risk management in real life - schneider downs cpas · 2017-05-02 · 2. you might get run over by...
TRANSCRIPT
Risk Management in Real Life
Norman Marks 2017
The Risk Manager’s List
1. You might get run over by a car 2. You might get run over by a bicycle 3. Your home may be burglarized while you are out 4. You might be mugged 5. You might be shot in a drive-by shooting 6. A lot of bad things might happen
“Only xx% of [C-level] respondents believe their risk management processes support, at a high level, the ability to develop and execute business strategies”
Consulting firm
“Only 13% of [C-level] respondents believe their risk management processes support, at a high level, the ability to develop and execute business strategies”
Consulting firm
The Upgraded Risk Manager’s List
1. You might get run over by a car 2. You might get run over by a bicycle 3. Your home may be burglarized while you are out 4. You might be mugged 5. You might be shot in a drive-by shooting 6. A lot of bad things might happen
1. If you work you can earn money 2. You can meet your wife for lunch 3. You can pick up your children after school 4. I can get groceries and be able to eat 5. Getting exercise is healthy 6. A lot of good things might happen
The Upgraded Manager’s List
1. I might get run over by a car 2. I might get run over by a bicycle 3. My home may be burglarized while you are out 4. I might be mugged 5. I might be shot in a drive-by shooting 6. A lot of bad things might happen
1. If I work I can earn money 2. I can meet my wife for lunch 3. I can pick up our children after school 4. You can get groceries and be able to eat 5. Getting exercise is healthy 6. A lot of good things might happen
What does COSO say?
“Enterprise risk management helps an entity get to where it wants to go and avoid pitfalls and surprises along the way.”
What does COSO say?
“A greater likelihood of achieving business objectives”
“More informed risk-taking and decision-making”
Why We Need to Manage Risk
The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise.
National Guidance
on Implementing ISO 31000:2009 From NSAI in Ireland
A Time of “Pervasive, Ongoing, Uncertainty” - McKinsey
Risk management, piercing the fog of uncertainty – Felix Kloman
It’s about setting the right objectives
It’s about Making Intelligent Decisions
It’s all about Taking the Right Risks
Why risk management? “An effective [ERM] capability provides value by giving organizations the confidence to take on risk, rather than avoid it.
- Consulting firm
Why risk management?
“By effectively managing the right risks, management has more timely, comprehensive and a deeper understanding of risk which, in turn, facilitates better decision-making and confidence to take on new ventures or even to accept higher levels of risk.
- Consulting firm
Why risk management?
“The upshot of this investment includes a greater competitive advantage, reduced cost of capital and a steady share price.”
- Consulting firm
Why risk management?
Better information leads to: Better decisions Protection of value Seized opportunities Agile, optimized performance
Drive Business results
“In an increasingly competitive, fast-paced world, organizations need to continually advance their risk management practices, building on the strong foundation of protection and compliance into an expanded focus on risk factors that impact strategic decision-making and operational performance.”
Consulting firm
28
Drive Business results
“We believe a paradigm shift in risk management is beginning, which is: • Tied to the increasingly complex world in which
companies now operate • Based on the awareness that uncertainty is
embedded in (and impacts) everything we do • Focused on both capturing upside opportunities
as well as protecting the business.” Consulting firm
29
Drive Business results
“You need [risk management] to become part of the rhythm of the business: meaning within the flow of strategic and business planning, operations, oversight and monitoring that runs from the board to the line.”
Consulting firm
30
Drive Business results “There are several key business processes, and structural and functional components that make up this rhythm of the business, working together to deliver business value creation. Within these components of the business, we see four basic business process suites: • Strategic oversight and planning — board and executive
management level activities • Business level planning/budgeting — management translation
of strategies into business plans and allocation of capital • Operational execution — value creating implementation of
plans and strategies • Monitoring and compliance — audit and compliance activities.”
Consulting firm
31
32
The risk management process
Establish the context
Identify risks
Analyse risks
Evaluate risks
Treat risks
Comm
unicate and consult
Monitor and review
Used by every manager for every decision
Upgraded risk management process • Anticipate what might happen • Analyze the possibilities • Is there a problem? • What are the options? • Which is best? • Decide • Act • Review/monitor/learn
When do you manage risk?
• Every day • Across the enterprise • In every decision • But….. Periodically take stock
How does the Risk Manager help?
• Periodic review, yes – BUT!! • Process, systems, to enable informed
decisions every day by everyone • Help everybody manage risk • Help everybody succeed
When Risk Management focuses on the Negative
It fails to focus on the Positive
and Fails to help the organization
Succeed
The risk practitioner and the executive
• We share the same goal – performance • Talk the same language • Move from ‘no’ to ‘how’ • Management need information and process • Help assess what might happen, alternatives • Help managers make intelligent, informed
decisions • Help them succeed!
ASSESS AGAINST ISO 31000 PRINCIPLES
Creates and protects value An integral part of organizational processes Part of decision-making Dynamic, iterative, responsive to change Tailored
ASSESS IN REAL-LIFE
Does the practice of risk management meet the needs of the organization?
40
ASSESS IN REAL LIFE
What is the likelihood of achieving enterprise objectives?
Is that OK? What can we do to improve the Extent and
Likelihood of Success? What will we do?
41
CAN YOU HELP THE BUSINESS MANAGE AT SPEED?
1. INSERT KEY INTO IGNITION 2. SHIFT INTO DRIVE 3. PRESS FOOT FIRMLY ON THE
THROAT OF MEDIOCRITY
THANK YOU!
Norman Marks, CPA, CRMA Author; Evangelist for Better Run Business; OCEG Fellow; Honorary Fellow of the Institute of Risk Management
[email protected] https://iaonline.theiia.org/norman-marks http://normanmarks.wordpress.com/ Twitter: @normanmarks
5/1/2017 44