linking enterprise risk management to strategy november 27, 2014 presented by: carolyn m. snow rims...
TRANSCRIPT
LINKING ENTERPRISE RISK MANAGEMENT TO STRATEGYNovember 27, 2014
Presented by:
Carolyn M. SnowRIMS PresidentDirector, Risk Management, Humana Inc.
Mary RothRIMS Executive Director
2
87%Companies surveyed with revenue above
$1 billion say expectations of the risk management department have
increased.
4
63% HAVE FULLY OR PARTIALLY IMPLEMENTED
ERM
Increases risk awareness
Contributes significantly to risk avoidance and mitigation strategies
Assurance that the organization will reach strategic & operational objectives
INVESTING IN STRATEGIC & ENTERPRISERISK MANAGEMENT
COMPARING TRADITIONAL RM WITH ERM
1. ERM encompasses both hazard risk and business risk.
2. ERM seeks to enable an organization to fulfill its greatest productive potential.
3. ERM focuses on the value of the organization.
4. ERM focuses on the organization as a whole.
1. Traditional RM focuses on hazard risk.
2. Traditional RM seeks to restore an organization to former pre-loss condition.
3. Traditional RM focuses on the value of the accidental loss.
4. Therefore traditional RM is both its own discipline & part of the broader ERM discipline.
Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliot and Harrison page 1.14.
THE VALUE OF ERM
The Valuation Implications of Enterprise Risk Management Maturity Study
Organizations exhibiting mature risk management practices realize a value growth potential of up to 25%
Federation of European Risk Management Associations Survey Firms with a more mature approach to Risk Management
have better financial results. 75% more firms with advanced risk management practices
had Earning Before Interest Taxes Depreciation and Amortization (EBITDA) growth of over 10%
62% more firms with advanced risk management practices attained annual revenue growth of 10%.
Source: 2012 study by Federation of European Risk Management Associations
5 STEPS TO TRANSITION TO ERM
Source: RIMS Executive Report Transitioning to Enterprise Risk Management. All Rights Reserved.
Determine what value your organization will gain from ERM.
Scan the internal environment for what is already being done.
Find a champion.
Adapt processes to the organization’s needs.
Strive for continuous improvement.
FIVE STEPS FOR TRANSITIONING TO ERM
RISK TOLERANCE DEFINITION
• Risk Tolerance is the amount of uncertainty an organization is willing to accept in the aggregate (or occasionally within a certain business unit or for a specific risk category), expressed in quantitative terms that can be monitored and may be expressed in acceptable/unacceptable outcomes or as limited levels of risk.
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
RISK APPETITE DEFINITION• Risk Appetite is the amount of total risk
exposure that an organization wishes to undertake on the basis of risk-return trade-offs. Reflective of the company’s business strategy, risk strategies and stakeholder expectations, risk appetite is generally set and/or endorsed by the board of directors through discussions with management.
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
Strategic risk management (“SRM”) is a business discipline that drives deliberation and action regarding uncertainties and untapped opportunities that affect an organization’s strategy and strategy execution.
Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.
Not just another framework – another way to think
Risks arising from the strategic plan
Strategic risks
Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.
Mature the ProcessConsistent enterprise risk
identification and assessment
Business unit risk profilesAggregate risks across the
enterpriseDefined appetite /
tolerancesDetection of emerging risks Identify and monitor key risk
indicators Initiate technology solutionOptimize resource pool
Build the BaseSet risk strategy, policy and
frameworkSet optimal risk management
structureBuild resource pool Systematic risk reporting Risk owners defined and
accountable Defined materiality Provide risk reports to
Executive Committee Audit Committee
ManagedLeade
rshi
p
Repeatable
InitialAd-hoc
Link to PerformanceEmbedded in strategic
planning and other business processes
Management has risk and control performance objectives
Technology solution in placeRisk linked to business
performance measurementEnterprise-wide risk
awareness and education
Humana’s Journey
Copyright 2009-2014 Risk and Insurance Management Society, Inc.
Where are we along the
journey?
Humana’s Program
IdentifyStrategic
Operational
Financial
Compliance
AnalyzePlanning Risks
Execution Risks
How Well Managed
Report By Business Area and Initiative
Copyright Humana Inc., 2014
10-K Identified
Risks
Deconstruct Risks from Corporate Strategy
Deconstruct Risks from Cash Flow
and Earnings
Assess Surprise Risk
Events and Near Misses
Process Leader Risk Workshops /
Executive Leader Input
Internal Audit / Oversight
Groups Identified Risks
Consider Potential “Black Swans”
Copyright Humana Inc., 2014
Input Sources
Workshop Methodology
Stage 1
Process discussion with business area leader
Interview session with leader
Survey of leadership team
Stage 2
Workshop session with leadership team for collaboration and key risk prioritization
Stage 3
Optional second workshop regarding mitigation plans
Stage 4
Key risk list, business area consideration, and Internal Audit planning
Copyright Humana Inc., 2014
Link to detailed information in Journal of Accountancy 2013 article
Facilitator
Identify
Interview (structured and unstructured)
Questionnaire(face-to-face,
e-quiz)
Analyze
Individual(observation, storytelling)
Collective (round table, brainstorming)
Evaluate
Scenarios, war games
Business Area Leader
IT Troubleshooter
Stages 1 & 2
Challenger
Copyright Humana Inc., 2014
Consider Improvement
Urgently Assess
Confirm Adequacy
Avoid Further Exposure
Stage 3 Workshop
Ho
w W
ell
Man
aged
?
How Impactful?
Potential risks placed in appropriate quadrants, after assessing potential impact to business objectives and current mitigation activities. Aids the business in prioritization, mitigation and strategic planning.
Copyright Humana Inc., 2014
Copyright Humana Inc., 2014
Stage 4 Reporting
Risk 2 Risk 7 Risk 9 Risk 4 Risk 3 Risk 1 Risk 5 Risk 8 Risk 6
Prioritized Risks
How Impactful? How Well Managed?
HighImpact
ModerateImpact
LowImpact
WellManaged
ModeratelyManaged
NotManagedWell
Illustrative Purposes Only
Thank YouTHANK YOU!!!!
Our Website:WWW.RIMS.ORG
RIMS Risk Knowledge LibraryWWW.RIMS.ORG/RISKKNOWLEDGE