Enterprise Risk Management (ERM) - PowerPoint PPT Presentation

About This Presentation
Title:

Enterprise Risk Management (ERM)

Description:

Continuous risk assessment, evaluation and management ... Traditional risk management efforts tend to focus on measurable risks while ill ... – PowerPoint PPT presentation

Number of Views:6823
Avg rating:3.0/5.0
Slides: 38
Provided by: StateofO
Category:

less

Transcript and Presenter's Notes

Title: Enterprise Risk Management (ERM)


1
Enterprise Risk Management (ERM)
  • Presented At
  • Managing Risk Mission Possible
  • Terri Sahli, Risk Manager
  • State Of Oregon
  • October 23, 2006

2
Topics
  • ERM Definitions
  • Traditional Risk Management v. ERM
  • ERM Objectives Benefits
  • ERM Framework Process
  • ERM Risk Identification
  • Interdependencies Systems Thinking
  • ERM Tools, Techniques, Strategies
  • ERM Implementation
  • QA

3
ERM Definitions
  • A disciplined approach aligning strategy,
    processes, people, technology and knowledge to
    manage uncertainties as the enterprise creates
    value. (KPMG)
  • The identification and assessment of collective
    risks that affect value, and the formulation and
    implementation of a company wide strategy to
    maximize that value. (AON)

4
ERM Definitions
  • The effort to find an integrated optimal way of
    managing risk by balancing financing techniques
    with organizational practices and processes.
    (Marsh)
  • EWRM is a structured and disciplined approach
    it aligns strategy, processes, people, technology
    and knowledge with the purpose of evaluating and
    managing the uncertainties the enterprise faces
    as it creates value. (Arthur Andersen 2000)

5
ERM Definitions
  • Enterprise risk management is a process, effected
    by an entitys board of directors, management and
    other personnel, applied in strategy setting and
    across the enterprise, designed to identify
    potential events that may affect the entity, and
    manage risk to be within its risk appetite, to
    provide reasonable assurance regarding the
    achievement of entity objectives. (COSO)

6
ERM Definitions
  • ERM is a disciplined and integrated approach that
    supports the alignment of strategy, process,
    people, and technology and allows corporations to
    identify, prioritize and effectively manage their
    critical risk. By understanding all risks in an
    integrated framework, companies can execute
    proper strategies to successfully achieve their
    objectives and to meet their performance goals.
    (Unidentified) (Sahlis favorite)

7
Characteristics of Traditional RM
  • Limited strategic scope or influence
  • Narrowly focused
  • Negative
  • Reactive
  • No systematic understanding of correlation and
    interdependencies among risks
  • Fragmented

8
Characteristics of Traditional RM
  • Risk mitigation and risk financing siloed
  • Inconsistent risk reporting
  • Infrequent, ad hoc risk assessment
  • Ambiguous ownership of some types of risk lack
    of role definition
  • Closed communication
  • Functionally driven
  • Cost based

9
Characteristics of ERM
  • Supports strategy and planning
  • Broadly focused
  • Positive
  • Proactive
  • Correlation and interdependencies analyzed and
    understood
  • Integrated
  • Risk mitigation and risk financing coordinated

10
Characteristics of ERM
  • Concise, consolidated reporting
  • Continuous risk assessment, evaluation and
    management
  • Assigned ownership with accountability defined
    roles and responsibilities
  • Open communication
  • Process driven
  • Value based

11
Traditional RM
  • In a decentralized environment, responsibility
    for managing various risks may be assigned to the
    business or functional area with the perceived
    exposure.
  • Insurable risk Risk Management
  • Interest rate risk Treasurer
  • Litigation management risk Department of Justice

12
Traditional RM
  • Traditional risk management efforts tend to focus
    on measurable risks while ill-defined or
    ambiguous strategic or operational risks, such as
    brand or reputation, may be acknowledged but
    ignored.
  • How do you measure loss of reputation?

13
ERM Tear Down Those Walls
  • ERM is an approach that requires the tearing down
    of walls between the management of strategic,
    operational, financial and hazard risks, and
    adoption of a single, comprehensive risk
    oversight structure.

14
ERM Integrated
  • ERM is a holistic, integrated approach that
    requires systems thinking and an understanding of
    the interrelationship among component parts of a
    system.

