a top down bottom up strategic approach to erm n.
Skip this Video
Loading SlideShow in 5 Seconds..
A Top Down & Bottom Up Strategic Approach to ERM PowerPoint Presentation
Download Presentation
A Top Down & Bottom Up Strategic Approach to ERM

Loading in 2 Seconds...

play fullscreen
1 / 30

A Top Down & Bottom Up Strategic Approach to ERM - PowerPoint PPT Presentation

  • Uploaded on

A Top Down & Bottom Up Strategic Approach to ERM. Marcus Evans 5 th Annual ERM Conference. Jennifer McCallister March 20, 2012. Speaker Overview. Kentucky native

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

A Top Down & Bottom Up Strategic Approach to ERM

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a top down bottom up strategic approach to erm

A Top Down & Bottom UpStrategic Approach to ERM

Marcus Evans 5th Annual ERM Conference

Jennifer McCallister

March 20, 2012

speaker overview
Speaker Overview
  • Kentucky native
  • Over 12 years of business experience spanning multiple functions including sales support, operations, finance, compensation, and internal auditing
  • Over nine years of health care industry knowledge and experience
  • Subject matter expert on risk identification, risk assessment and mitigation, and process maturity to leaders across the organization
  • Bachelor of Science degree in Business Administration from the University of Louisville
  • Master of Business Administration degree from Sullivan University
  • Certification in Risk Management Assurance (CRMA) through the Institute of Internal Auditors
humana company overview
Humana- Company Overview

Humana is a leading health care company that offers a wide range of insurance products and health and wellness services that incorporate an integrated approach to lifelong well-being.

  • Headquartered in Louisville, Kentucky
  • One of the nation’s largest publicly traded health and supplemental benefits companies
  • Ranked 79th on Fortune’s list of largest corporations
  • 2011 revenues of approximately $36.8 billion
  • Approximately 12 million medical members, 7.9 million specialty members
  • Operates several hundred health centers and worksite clinics nationwide

Internal Audit Consulting Group

  • 70+ Associates, with all backgrounds and specialties
  • Strategic, Financial, Operational and Compliance Reviews
  • ERM Program, PMM, GRC system & facilitate the Operating Committee
  • Alumni throughout the enterprise
session agenda
Session Agenda
  • ERM Program Benefits & Deliverables
  • Current Program Overview
      • Program Overview
      • Risk Framework
      • Program Cadence
      • Top Down Approach
      • Bottom Up Approach
  • Maturing the Program
      • Quantification & Sensitivity Analysis
      • Education to the Masses- Risk 101
      • Embed Risk Ambassadors
program benefits deliverables1
Program Benefits & Deliverables

Final Deliverable: Report with risks identified by the business, analysis of risks, and mitigation strategies to optimize the risks.

what is enterprise risk management erm
What is Enterprise Risk Management (ERM)?
  • Process applied in strategy setting across the organization
  • Designed to identify potential risks and manage those risks within the organization’s risk appetite
  • Considers threats, opportunities, and uncertainties that may impact the organizations strategic and financial objectives
  • Guides leaders in decision making regarding appropriate mitigation strategies toward all risks – as opposed to those that are obvious /pressing at the time
overview of humana s risk assessment program
Overview of Humana’s Risk Assessment Program

Annual Strategy Sessions

Annual Audit Planning

Risks Identified by ERMC





Risks Identified by the Business

Risks Identified by Internal Audit







Functional Area



Executive & Operating Committee Risk & Strategy Discussions




a top down bottom up approach to erm
A Top Down/Bottom Up Approach to ERM
  • Oversight by the Audit Committee of the Board which by its own charter and NYSE rules is accountable for discussing Humana policies with respect to risk assessment and risk management
  • Full Board reviews risk factors in connection with annual Form 10-K filing
  • Enterprise Risk Management Committee was initiated by the Chief Executive Officer and members include senior leadership
  • Structured Risk Discussions with Functional & Segment Leaders are held to synchronize Risk Tolerance; identify most significant risks for discussion with ERMC and complements annual strategic initiative process
  • Process Facilitated by Internal Audit which utilizes Internal Audit’s independent and objective business and risk knowledge; complements audit’s engagement planning process and Audit Committee expectations

Top Down

Bottom Up

Understanding the risk factors leads to making the right decisions.

enterprise risk report out elements
Enterprise Risk Report Out Elements

Risk Definition:

Risk Appetite Objectives:

Risk Owner:

Are current mitigation efforts adequate to manage the risks within the risk appetite? Yes/No?

