lessons learned from erm in a public sector organization · enterprise risk management lessons...
TRANSCRIPT
![Page 1: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/1.jpg)
ENTERPRISE RISK MANAGEMENT
LESSONS LEARNED FROM ERM IN A PUBLIC
SECTOR ORGANIZATION
March 14, 2013
![Page 2: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/2.jpg)
Webinar on ERM
• What it is!
• What it is not!
2
![Page 3: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/3.jpg)
Do You Know…..
• The underlying premises of ERM
• History of ERM
• COSO has developed an ERM framework
• Everyone is doing risk management already
3
![Page 4: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/4.jpg)
Introduction
• ERM
• ISO standard on risk
management
• Risk management
4
![Page 5: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/5.jpg)
1. Business at warp-speed
2. Obsolete business models
3. New business practices
4. Converging financial services providers
5. Increasingly demanding investors and regulators
6. Increasingly accountable and demanding directors
7. Increasingly effective processes for risk identification
8. Increasingly effective measurement tools
9. Increasingly effective information tools
10. Increasingly effective scenario analysis and planning
ERM and Risk Drivers
5
![Page 7: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/7.jpg)
Lessons Learned From ERM ERM – the new perspective
• Fragmented
• Negative
• Reactive
• Ad hoc
• Cost-based
• Narrowly-focused
• Functionally-driven
• Integrated
• Positive
• Proactive
• Continuous
• Value-based
• Broadly-focused
• Process-driven
7
From To
![Page 8: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/8.jpg)
What Companies Need to Address
• Unintentional Risks
• Intentional Risks
8
![Page 9: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/9.jpg)
Polling Question # 1
9
Why do business leaders love the Chief Risk Officer?
(Select all that apply)
a) The CRO promotes Risk Management and Policy
b) The CRO determines what level of risk is acceptable to the
organization
c) The CRO controls the budgets on all issues so they don’t
have to
d) None of the above
![Page 10: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/10.jpg)
ERM – What Does It Mean?
10
1. Establish goals, objectives and oversight
2. Assess business risk
3. Develop risk management strategies
4. Design and implement risk management capabilities
5. Monitor performance
6. Continuously improve risk management capabilities
7. Support the process with information for decision making
![Page 11: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/11.jpg)
Evolution of Risk Management
To a Strategic Process
![Page 12: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/12.jpg)
Stepping Stones Towards ERM
12
Linkage to Increasing risk management capabilities
opportunity and
competitive
advantage
Adopt
Common
Language
Establish
Goals,
Objectives
and
Oversight
Assess
Risk and
Develop
Strategies
Design/
Implement
Capabilities
Continuously
Improve
Aggregate
Multiple
Risk
Measures
Link to
Enterprise
Performance
Formulate
Enterprise
-wide Risk
Strategy
![Page 13: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/13.jpg)
Polling Question # 2
13
Which one of the following is a CRO’s top priority?
(a) Computer malfunctioning
(b) Harrassment of an employee
(c) Customer complaint
(d) Suspected fraud
![Page 14: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/14.jpg)
ERM Journey
• Expand corporate governance
• Unexpected losses
• Implement strategic management
tool
• Rapidly changing environment
• KPI shortfalls and tightened profit
margins
• Manage changing business model
• Improve capital budgeting
decisions
• Improve management of new
economy assets
• Aggressive growth strategies,
including M&A
• Improved integration desired
• Address lack of change
readiness
• Incentives/rewards not aligned
• Address fragmented and narrow
focus
• Reduce reactive decision-making
• More holistic approach desired
14
Common reasons Other possible reasons
![Page 15: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/15.jpg)
What Are Risks?
15
![Page 16: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/16.jpg)
Business Risk – What Does it Mean
To an Organization?
• Externally-driven
• Internally-driven
• Decision-driven
16
![Page 17: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/17.jpg)
Polling Question # 3
17
If a CRO has an unlimited budget to spend on Risk
Management, can the organization become 100% risk-free?
a) Yes
b) No
![Page 18: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/18.jpg)
How Do We Handle Business Risk?
