a mechanism to pro-actively act to risk exposures. KRI’s must be defined as part of the risk self-assessment process and then verified by the risk management facilitators. • As KRI’s are identified in the self risk assessment process each is linked back to a Primary Risk Classification, process, sub-process, task, objectives and strategic goals. • The purpose of the link is to uniformly evaluate risk within each component. KRI’s are monitored at the source level. This may be within data collected with in the Company ERM system or within a core Company operational database where the data has been automatically detected and transferred to the ERM system.

  23. The Framework in practice would result in the following:….

  24. Procedures/ processes linked to BU objectives and then to Group Objectives and Group strategic business plan Divisions/BU’s ensure individual Goals and Objectives and business strategy aligned to Group Goals and objectives defined Group strategic business Plan You're in business You monitor the specific identified indicators to verify that you are on target in achieving your determined objectives and goals. You record incidents along the way and monitor historic events in your business area to help you stay on your planned route and minimize the possibility of failure in achieving your goal. All risks identified at process level that could prevent achievement of defined objectives and Goals at both BU and Group levels. The organisation at each level is prompted by the supporting software system, providing notification of Key Risk Indicators, to take the necessary mitigating action. Correctly embedded and used, Integrated ERM ensures the achievement of your Objectives and Goals by improving the overall efficiency of the running of your business. Without it……..

  25. Calculated Risk Profile Evaluated byObjective/process/risk category/cause

  26. All components are now in place to perform risk modelling • Loss/event data • Risk assessment data • Scenario analysis • Business unit exposure data • Key Risk Indicator data

  27. Unexpected Losses ERM Risk Modeling Expected Losses Likelihood Catastrophic Impact Risk Appetite Capital Allocation/Funds/Captives/Tiered insurance

  28. Risk Assessment • What can go wrong? (Risk Event) • How often could it happen? (probability) • How bad can it get? (Impact and consequence) Identifying and measuring risk KRI’s defined • What can we measure to indicate that it may be • going wrong? • What did go wrong? • How did it impact on us? • What's the likelihood of it happening again? Incident Event Management Audit (Are we doing what we intended to do, in managing our risk Audit Actions taken to reduce Impact and probability Integrated ERM Control and Management Controlling and managing Risk Actions taken to correct and improve conditions when it goes wrong Real time analysis reporting providing indicators of where action needs to be taken based on current control of risk

  29. Optimized ERM • ‘Best Practice’ Enterprise Wide Risk Management establishes that:- • Processes are in place and are closely aligned with business strategies. • Costs and benefits of Risk Management are defined and are balanced against risks and are communicated and applied across the whole organisation. • An agreed standard framework is in place and applied uniformly by all levels of management. • Management have funded plans to improve the level of Risk Management Maturity of all businesses /business areas.

  30. This sound approach to Enterprise Risk Management not only ensures the achievement of the companies objectives but drives the process towards such achievement, while maintaining regulatory compliance, a safe well managed environment and an embedded culture of risk management by all employees of the organization on a day to day basis.

  31. Thank You • Guideline Risk Technologies Africa (Pty) Ltd • Nicky Downing • nicky@guideline.co.za • www.guidelinerisk.com

More Related