bruce branson associate director, nc state erm initiative september 27, 2012
TRANSCRIPT
Bruce BransonAssociate Director, NC State ERM Initiative
September 27, 2012
ERM: It's All About Strategy, Not Compliance
Page 2
Page 3
Huge Management Challenge
Economic Downturn
Liquidity
Uncertain Legislative/Regulatory Environments
Explosion of Technology
Complex Business Transactions
Globalization
Short Product Cycles
Increasing Risks and Complexities
Interconnected – with a cascading impacts
Higher Expectations for Effective Risk Oversight
Page 4
R.I.S.K48%
Describe their Risk Oversight as
Very Immature or Developing
43%Dissatisfied
with Entity’s Risk Oversight
Page 5
Most Fail to See Value
Compliance Exercise
Strategic Tool
Only 11% say their enterprise’s risk oversight is extensively or mostly providing strategic
competitive advantage
Loss Prevention
Value Creation?
Page 6
Traditional Risk Mgt Approach
StrategicMarket Risks
Operations Risks
Finance Risks
IT Risks Legal Risks
Reputation
Risks
Human Capital Risks
Page 7
Traditional Risk Mgt Approach
Credit
Risks
Market Risks
Finance Risks
IT Risks Legal Risks
Reputation
Risks
Human Capital Risks
“Silo” or “Stove-Pipe” Risk ManagementRisk
Risk
Risk
Risk
Risk
Risk
Risk
Risk
Risk
Page 8
Risk & Return
Page 9
Time
Range of Uncertainty
Develop Strategies
Now
Risk Oversight is All About the Strategy
Observe Performance
Later
What is our process for managing
emerging risks?
Page 10
ERM Framework
Strategy ObjectiveSetting
RiskIdentification
Risk Assessment
Risk Response
Controls, Communication, and Monitoring
Source: The Committee of Sponsoring Organizations of the Treadway Commission
Internal
Environment
Page 11
Step 1: Really Understand Strategy of Business
Member Value
Increased Revenues
Expense Savings
Page 12
Step 1: Really Understand Strategy of Business
Member Value
Increased Revenues
Expense Savings
Pursue Acquisitions
Build Value Proposition
Develop New Products
Expand Geographically
Pursue Operational Excellence
Strengthen Talent Base
Page 13
Understanding Strategy
1. What must go right for strategy to be successful?
– Processes, people, technologies
2. What assumptions are we making?
– How Developed, Impact if Volatile, How Monitored?
Risks
Page 14
Step 2: Identify Risks Impacting Strategy
Member Value
Increased Revenues
Expense Savings
Build Value Proposition
Develop New Products
Expand Geographically
Pursue Operational Excellence
Strengthen Talent Base
Risks?
Risks?
Risks?
Risks?
Risks?
Risks?
Risks?
Risks?
Pursue Acquisitions
Page 15
Key Risks IdentifiedStrategic
Initiative #1Strategic
Initiative #2Strategic
Initiative #3Strategic
Initiative #4
Risk #1 X x
Risk #2 x x
Risk #3 x x
Risk #4 x x x x
Risk #5 x
Risk #6 x x
Risk #7 x x
Risk #8 x
Risk #9 x
Risk #10 x x
Strategies
Risks
Create an Enterprise Strategic View of Risks
Page 16
Rating Definition
Improbable Shocked if this risk happens
Possible Not likely, but not surprised if it happens
50-50 Toss-up
Probably Likely, but not surprised if it did not happen
Near Certain
Shocked if it doesn’t happen
Rating Definition
Negligible Near zero budget variance, minimal impact on key stakeholders, media coverage improbable
Minor Fairly small budget variance, small impact on completion of mission, media coverage improbable to possible
Moderate Noticeable budget variance, some delay in projects to complete mission, media coverage is 50/50
Serious Significant budget variance, delay in project schedules, media coverage is probable to near certain
Critical Significant budget variance, cancellation of projects, significant negative feedback, media coverage is near certain and widespread
Likelihood Rankings* Impact Rankings*
Step 3: Need Process to Prioritize Risks
Page 17
Step 4: How Are We Managing Risks?
1. How are we currently managing this risk?
2. Is risk response appropriate and adequate?
3. Should we do something differently?
4. Who owns this risk?
Page 18
Step 5: Develop Metrics to Monitoring Risks
Member Value
Increased Funding
Expense Savings
Strategic Initiative #1
Strategic Initiative #2
Strategic Initiative #3
Strategic Initiative #4
Potential Risk
Potential Risk
Potential Risk
Potential Risk
Potential Risk
KRIs
KRIs
KRIs
KRIs
KRIs
Strategic Initiative #5
Strategic Initiative #6
Page 19
KPIs vs. KRIs
Historical Forward Looking
Page 20
Time
Range of Uncertainty
Initial Strategies
Proactive Management of Emerging Risks
Tri
gger
Poi
nts
Tri
gger
Poi
nts
KRIs
Revise Strategies
KRIs
Revise Strategies
Page 21
ERM Framework
Strategy ObjectiveSetting
RiskIdentification
Risk Assessment
Risk Response
Controls, Communication, and Monitoring
Source: The Committee of Sponsoring Organizations of the Treadway Commission
Internal
Environment
Page 22
Goal: Expand Value Proposition of Risk Oversight
Compliance Exercise
Strategic Tool
Enterprise Risk Management
Loss Prevention
Traditional Risk Management
Page 23
Interested in Learning More….www.erm.ncsu.edu
1st Page of Google Search on “ERM”
About 7,500 Visitors a month
Page 24
Internet
About 300 articles
summarized
Page 25
Twice monthly distribution
Visit us at: www.erm.ncsu.edu
Mark S. Beasley Bonnie Hancock Bruce BransonDeloitte Professor Executive Director Associate Directorof Enterprise Risk Mgt ERM Initiative ERM Initiative