15
ERM Tear Down Those Walls
  • ERM helps break down the risk silos
  • Within the state
  • Within your agency
  • Within your program
  • Common language and common tools essential to
    begin the non-siloed discussion

16
Why ERM? Why Now?
  • Perception that Enron, WorldCom, Global Crossing
    would not have happened had risks been more
    transparent.
  • Need for risk transparency
  • Performance pressures
  • Better use of capital (taxpayer dollars)
  • ERM tool development advancing rapidly
  • Competitive advantage

17
ERM Objectives
  • Better use of taxpayer dollars
  • Competitive advantage preferred place to live
    and work
  • Reduced budget volatility
  • Lower cost of risk transfer
  • Risks explicitly considered in decision making
  • Avoid surprises and predictable failures
  • Align risk exposures and mitigation programs
  • Institute more rigorous risk measurement
  • Integrate ERM into the strategic planning process

18
ERM Benefits
  • Increased management confidence
  • Improved risk transparency
  • Risk appetite and risk tolerance are aligned with
    strategy
  • Improved risk v. reward quantifications and
    performance measurements
  • Competitive advantage
  • Risk priced transactions
  • Improved resource and allocation
  • Optimized costs and efficiencies
  • Reduced earnings volatility
  • Early notification of risk patterns
  • Ability to anticipate and communicate
    uncertainties

19
ERM Framework
  • Mission Vision Statement
  • Objectives Strategies
  • Organizational Structure
  • Roles Responsibilities
  • Policies Procedures
  • Tools Techniques
  • Common language
  • Overlays existing framework
  • Integrated into, not isolated from, the
    organization

20
ERM Process RM Process
  • Risk identification
  • Risk analysis
  • Formulation of risk management strategies and
    solutions
  • Implementation of strategies and solutions
  • Measure, monitor, and report
  • Integration
  • The process is the same. We are simply expanding
    the risks we identify and analyze.

21
Risk Identification - Traditional
  • Will focus on insurable risks
  • Employees
  • Buildings
  • Vehicles
  • Third parties (general public)

22
Risk Identification - ERM
  • Will focus on systemic risks (systems thinking)
  • Hazard/insurable risks
  • Operational risks
  • Financial risks
  • Strategic risks
  • What could go wrong

23
Risk Identification - ERM
  • Systems Thinking
  • Operational risks arising out of your daily
    operations
  • supply chain, human resource, IT security,
    culture, weather, regulation
  • Financial risks arising around use of money
  • credit risk, interest rate risk, cash-flow/budget
    management, economic up/down turns
  • Strategic risks arising out of business/policy
    decisions
  • reorganization decisions, customer/constituency
    base changes, changes in service offerings

24
ERM Risks
  • Your turn lets identify
  • Operational risks
  • Financial risks
  • Strategic risks
  • Others

25
ERM Systems Thinking
  • ERM is a holistic, integrated approach that
    requires systems thinking and an understanding of
    the interrelationship among component parts of a
    system
  • Consider the interdependencies
  • Upstream and downstream risks

26
Unintended Consequences
  • At the core of siloed risk management is the lack
    of correlation of risks (interdependencies and
    interrelationships) and concomitantly, a failure
    to effectively and efficiently integrate risk
    management strategies.

27
Unintended Consequences
  • Intense Focus on Single Objective or Risk
  • Failure to Consider Corollary Risks
  • Failure to Consider Interdependency Risks
  • Unintended Consequences (the big oops)

28
Interdependencies of Risk
  • Hazard theft of laptop with unsecured
    confidential bank account information
  • Operational employees not trained in
    information security practices password
    protection
  • Financial bank accounts drained of millions of
    dollars before accounts can be identified and
    frozen
  • Strategic loss of vendors cant pay bills

29
ERM Tools Techniques
  • Tools and techniques will vary by entity and must
    be compatible with the entitys risk
  • Tools techniques
  • Key risk indicators
  • Individual self assessments or facilitated group
    assessments
  • Scenario analysis
  • Risk mapping using frequency and severity
  • Statistical analysis/probabilistic modeling

30
Risk Maps A Tool
? ? ???
? ?
?? ?

?
?
Frequency
S e v e r i t y
31
Risk Strategies
  • Accept
  • Retain
  • Reduce
  • Transfer
  • Acquire/exploit
  • Share
  • Reject
  • Eliminate
  • Avoid

32
ERM Implementation
  • Barriers to successful implementation
  • Lack of quantification of soft risks
  • Lack of framework and strategic plan
  • Just another audit or flavor of the day
  • Lack of visibility and support from leadership
  • Project v. process view

33
ERM Implementation
  • Barriers to successful implementation
  • Competing priorities
  • Lack of needed processes and appropriate
    measurements
  • Lack of consensus on benefits
  • Insufficient resources (people and technology)
  • Organizational resistance to change

34
ERM Implementation
  • Factors for successful implementation
  • Leadership and executive sponsorship
  • Establishment of a vision
  • Phased work plan with realistic goals and time
    frames
  • Dedicated cross functional teams
  • Managed expectations
  • Quick early visible wins
  • Integration into all planning

35
Who is implementing ERM?
  • Financial services sector
  • Insurance and banking
  • Energy sector
  • Utilities, energy gas
  • Others
  • Public sector

36
Conclusion
  • ERM is traditional risk management
  • on steroids
  • ERM can begin within a single agency
  • not the entire entity
  • ERM can be FUN
  • as well as hard work
  • ERM is Mission Possible

37
Enterprise Risk Management
  • Questions?
  • Thank You!
Write a Comment
User Comments (0)
About PowerShow.com