18
Sources of
Uncertainty
Environment Risk Uncertainties affecting the
viability of business model
Process Risk Uncertainties affecting the
execution of business
model
Information for Decision-
Making Risk
Uncertainties over the
relevance and reliability of
information that supports
the value-creation decisions
![Page 19: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/19.jpg)
Building an Enterprise-Wide
Business Risk Management Approach
19
1. Identify
2. Source
3. Measure
4. Evaluate
5. Manage
6. Monitor
![Page 20: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/20.jpg)
Basic Risk Management Strategies Avoid Divest
• Prohibit
• Stop
• Target
• Screen
• Eliminate
Retain Accept
• Reprice
• Self-insure
• Offset
• Plan
Reduce Disperse
• Control
Transfer Insure
• Reinsure
• Hedge
• Securitize
• Share
• Outsource
• Indemnify
Exploit Allocate
• Diversify
• Expand
• Create
• Redesign
• Reorganize
• Price
• Arbitrage
• Renegotiate
• Influence
20
![Page 21: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/21.jpg)
Quick Reference Guide
21
High frequency Low frequency
High severity Avoid Transfer
Low severity Reduce Retain
![Page 22: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/22.jpg)
Polling Question # 4
22
An insurance company would not find it profitable to insure
against something that has high frequency AND high severity.
• True
• False
![Page 23: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/23.jpg)
Factors to Consider
When Selecting Risk Strategy
a) Objectives and strategies
b) Capability
c) Time horizon
d) Financing
e) Residual (basis) risk
f) Manageability
g) Scenarios
h) Environment
i) Operational versus contractual
j) Interfaces
k) Orientation
l) Compliance
m) Pervasiveness
n) Frequency
o) Data availability
23
![Page 24: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/24.jpg)
Monitoring Continuous
Improvement
a) Existing priority risk
b) New emerging risks
c) Risk management performance
d) Specific measures, policies and
procedures
a) Benchmarking performance to
identify best practices
b) Four-way interactive
communications and knowledge
sharing
c) Integrating the firm’s risk
language and process into its
employee learning programmes
24
![Page 25: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/25.jpg)
Risk Map
25
Business Interruption Resource Availability Competitor Actions Business/Public Influences
Future Regulations
Efficiency/Productivity Hiring/Retaining Economic Influence Reputation Capacity
Budget & Planning Health & Safety Environmental Currency
Financial Instruments Compliance Liquidity/Cash Flow
Credit Default
Contracts Interest Rate
Likelihood
![Page 26: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/26.jpg)
Polling Question # 5
26
Which occupational fraud is the most frequent offense?
a) Asset misappropriation
b) Corruption
c) Financial-statement fraud
![Page 27: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/27.jpg)
Risk Reporting
27
<--
- Fr
equ
ency Contents -->
Ris
k m
aps
actu
al/t
arge
t
List
dri
vers
of
key
risk
s
KP
Is w
ith
lin
k to
fin
ance
Met
rics
on
key
dri
vers
Pro
gres
s re
po
rts
Head
Annually Office x x
Board of
Minimum once a year Directors x x x
Executive
Managers and
Minimum twice a year Risk owners x x x x x
![Page 28: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/28.jpg)
Organizational Oversight Structure
28
1. Board of Directors
2. CEO
3. Risk Management Executive Committee
4. Business risk management function
5. Business Units, Divisions & Functional support
and shared services
6. Risk management compliance & Internal audit
![Page 29: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/29.jpg)
Polling Question # 6
29
Risk management is the responsibility of
a) Board of Directors
b) Chief Executive Officer
c) Chief Financial Officer
d) Chief Risk Officer
e) Everyone
f) No one
![Page 30: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/30.jpg)
Corporate Governance Model
30
Boar of Directors
l
CEO
l
Risk Management
Executive
l
COO CFOl
CIO, CLOChief Risk
Officer____________________
Business risk
management function
l
l____
Risk management
compliance
l
------Business Unit A l Division A ------____
Legal and regulatory
compliance
Functional,
------Business Unit B support Division B ------ ____ VaR Review
and shared
------Business Unit C services Division C ------ ____ Internal audit
![Page 31: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/31.jpg)
Summary
31
1. Establish oversight structure
2. Define common language and framework
3. Target risks and processes
4. Develop overall goals, objectives and processes
5. Assess risk management capabilities
![Page 32: Lessons learned from erm in a public sector organization · ENTERPRISE RISK MANAGEMENT LESSONS LEARNED FROM ERM IN A PUBLIC SECTOR ORGANIZATION March 14, 2013 . ... Business at warp-speed](https://reader035.vdocuments.net/reader035/viewer/2022070712/5eceec307c3c6d2ead67f33d/html5/thumbnails/32.jpg)
You are most welcome to contact the presenter “Balaji” to further
discuss ERM
32