Skip this Video
Download Presentation
UNISA 2006

Loading in 2 Seconds...

play fullscreen
1 / 31

UNISA 2006 - PowerPoint PPT Presentation

  • Uploaded on

UNISA 2006. Nicky Downing – CEO Guideline Risk Technologies Africa (Pty) Ltd. Presentation Objectives.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'UNISA 2006' - khuong

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
UNISA 2006

Nicky Downing – CEO Guideline Risk Technologies Africa (Pty) Ltd

presentation objectives
Presentation Objectives
  • This presentation aims to address the key aspects that should be considered in the design of and implementation of a successful Enterprise Risk Management Framework that is workable at all levels of any organisation
enterprise risk defined
Enterprise Risk defined
  • The risk of loss, through failure of people, processes, systems or the impact or influence of external events including, economic, political, or market related, as a result of activities of the Enterprise, in the course of conducting its business towards the achievement of its goals and objectives.
enterprise risk management
Enterprise Risk Management
  • Is a central part of any organization’s strategic management. It is the process whereby an organization both methodically and intuitively addresses the risk attached to its activities with the goal of achieving sustained benefits within each activity and across the portfolio of activities.
enterprise risk management7
Enterprise Risk Management
  • Risk management is recognized as an integral part of sound organizational management and is being promoted internationally and in South Africa as good business practice applicable to the public and private sectors.
enterprise risk management defined
Enterprise Risk Management defined
  • No entity operates in a risk-free environment, and enterprise risk management does not create such an environment. Rather, enterprise risk management enables management to operate more effectively in environments filled with risks.
  • All organizations can benefit from improved enterprise risk management procedures in meeting objectives related to strategic direction, operations, reporting and compliance.
  • Enterprise risk management provides management with enhanced capabilities to align risk appetite and strategy, link growth, risk and return, minimize operational surprises and losses, identify and manage cross-enterprise risks and rationalize capital.
enterprise risk management defined9
Enterprise Risk Management defined
  • The identification and evaluation of actual and potential risk areas as they pertain to the company as a total entity, evaluated in line with company processes at each level of the organization, connected to the achievement of objectives and strategic goals, followed by the effective management thereof.
erm risk best practice
ERM Risk Best Practice:
  • The sometimes conflicting and confusing issues of how to integrate the process of identifying the risk, universally measuring that risk and effectively managing the risk so as to add value to the organization is one of the key inhibiting factors regarding implementation of the ideal ERM framework.
an erm framework
An ERM Framework:
  • The fundamental premise underlying the Enterprise Risk Management – Integrated Framework is that all entities, whether for-profit or not, exist to realize value for their stakeholders.
  • The ongoing identification and mitigation of risks, as well as knowing what opportunities to seize, are critical to protecting and growing stakeholder value.
  • Enterprise risk management supports value creation by enabling management to deal effectively with uncertainty, explicitly consider risk in investment decisions and minimize risks to achieving entity objectives.
erm adding value to the business
ERM Adding value to the Business

An Organisation, through Enterprise risk management, should seek to help drive decisions which balance risk and reward, thereby adding value to business. This would involve the following:

