1 / 45

ENTERPRISE RISK MANAGEMENT BY

ENTERPRISE RISK MANAGEMENT BY. ADEROJU SOLOMON , FCIB M.D/CEO SOLAD CONSULTING NIG . 23, ASSOCIATION AVENUE ILUPEJU, LAGOS 08033196258, 08073535475 E-mail: essayaderoju@yahoo.co.uk. INTRODUCTION.

nadda
Download Presentation

ENTERPRISE RISK MANAGEMENT BY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ENTERPRISE RISK MANAGEMENT BY ADEROJU SOLOMON, FCIBM.D/CEOSOLAD CONSULTING NIG.23, ASSOCIATION AVENUE ILUPEJU, LAGOS08033196258, 08073535475 E-mail: essayaderoju@yahoo.co.uk S.A ADEROJU, FCIB

  2. INTRODUCTION Risk is part of every human endeavor. From the moment we get up in the morning, drive or take public transportation to get to work, until we get back into our beds (and perhaps even afterwards), we are exposed to risks of different sorts. It can be argued that every major progress in human civilization, from the crude invention of tools to sophisticated advancement in science and technology has been made possible because someone was willing to take risk and challenge the status quo. S.A ADEROJU, FCIB

  3. INTRODUCTION cont’d • “Risk in itself is not bad,” asserts Suzanne Labarge, chief risk officer at Royal Bank of Canada. “what is bad is risk that is mismanaged, misunderstood, mispriced, or unintended.” Indeed, many are realising that risk creates opportunity, that opportunity creates value, and that value ultimately creates shareholder wealth. • How best to manage risks to derive that value has become the critical question. S.A ADEROJU, FCIB

  4. QUOTES • WĒI JĪ - The Chinese word for Risk or crisis is composed of two characters, one represent danger and the other represents opportunity. - John F. Kennedy • A ship in harbor is safe – but, is that what ships are built for? - John A. Shedd S.A ADEROJU, FCIB

  5. WHAT IS RISK? Cont’d Profits are the reward for successful risk in business. On the other hand, excessive and poorly managed risk can result in direct loss of earnings and erosion of capital or may result in imposition of constraints on a company ability to meet its business objectives. As such, managements of such organization are expected to ensure that the risks they take are understood and properly managed. There should be a positive correlation between risk and return. S.A ADEROJU, FCIB

  6. ENTERPRISE RISK MANAGEMENT • Enterprise Risk Management (ERM) has emerged as an important new business trend. ERM is a structured and disciplined approach aligning strategy, processes, people, technology, and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value. “ Enterprise-wide means the removal of traditional functional, divisional, departmental or cultural barriers. A truly holistic, integrated, future-focused and process-oriented approach helps an organization manage all key business risks and opportunities with the intent of maximizing shareholder value for the enterprise as a whole. S.A ADEROJU, FCIB

  7. RISK MANAGEMENT • One significant result is that Risk Management must now extend well beyond traditional financial and insurable hazards to encompass a wide variety of strategic, operational, reputation, regulatory and information risks. As a means of identifying, prioritising and managing such risks across an enterprise or division- and linking them to value creation, ERM has the potential to provide organisations with a new competitive advantage. S.A ADEROJU, FCIB

  8. RISK APPETITE • An organization determines its risk appetite, and its capacity for taking on additional risks, in much the same way individual investors balance their own tolerance for various risks against their desire for greater returns and use that knowledge to diversify the portfolio of stocks, bonds and other financial instruments they hold. S.A ADEROJU, FCIB

  9. RISK APPETITE • An organization’s appetite or tolerance for risks will vary with its strategy as well as evolving conditions in its industry and markets. Each organization’s risk tolerance is unique, and it will vary according to organizational culture as well as external factors. • A critical aspect of management’s responsibility is to determine which risks and how much of each of them, the organization should take and then to re-evaluate those choices as circumstances changes. S.A ADEROJU, FCIB

  10. ENTERPRISE RISK MANAGEMENT • Enterprise Risk Management is an important means of identifying the critical risks the organization faces-for example; reputation, ethics, e-business or health, safety and environmental risks (not just financial or insurable hazards). It is also important for managing and optimising that portfolio of risks in a way that realises financial rewards. Interpretations of ERM vary widely by industry and among organizations. Consequently, definitions of ERM also vary widely-but many agree that it is a top-down approach, based on and supportive of organizational strategy, that is focused on new ways to manage and optimise the risks of highest importance to the board and management. S.A ADEROJU, FCIB