Risk Velocity:High/Moderate/Low

Risk Optimization Target: 1/2/3/4/5

  • Related Initiatives/Ground Taken

Internal Audit Validation/Opinion

risk optimization options
Risk Optimization Options

Risk Optimization: The determination of the appropriate level of mitigation and monitoring necessary to manage the risk within the risk appetite of the organization.

UnmanagedAwareness of the risk is absent or the risk is not being addressed.

Ad HocMitigation of the risk is sporadic and not tied to a shared risk appetite.

Qualitative Validation

Management of the risk is underway and tied to a shared risk appetite vision. Validation of mitigation efforts by independent party.

Quantitative Validation

Data is available and used to explain the risk appetite which has been reviewed with senior management and the Board.

Best Practice

The risk appetite is quantitatively developed and includes a scenario and sensitivity analysis.

risk velocity options
Risk Velocity Options

Risk Velocity

How quickly a risk can create a material loss or missed opportunity.

  • High Risk Velocity
    • The risk can materially impact the organization within a matter of hours or days in such a manner as management has little time or ability to react to the risk in the absence of preplanned, deliberate mitigation efforts. There is limited ability to see the event before its impact is felt.
  • Moderate Risk Velocity
    • The risk can be identified before its impact is felt, but mitigation efforts generally must be already underway and understood in order to limit the impact of the risk.
  • Low Risk Velocity
    • While the risk may have a material impact to the organization, the development of the risk event materializes over time allowing for contingency plans and actions to be put into place after the risk event is understood.
bottom up approach
Bottom Up Approach




Performed at the business process, segment, or product level

erm workshop phases1
ERM Workshop Phases
  • Phase 1: Leader Introduction & Buy-In
  • Support from the top is essential to the success of ERM workshops
  • VP level discussion to obtain buy-in
erm workshop phases2
ERM Workshop Phases
  • Phase 2: Leader Risk Discussion
  • VP’s perspective on risks impacting the specific business area or segment
  • Understand the business segment’s strategy and objectives and brainstorm major risks
erm workshop phases3
ERM Workshop Phases
  • Phase 3: Education & Survey
  • Educational materials are used to introduce key concepts
  • Risk survey distributed to solicit input from Segment Management on risk & culture
erm workshop phases4
ERM Workshop Phases
  • Phase 4: Workshop
  • Confirm risk statements
  • Vote on Impact/How Well Managed
  • Prioritize Risks
workshop ranking and prioritization
Workshop Ranking and Prioritization
  • Rating Voting
  • Participants rate each risk statement on two dimensions:
    • How impactful is the risk
    • How well do we currently manage the risk
  • Once complete, all risks will be plotted on a heat map
  • Ranking Voting
  • Participants are presented with two risk statements and are asked to choose which the greater risk is
  • At the end of the exercise, a list of prioritized risks will be generated
risk ranking prioritization impact factors
Risk Ranking & Prioritization Impact Factors



risk ranking prioritization mitigation consideration
Risk Ranking & Prioritization Mitigation Consideration



erm workshop phases5
ERM Workshop Phases
  • Phase 5: Final Deliverable
  • Report to the business leaders outlining the identified risks
  • Prioritized risks are plotted on a heat map to visually display voting results
  • Mitigation activities are outlined for each of the risks identified
workshop trending
Workshop Trending

Insert form number via Header and Footer option or delete, if not needed

quantitative analysis
Quantitative Analysis
  • Core Value Drivers
  • Risks to the Value Drivers
  • Sensitivity of those Risks
    • Quantitative values may be applied to risks when using qualitative analysis. (Impact & Probability)
    • Numerical techniques for decision analysis are used for a more mature quantitative analysis approach. These techniques include Monte Carlo analysis, PERT, computer simulations, sensitivity analysis
  • Care should always be taken as a good quantitative technique with bad data is worse than not using the technique at all.
  • Elaborate statistical models and simulations can impress people into making the wrong decision based on excellent analysis of bad data.
  • Consideration of the cost of applying the technique and collecting the data can sometimes be more than the cost of the risks the technique helps to quantify

Risk 101

  • Risk 101 training - understand what “risk” is – and why everyone needs to have it, how to identify risks in a variety of ways, and most important, how to effectively manage risk
  • Embedded Ambassadors – “tone at the top” as well as ambassadors of benefits received at the process level (education to process owners)
  • Annual Ethics Training – basic education on ERM is communicated across the enterprise
  • Risk is Everyone’s Responsibility!
questions and contact info
Questions and Contact Info.

Jennifer McCallister, MBA, CRMA

Consulting Leader| Internal Audit Consulting Group


101 S. 5th St., Ste. 900 | Louisville, KY, 40202

T 502.580.4234

F 502.508.4234