Risk Management in Real Life

Norman Marks 2017

The Risk Manager’s List

1. You might get run over by a car 2. You might get run over by a bicycle 3. Your home may be burglarized while you are out 4. You might be mugged 5. You might be shot in a drive-by shooting 6. A lot of bad things might happen

“Only xx% of [C-level] respondents believe their risk management processes support, at a high level, the ability to develop and execute business strategies”

Consulting firm

“Only 13% of [C-level] respondents believe their risk management processes support, at a high level, the ability to develop and execute business strategies”

Consulting firm

The Upgraded Risk Manager’s List

1. You might get run over by a car 2. You might get run over by a bicycle 3. Your home may be burglarized while you are out 4. You might be mugged 5. You might be shot in a drive-by shooting 6. A lot of bad things might happen

1. If you work you can earn money 2. You can meet your wife for lunch 3. You can pick up your children after school 4. I can get groceries and be able to eat 5. Getting exercise is healthy 6. A lot of good things might happen

The Upgraded Manager’s List

1. I might get run over by a car 2. I might get run over by a bicycle 3. My home may be burglarized while you are out 4. I might be mugged 5. I might be shot in a drive-by shooting 6. A lot of bad things might happen

1. If I work I can earn money 2. I can meet my wife for lunch 3. I can pick up our children after school 4. You can get groceries and be able to eat 5. Getting exercise is healthy 6. A lot of good things might happen

What does COSO say?

“Enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way.”

What does COSO say?

“A greater likelihood of achieving business objectives”

“More informed risk-taking and decision-making”

Why We Need to Manage Risk

The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise.

National Guidance

on Implementing ISO 31000:2009 From NSAI in Ireland

A Time of “Pervasive, Ongoing, Uncertainty” - McKinsey

Risk management, piercing the fog of uncertainty – Felix Kloman

It’s about setting the right objectives

It’s about Making Intelligent Decisions

It’s all about Taking the Right Risks

Why risk management? “An effective [ERM] capability provides value by giving organizations the confidence to take on risk, rather than avoid it.

- Consulting firm

Why risk management?

“By effectively managing the right risks, management has more timely, comprehensive and a deeper understanding of risk which, in turn, facilitates better decision-making and confidence to take on new ventures or even to accept higher levels of risk.

- Consulting firm

Why risk management?

“The upshot of this investment includes a greater competitive advantage, reduced cost of capital and a steady share price.”

- Consulting firm

Why risk management?

Better information leads to: Better decisions Protection of value Seized opportunities Agile, optimized performance

Drive Business results

“In an increasingly competitive, fast-paced world, organizations need to continually advance their risk management practices, building on the strong foundation of protection and compliance into an expanded focus on risk factors that impact strategic decision-making and operational performance.”

Consulting firm

28

Drive Business results

“We believe a paradigm shift in risk management is beginning, which is: • Tied to the increasingly complex world in which

companies now operate • Based on the awareness that uncertainty is

embedded in (and impacts) everything we do • Focused on both capturing upside opportunities

as well as protecting the business.” Consulting firm

29

Drive Business results

“You need [risk management] to become part of the rhythm of the business: meaning within the flow of strategic and business planning, operations, oversight and monitoring that runs from the board to the line.”

Consulting firm

30

Drive Business results “There are several key business processes, and structural and functional components that make up this rhythm of the business, working together to deliver business value creation. Within these components of the business, we see four basic business process suites: • Strategic oversight and planning — board and executive

management level activities • Business level planning/budgeting — management translation

of strategies into business plans and allocation of capital • Operational execution — value creating implementation of

plans and strategies • Monitoring and compliance — audit and compliance activities.”

Consulting firm

31

32

The risk management process

Establish the context

Identify risks

Analyse risks

Evaluate risks

Treat risks

Comm

unicate and consult

Monitor and review

Used by every manager for every decision

Upgraded risk management process • Anticipate what might happen • Analyze the possibilities • Is there a problem? • What are the options? • Which is best? • Decide • Act • Review/monitor/learn

When do you manage risk?

• Every day • Across the enterprise • In every decision • But….. Periodically take stock

How does the Risk Manager help?

• Periodic review, yes – BUT!! • Process, systems, to enable informed

decisions every day by everyone • Help everybody manage risk • Help everybody succeed

When Risk Management focuses on the Negative

It fails to focus on the Positive

and Fails to help the organization

Succeed

The risk practitioner and the executive

• We share the same goal – performance • Talk the same language • Move from ‘no’ to ‘how’ • Management need information and process • Help assess what might happen, alternatives • Help managers make intelligent, informed

decisions • Help them succeed!

ASSESS AGAINST ISO 31000 PRINCIPLES

Creates and protects value An integral part of organizational processes Part of decision-making Dynamic, iterative, responsive to change Tailored

ASSESS IN REAL-LIFE

Does the practice of risk management meet the needs of the organization?

40

ASSESS IN REAL LIFE

What is the likelihood of achieving enterprise objectives?

Is that OK? What can we do to improve the Extent and

Likelihood of Success? What will we do?

41

CAN YOU HELP THE BUSINESS MANAGE AT SPEED?

1. INSERT KEY INTO IGNITION 2. SHIFT INTO DRIVE 3. PRESS FOOT FIRMLY ON THE

THROAT OF MEDIOCRITY

THANK YOU!

Norman Marks, CPA, CRMA Author; Evangelist for Better Run Business; OCEG Fellow; Honorary Fellow of the Institute of Risk Management

nmarks2@yahoo.com https://iaonline.theiia.org/norman-marks http://normanmarks.wordpress.com/ Twitter: @normanmarks

5/1/2017 44