  • Communication of the Enterprise Risk Management Strategy throughout the organization;
  • Promotion of the management of enterprise risk as part of the group’s culture of risk management;
  • Identification and classification of Enterprise risk exposures uniformly across the organization;
erm adding value to the business14
ERM Adding value to the Business
  • Evaluation of enterprise risks by means of qualitative and quantitative approaches;
  • Controlling of enterprise risks through effective internal controls, mitigating techniques, policies and reporting;
  • Continuous monitoring of new enterprise risk threats in order to be pro-active in developing appropriate mitigating strategies;
erm adding value to the business15
ERM Adding value to the Business
  • Ensuring the minimization of the cost of enterprise risk by determining a realistic risk appetite, effective involvement of third parties (insurance) and the use of the most efficient approach to allocate capital to address risk exposures; and
  • Effective management of the main components of the enterprise risk model, namely, risk self-assessments, incident/event management and key risk indicators, scenario analysis and ERM information integration.
success is achieved by
Success is achieved by…
  • The group seeking, to help drive decisions which balance risk and reward, thereby adding value to business, through an integrated Enterprise Wide approach to risk management.
  • This is achieved by implementing the main components of and ERM Model:
the components of an erm model
The components of an ERM Model
  • Structured Risk self-assessment
  • Incident/event Management
  • Internal Audit Findings Management
  • Key Risk Indicator Management
the components of an erm model18
The components of an ERM Model
  • Structured Risk self-assessment – This entails a risk assessment methodology that will enable the users to identify and assess risks and controls as part of their risk management process. This activity will form part of each risk owners normal job description and function.
the components of an erm model20
The components of an ERM Model
  • Incident/event management – The incident/event management component should include a centralized loss/event database for the Group that will enable users to track losses and events, against pre-defined descriptions, as well as to manage these events in terms of preventative action and control measures.
  • Each event category is linked back to a Primary Risk Classification, identified process, sub-process, task, objectives, and strategic goals. The purpose of the link is to uniformly evaluate risk within each component.
the components of an erm model21
The components of an ERM Model
  • Internal Audit findings - All findings that require action plans must be linked back to a Primary Risk Classification, process, sub-process, task, objectives and strategic goals. The purpose of the link is to uniformly evaluate risk within each component and provide management with a single view of the entire risk management process and its status within each component in a unified format.
the components of an erm model22
The components of an ERM Model
  • Key risk indicators – Key risk indicators are quantitative measures intended to provide management with insight on their risk exposure and to determine the effectiveness of risk control measures.
  • KRI’s can provide management with early warning indicators to serve as a mechanism to pro-actively act to risk exposures. KRI’s must be defined as part of the risk self-assessment process and then verified by the risk management facilitators.
  • As KRI’s are identified in the self risk assessment process each is linked back to a Primary Risk Classification, process, sub-process, task, objectives and strategic goals.
  • The purpose of the link is to uniformly evaluate risk within each component. KRI’s are monitored at the source level. This may be within data collected with in the Company ERM system or within a core Company operational database where the data has been automatically detected and transferred to the ERM system.
Procedures/ processes linked to BU objectives and then to Group Objectives and Group strategic business plan

Divisions/BU’s ensure individual Goals and Objectives and business strategy aligned to Group

Goals and objectives defined

Group strategic business Plan

You're in business

You monitor the specific identified indicators to verify that you are on target in achieving your determined objectives and goals.

You record incidents along the way and monitor historic events in your business area to help you stay on your planned route and minimize the possibility of failure in achieving your goal.

All risks identified at process level that could prevent achievement of defined objectives and Goals at both BU and Group levels.

The organisation at each level is prompted by the supporting software system, providing notification of Key Risk Indicators, to take the necessary mitigating action.

Correctly embedded and used, Integrated ERM ensures the achievement of your Objectives and Goals by improving the overall efficiency of the running of your business.

Without it……..

all components are now in place to perform risk modelling
All components are now in place to perform risk modelling
  • Loss/event data
  • Risk assessment data
  • Scenario analysis
  • Business unit exposure data
  • Key Risk Indicator data
Unexpected Losses

ERM Risk Modeling

Expected Losses




Risk Appetite

Capital Allocation/Funds/Captives/Tiered insurance

Risk Assessment
  • What can go wrong? (Risk Event)
  • How often could it happen? (probability)
  • How bad can it get? (Impact and consequence)





KRI’s defined

  • What can we measure to indicate that it may be
  • going wrong?
  • What did go wrong?
  • How did it impact on us?
  • What's the likelihood of it happening again?

Incident Event Management


(Are we doing what we intended to do, in managing our risk


Actions taken to reduce Impact and probability

Integrated ERM Control and Management





Actions taken to correct and improve conditions when it goes wrong

Real time analysis reporting providing indicators of where action needs to be taken based on current control of risk

optimized erm
Optimized ERM
  • ‘Best Practice’ Enterprise Wide Risk Management establishes that:-
      • Processes are in place and are closely aligned with business strategies.
      • Costs and benefits of Risk Management are defined and are balanced against risks and are communicated and applied across the whole organisation.
      • An agreed standard framework is in place and applied uniformly by all levels of management.
      • Management have funded plans to improve the level of Risk Management Maturity of all businesses /business areas.
This sound approach to Enterprise Risk Management not only ensures the achievement of the companies objectives but drives the process towards such achievement, while maintaining regulatory compliance, a safe well managed environment and an embedded culture of risk management by all employees of the organization on a day to day basis.
thank you
Thank You
  • Guideline Risk Technologies Africa (Pty) Ltd
  • Nicky Downing
  • [email protected]