  11. ENTERPRISE RISK MANAGEMENT • Intrigued by ERM, organizations are using Risk Management concepts to consider a number of questions: • What risks am I facing, and how do they compare to those of my peers or competitors? • How are these risks changing based on changes in my business environment? • What level of risk should I take? • How should I manage those risk? S.A ADEROJU, FCIB

  12. IDENTIFICATION OF RISK • Identification/Assessment tools enable a management team to collectively identify and assess the risks facing the organization. These tools also enable the team to evaluate each risk according to its “likelihood” (that is, the probability that the risk will occur) and its “magnitude” (the impact the risk would have if it did occur) S.A ADEROJU, FCIB

  13. TYPOLOGY OF RISK There are three main categories of risks any organization faces in the course of doing business and these are: Credit Risk, Market Risk & Operational Risk. Others are: Liquidity Risk (funding crisis);  Reputational Risk;  Regulatory and Compliance Risk;  Environmental and Social Risk;  Strategic Risk and  Legal Risk; etc. S.A ADEROJU, FCIB

  14. TYPOLOGY OF RISK Cont’d • Business Risk: • Macro Policy • Legal • Event Risk: • Political • Social • Other exogeneous factor • FinancialRisk: • Balance sheet structure • Capital adequacy • Liquidity, market • Currency • Operation Risk (PEPSI): • P Processes • E External events • P People • S System • I Internal (People, process, system) S.A ADEROJU, FCIB

  15. TYPOLOGY OF RISK Cont’d • Industry Risk: The dynamic of the industry to manage the opportunities and challenges there from. • Company Risk: Risk Inherent in the company operational characteristics that may prevent it from converting its asset to cash. • LeverageRisk: It is attribute to the capital structure of the company. The capital stock of a company can be ordinary shares, debt stock and preference shares. • LiquidityRisk: Inability to meet financial obligation as they fall due. S.A ADEROJU, FCIB

  16. OPERATIONAL RISK STRATEGIC RISK • What are the risks inherent in the process that have been chosen to implement the strategies? • How does the organization identify, quantify and manage these risks given its appetite for risk? How does it adapt its activities as strategies and processes change? • Are the critical strategies appropriate to enable the organization to meet its business objective? • What are the risks inherent in those strategies and how might the organization identify, quantify and manage these risks? • How much risk is the organization willing to take? • What risks result from e-business developments? S.A ADEROJU, FCIB

  17. REGULATORY OR CONTRACTUAL RISK REPUTATION RISK • What risks are related to compliance with regulations or contractual arrangements-not just those that are financially based? • What are the risks to brand and reputation inherent in how the organization executes its strategies? S.A ADEROJU, FCIB

  18. INFORMATION RISK FINANCIAL RISK • Is our data, information, knowledge reliable, relevant and timely? • Are our information systems reliable? • Do our security system reflect our e-business strategy? • Have operating processes put financial resources at undue risk? • Has the organization incurred unreasonable liabilities to support operating processes? • Has the organization succeeded in meeting measurable business objective? S.A ADEROJU, FCIB

  19. NEW RISKS • What risks have yet to develop? (these might include risks from new competitors or emerging business models, recession risks, relationship risk, outsourcing risks, political or criminal risks, financial risk disasters and other crisis and disaster risks) S.A ADEROJU, FCIB

  20. RISK CENTRALIZATION • Organization approaches to Risk Management may be centralised at the corporate level or decentralised among divisions or processes, depending on the nature of the risks in question and the organizational preferences of management. While there is no right or wrong way to organise, organizational principles are emerging as follows: S.A ADEROJU, FCIB

  21. RISK CENTRALIZATION Cont’d • Centralised Risk Management trends to focus on risks that affect the achievement of key corporate objectives and strategies and significantly affect most if not all functions and processes (e.g. reputation). These risks may be referred to as enterprise-wide risks. Accountability for enterprise-wide risks may reside with the CEO and the board of directors (although responsibility for these risks may be dispersed throughout the organization). Other risks that may be managed centrally include those that require specialised skill sets that cannot be duplicated at the division level or those that require partnering or contacting at the corporate level. S.A ADEROJU, FCIB

  22. RISK CENTRALIZATION Cont’d • Decentralised Risk Management pushes the responsibility of Risk Management to those who live with it day to day. Risk that may best be managed in this way are division or process-level (PL) risks, which are those that are significant only within a particular process but nonetheless affect the organization’s ability to successfully implement its strategies overall. S.A ADEROJU, FCIB

