LINKING ENTERPRISE RISK MANAGEMENT TO STRATEGYNovember 27, 2014

Presented by:

Carolyn M. SnowRIMS PresidentDirector, Risk Management, Humana Inc.

Mary RothRIMS Executive Director

2

87%Companies surveyed with revenue above

$1 billion say expectations of the risk management department have

increased.

Enterprise Risk Wheel

Source: Zurich

4

63% HAVE FULLY OR PARTIALLY IMPLEMENTED

ERM

Increases risk awareness

Contributes significantly to risk avoidance and mitigation strategies

Assurance that the organization will reach strategic & operational objectives

INVESTING IN STRATEGIC & ENTERPRISERISK MANAGEMENT

A RIMSERM COMMITTEE REPORT:

COMPARING TRADITIONAL RM WITH ERM

1. ERM encompasses both hazard risk and business risk.

2. ERM seeks to enable an organization to fulfill its greatest productive potential.

3. ERM focuses on the value of the organization.

4. ERM focuses on the organization as a whole.

1. Traditional RM focuses on hazard risk.

2. Traditional RM seeks to restore an organization to former pre-loss condition.

3. Traditional RM focuses on the value of the accidental loss.

4. Therefore traditional RM is both its own discipline & part of the broader ERM discipline.

Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliot and Harrison page 1.14.

THE VALUE OF ERM

The Valuation Implications of Enterprise Risk Management Maturity Study

Organizations exhibiting mature risk management practices realize a value growth potential of up to 25%

Federation of European Risk Management Associations Survey Firms with a more mature approach to Risk Management

have better financial results. 75% more firms with advanced risk management practices

had Earning Before Interest Taxes Depreciation and Amortization (EBITDA) growth of over 10%

62% more firms with advanced risk management practices attained annual revenue growth of 10%.

Source: 2012 study by Federation of European Risk Management Associations

5 STEPS TO TRANSITION TO ENTERPRISE RISK MANAGEMENT

5 STEPS TO TRANSITION TO ERM

Source: RIMS Executive Report Transitioning to Enterprise Risk Management. All Rights Reserved.

Determine what value your organization will gain from ERM.

Scan the internal environment for what is already being done.

Find a champion.

Adapt processes to the organization’s needs.

Strive for continuous improvement.

FIVE STEPS FOR TRANSITIONING TO ERM

MANAGEMENT’S EXPECTATIONS

Source: 2013 RIMS ERM Survey. All rights reserved.

HOW EFFECTIVE ARE WE?

Source: 2013 RIMS ERM Survey. All rights reserved.

RISK TOLERANCE DEFINITION

• Risk Tolerance is the amount of uncertainty an organization is willing to accept in the aggregate (or occasionally within a certain business unit or for a specific risk category), expressed in quantitative terms that can be monitored and may be expressed in acceptable/unacceptable outcomes or as limited levels of risk.

Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.

RISK APPETITE DEFINITION• Risk Appetite is the amount of total risk

exposure that an organization wishes to undertake on the basis of risk-return trade-offs. Reflective of the company’s business strategy, risk strategies and stakeholder expectations, risk appetite is generally set and/or endorsed by the board of directors through discussions with management.

Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.

WHAT IS STRATEGIC RISK MANAGEMENT?

Strategic risk management (“SRM”) is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution.

Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.

Not just another framework – another way to think

Risks arising from the strategic plan

Strategic risks

Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.

HOW DOES STRATEGIC RISK MANAGEMENT WORK AT HUMANA?

Strategic Risk Management in Action…

Fortune 100 Company

52,000 Employees

$13 Billion Market Cap

$40 Billion in Revenue

Mature the ProcessConsistent enterprise risk

identification and assessment

Business unit risk profilesAggregate risks across the

enterpriseDefined appetite /

tolerancesDetection of emerging risks Identify and monitor key risk

indicators Initiate technology solutionOptimize resource pool

Build the BaseSet risk strategy, policy and

frameworkSet optimal risk management

structureBuild resource pool Systematic risk reporting Risk owners defined and

accountable Defined materiality Provide risk reports to

Executive Committee Audit Committee

ManagedLeade

rshi

p

Repeatable

InitialAd-hoc

Link to PerformanceEmbedded in strategic

planning and other business processes

Management has risk and control performance objectives

Technology solution in placeRisk linked to business

performance measurementEnterprise-wide risk

awareness and education

Humana’s Journey

Copyright 2009-2014 Risk and Insurance Management Society, Inc.

Where are we along the

journey?

Humana’s Program

IdentifyStrategic

Operational

Financial

Compliance

AnalyzePlanning Risks

Execution Risks

How Well Managed

Report By Business Area and Initiative

Copyright Humana Inc., 2014

10-K Identified

Risks

Deconstruct Risks from Corporate Strategy

Deconstruct Risks from Cash Flow

and Earnings

Assess Surprise Risk

Events and Near Misses

Process Leader Risk Workshops /

Executive Leader Input

Internal Audit / Oversight

Groups Identified Risks

Consider Potential “Black Swans”

Copyright Humana Inc., 2014

Input Sources

Engagement at Humana

What’s the purpose?

Who is involved?Starts with an invitation

20-step tasks and tim

eline

Workshop Methodology

Stage 1

Process discussion with business area leader

Interview session with leader

Survey of leadership team

Stage 2

Workshop session with leadership team for collaboration and key risk prioritization

Stage 3

Optional second workshop regarding mitigation plans

Stage 4

Key risk list, business area consideration, and Internal Audit planning

Copyright Humana Inc., 2014

Link to detailed information in Journal of Accountancy 2013 article

Facilitator

Identify

Interview (structured and unstructured)

Questionnaire(face-to-face,

e-quiz)

Analyze

Individual(observation, storytelling)

Collective (round table, brainstorming)

Evaluate

Scenarios, war games

Business Area Leader

IT Troubleshooter

Stages 1 & 2

Challenger

Copyright Humana Inc., 2014

Consider Improvement

Urgently Assess

Confirm Adequacy

Avoid Further Exposure

Stage 3 Workshop

Ho

w W

ell

Man

aged

?

How Impactful?

Potential risks placed in appropriate quadrants, after assessing potential impact to business objectives and current mitigation activities. Aids the business in prioritization, mitigation and strategic planning.

Copyright Humana Inc., 2014

Copyright Humana Inc., 2014

Stage 4 Reporting

Risk 2 Risk 7 Risk 9 Risk 4 Risk 3 Risk 1 Risk 5 Risk 8 Risk 6

Prioritized Risks

How Impactful? How Well Managed?

HighImpact

ModerateImpact

LowImpact

WellManaged

ModeratelyManaged

NotManagedWell

Illustrative Purposes Only

Thank YouTHANK YOU!!!!

Our Website:WWW.RIMS.ORG

RIMS Risk Knowledge LibraryWWW.RIMS.ORG/RISKKNOWLEDGE