1 / 19

In Today’s Economy…

In Today’s Economy…. Flagg Management Conference March 18, 2009 – 1:50 P.M. Is Business Continuity Morphing Into Risk Management?. Bert Wolff Bwolff@chubb.com. Today’s Agenda. Backdrop on Enterprise Risk Management Risk Management at Chubb

oma
Download Presentation

In Today’s Economy…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In Today’s Economy… Flagg Management Conference March 18, 2009 – 1:50 P.M. Is Business Continuity Morphing Into Risk Management? Bert Wolff Bwolff@chubb.com

  2. Today’s Agenda Backdrop on Enterprise Risk Management Risk Management at Chubb Risk Management at People’s United Bank (Greg Kyrtschenko)

  3. Current Industry Thoughts “Attitudes are changing as companies realize that Risk Management and Business Continuity disciplines should be working together” British Standards Institute - 2008 “There is a disconnect between sound business practice [i.e.. Risk mgt.] and sound business continuity plans” --Continuity Insights - 2009 “Abandon a narrow, 'siloed' approach to risk assessment and management in favor of an overarching risk framework to address the entire enterprise…Gartner – 2008 “…organizations that had formalized ERM (enterprise risk management) practices had higher credit scores than those without a formal ERM” -- RIMS (Risk and Insurance Management Society) Common theme indicates a broader scope

  4. Enterprise Risk Management Defined • Enterprise Risk Management(ERM) is the identification and treatment of risks a business faces. ERM encompasses all aspects of a business with the aim of identifying, managing and minimizing risks.CEO Website • Key Elements of Risk Management • Enterprise wide-scope • A well defined repeatable process for: • Risk identification • Risk assessment • Mitigation control • Risk monitoring • Executive management oversight and accountability

  5. Enterprise Risk ManagementDrivers • Standards (voluntary) • BS 25999 -- A structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analyzing, evaluating, controlling and responding to risk • Reporting Agencies (financial impact) • S&P 2008 -- S&P will enhance their ratings process for nonfinancial companies through an Enterprise Risk Management review (creating a more systematic framework for an inherently subjective topic) • Regulations (mandated) • FFIEC – Risk Management is defined as the process of identifying, assessing and reducing risk to an acceptable level … • Sox 404 -- …current guidelines call for companies to develop internal controls based on risk management considerations - what risks to accept, avoid or transfer before rushing in with protective measures.

  6. Economic Overtones • The economic crisis demonstrates how risk management practices affect the bottom line of a company • Business Continuity practitioners have the chance to demonstrate value to senior management and contribute to the organization’s strategic goals • Risk Management investment has more executive appeal than Business Continuity context in this economic climate • A value proposition may be easier to quantify in Risk Management terms

  7. Risk Management at Chubb Chubb is in the business of Risk Management so it is inherently “baked” into the culture Business Continuity & Corporate Security are both part of the same division Chubb has two key risk oversight groups: Risk & Compliance Corporate Committee Corporate Audit Committee

  8. Risk Management at Chubb-Risk & Compliance Corporate Committee- • This committee drives a management self-assessment process • Specific risks are identified & rated by: • Likelihood • Severity • Control effectiveness • Residual risk • Impact • This information feeds into the Audit Committee process

  9. Risk Management at Chubb-Corporate Audit Committee- • Enterprise risks are identified by the Business Continuity Team and then: • Categorized by activity • Assigned a risk rating • Mitigation or control actions are identified • Plan steps and status is provided • Presentation is then made to the Corporate Audit Committee • Actions are then prioritized and risks are either assumed or funded for mitigation

  10. Risk Management at Chubb-Other Activities World-Wide Incident Tracking (BC Team) Monitor global events Communicate risk information company wide Follow-up and post-action activities that feed back into the risk management process Collaboration with Chubb Personal Insurance – Catastrophe Preparedness & Response Future focus is to further expand the scope and refine the process

  11. Risk Management and the Changing Landscape Greg Kyrytschenko Director Technology Risk Management Access Control and Application Security Services

  12. Greg Kyrytschenko MBA, CISSP Director of Technology Risk Management Access Control and Application Security Services at People's United Bank, a northeastern regional bank.  Lead and manage the bank's Enterprise Identity and Access Control Program which includes the bank's logical access provisioning and entitlement review, role management, and application security.  Also an adjunct faculty member at Sacred Heart University for 3 years where I teach courses in network and computer security best practices and risk management. Hold a BS and MBA from Sacred Heart University in Fairfield, Connecticut Certified Information Systems Security Professional

  13. People’s United Bank Company Background • High Growth Bank: • 5000 + people (employees, contractors, etc) • Announce aggressive acquisition strategy • De-mutualized and other capital initiatives • Investing in infrastructure and talent to scale • Recognized as a current market leader • Challenges: • Regulatory pressure – from state to Federal charter • Back-office efficiencies being planned to achieve economies of growth • Acquisitions and conversions must be compliant, fast, efficient, accurate • Define roles within the organization

  14. Company Business Objectives • Become a Public Company • Controls demanded of public companies • Maintain shareholder value • Conservative lending approach • Plan Growth Through M&A • Quickly integrate acquired companies • Simplify integration using technology • Streamline business processes

  15. Company Business Objectives Continued • Expand Markets • Establish a larger footprint within US • Tap into new business markets • Acquire new financial services • Mange Risk Profile • Maintain favorable risk rating • Enhance security risk • Manage risk to new regulations

  16. Risk Management Approach • Taking the Business View of Risk Management • Measurable Success Factors • Enable Business Velocity • Create transparent compliance

  17. Risk Management Continued • Centralize security administration • Build process automation and streamline processes • Build systemic controls for access control and monitoring

  18. Contact Information Greg Kyrytschenko People’s United Bank 203.338.3450 Greg.Kyrytschenko@peoples.com

  19. Questions ???

More Related