  23. TYING ERM TO BUSINESS STRATEGY • Early models of Risk Management viewed risk as a market imperative- something to be understood and analysed for it own sake. The new models maintain that ERM should be intrinsically linked to the entity’s business strategy- which encompasses an organization’s established vision, mission and objectives; its process for defining operational imperatives and its philosophies, policies, plans and initiatives for growth and development. S.A ADEROJU, FCIB

  24. A NEW ERM MODEL Measuring and monitoring • Risk strategies is built around and supports the business strategy. Risk portfolio development, optimization and measuring and monitoring take place in the context of these strategies, based on an established structure for ERM that provides the means of embedding it in organizational culture. Business strategy Risk strategy Risk optimization Risk portfolio Risk structure S.A ADEROJU, FCIB

  25. RISK ASSESSMENT • Risk Management has proved to be a highly useful process for identifying, categorising and assessing critical risks based on their likelihood of occurrence and magnitude of impact. The key issue that has arisen, however, is what to do with the information when the risk assessment is finished. In some instances, entities find that the process has identified so many risks that they cannot possibly track them all. In others, they find that they have not been able to translate the risk assessment into specific action step-in the context of management’s risk appetite-that drive value for the organization. S.A ADEROJU, FCIB

  26. RISK ASSESSMENT • To address these issues, the new models of ERM are taking the concept of risk assessment several steps further to encompass a RISK PORTFOLIO. The concept of a risk portfolio assumes that various risk share certain characteristic and/or interdependencies. Risks are considered in groups, based on how they relate to each other and within these groups one or more risks may rise or fall when other risks rise or fall. In addition, when one risk is transferred, another may arise. S.A ADEROJU, FCIB

  27. RISK MANAGEMENT Another key concept of the risk portfolio is that it acknowledges organizational limitations. Management has time and resources to focus on a limited numbers of risks. Evaluating risks in a portfolio enables leaders to perceive impacts and interdependencies, allowing management to proceed through the ERM process with a better understanding of which risks are critical and thus may require their increased focus-driving a better return on management’s time and resource investment. S.A ADEROJU, FCIB

  28. RISK OPTIMIZATION • This embodies the concept of choice. Just as an investor adjusts the mix of investments based on defined targets for risk and return, a risk portfolio manager chooses among tactics to manage risk based on the entity’s appetite for risk and its ability to absorb it. These choices can include adding controls or limits for risks that may exceed the entity’s risk appetite. Such choices also may include reducing costs related to excessive controls or taking action to expand risks in areas where existing controls provide additional risk capacity. Thus the manager must continually balance the cost/benefit of taking such action with the need to optimize the risk in the organization. By applying a variety of tactics, risk managers can begin to affect corporate performance and thereby affect shareholder value. S.A ADEROJU, FCIB

  29. MEASURING AND MONITORING TO ENHANCE VALUE • At this point in the process, all of the actions related to ERM should be having an impact on the organization. Measuring and Monitoringthese actions now becomes necessary, as an ongoing means of understanding and reporting on the status and impact of risks. Many organizations are devising ways to perform these activities on both an enterprise-wide and a process level. S.A ADEROJU, FCIB

  30. MEASURING AND MONITORING TO ENHANCE VALUE (Cont’d) • Monitoring at its most basic level can be embedded in an organization's systems. By defining risks limits in terms of specific attributes or measurements, real-time monitoring can occur and, if limits are exceeded, actions can be taken. Achieving this result requires thoughtful definition of performance measures (both quantitative and qualitative) that can embody risk characteristics. Other monitoring methods include the use of internal and external auditors, benchmarking against market or other data, and retroactive review of risk results. Companies should define the monitoring and measurement systems that best serve their management style and characteristics. S.A ADEROJU, FCIB

  31. RISK STRATEGY • Rounding out this ERM construct are two additional concepts. The first is that of a RISK STRATEGY. Just as a business strategy indicates the direction of the business, a risk strategy provides guidance for the risk activities within a company. It can set the one for aggressive or conservative Risk Management activities, dictate how measuring and monitoring activities can be carried out, and provide the “bird’s-eye” view needed by management and the board. Indeed, it is the risk strategy that provides the backbone for embedding ERM within the culture of the business. S.A ADEROJU, FCIB

  32. RISK STRATEGY Cont’d • The risk strategy should be executed by the risk structure. Many organizations today are designing integrated structures that define how ERM is embedded into the organization. This endeavor will not require a bureaucratic reinvention of the business structures already in place, but rather an enhancement of such structures that will embed and align risk management within existing strategies and business planning efforts. S.A ADEROJU, FCIB

  33. RISK STRATEGY Cont’d • The structures will encompass the roles and responsibilities for managing risk. They will also define accountability as well as clear reporting lines, which will empower managers to act within defined boundaries linked to risk appetite. The effective integration of these structures calls for the board to develop ownership of the effort and demonstrate its strong commitment to it. To achieve this commitment, the board will need both education and ongoing assurance that ERM is providing value. S.A ADEROJU, FCIB

  34. RISK STRATEGY Cont’d • Communication of the risk strategy and structure is essential. Such communication should be designed-using appropriate technology and common language and concepts-to ensure that all employees and stakeholders understand the board’s vision and objectives. Leaders must clearly demonstrate the relevance of the ERM strategy, providing success stories to maximize the value of the communication process. • Having defined responsibility and accountability, leaders should also take careful steps to ensure that individuals have the skills necessary to execute effectively. The level and type of skills required will vary considerably. Consequently, all relevant business and personal training should encompass ERM principles. S.A ADEROJU, FCIB

  35. RISK STRATEGY Cont’d • In many cases, the CRO is at the center of this structure and is responsible for driving it as well as fine-tuning it based on organizational performance. Implementing such an ERM model within an organization can produce a business risk management process that results in a systematic workflow for addressing risk within the organization. S.A ADEROJU, FCIB

  36. Key Action to Help Embed a Risk Structure in an Organization BOARD ACTIVITIES • Provide ERM education at board level • Establish buy-in at board level for risk appetite and risk strategy • Develop “ownership” of Risk Management oversight by the board • Review a risk report of the enterprise. S.A ADEROJU, FCIB

  37. BOARD ACTIVITIES • The success of a formal risk management program is driven by leadership and enthusiasm from the Board and executive management. This is critical to ensuring that risk management becomes embedded as part of the culture of an organization. The program also needs to be a valuable experience to the individual businesses. If it is seen purely as “another Head Office initiative” it will surely fail. S.A ADEROJU, FCIB

  38. KEY ELEMENTS OF RISK MANAGEMENT FRAMEWORK • Board – Overall strategic direction and tolerance level for each risk element. • Board Risk Management Committee(BRMC)– Ensure adherence to the organization’s risk management policy and procedures as set out by the Board. S.A ADEROJU, FCIB

  39. KEY ELEMENTS OF RISK MANAGEMENT FRAMEWORK CONT’D • SeniorManagement– Ensures implementation of the risk policies and procedures. • RiskManagementCommittee– Direct responsibility for driving the risk management functions at the operational level. • Risk Management Units– Ensures effective management of the significant risks inherent the business of the organization. S.A ADEROJU, FCIB

  40. DETERMINANTS & ELEMENTS OF APPROPRIATE ERM FRAMEWORK • Typical organizational structure • Policy and procedures • Objectives/mandate • Roles and responsibilities of each of the parties. S.A ADEROJU, FCIB

  41. KEY ELEMENTS OF SOUND ERM • Effective communication – both expectations and outcome or performance of risk management. • Adequate and appropriate training on risk management skills and knowledge. • It must be understood as a dynamic process-not a one-off exercise. • A mind set-all managers should be involved and conscious of risk. • Must work with corporate ethics S.A ADEROJU, FCIB

  42. CONCLUSION • The international organisation for standardization identifies the following principles of Enterprise Risk Management. • Enterprise Risk Management should create value. • Enterprise Risk Management should be integrated into the organizational processes. • Enterprise Risk Management should be part of decision making. • Enterprise Risk Management should explicitly address uncertainty. • Enterprise Risk Management should be systematic and structured. S.A ADEROJU, FCIB

  43. CONCLUSION • In the light of recent high-profile corporate collapses and the economic downturn, there is likely to be more explicit direction from regulatory bodies. Good Corporate Governance should include a holistic, structured enterprise-wide risk management program. S.A ADEROJU, FCIB

  44. CONCLUSION • Enterprise risk management can becomes a strategic competitive advantage if it is used to identify specific action steps than enhance performance and optimize risk. It can also influence business strategy by identifying potential adjustments related to previously unidentified opportunities and risks. Used appropriately, ERM thus becomes a means of helping the organization shift its focus from crisis response and compliance to evaluating risks in business strategies proactively, to enhancing investment decision-making and to improving shareholder value. Organization that develop an ERM framework for linking critical risks with business strategies can become highly formidable competitors in the quest to add value for shareholders. S.A ADEROJU, FCIB

  45. THANKS FOR YOUR WONDERFUL ATTENTION Solomon A Aderoju FCIB08033196258, 08073535475essayaderoju@yahoo.co.uk S.A ADEROJU, FCIB

More Related