tools &techniques for effective risk management v3.0

Tools and Techniques for Effective Risk Management

From a Management Consultant’s Toolbox

Chetan Gautam, PMP, MBAPresident, Globe 1, [email protected]: 215-262-0557 F: 1-(888) 749-8519

2

Outline & Objectives

Outline Traditional risk view & its flaws Emerging external and internal risk requirements Current state of Risk Management Enterprise Risk Management (ERM) definition & context Walk-through of ERM process, tools, tips and techniques Challenges What can we do now and where do we start?

Globe 1, Inc. Proprietary

3

What is the Traditional View of Risk?


Risk - A possibility that an event will occur and adversely affect the achievement of objectives.

Risk is almost always associated with a potential loss of something, for instance, financial loss due to bad investments, lawsuits, etc.

4

What’s Wrong with Traditional RM Looks at the downside of Risk (losses) Doesn’t exploit the benefits of technology advancements Fails to address & adjust to meet emerging requirements It is tactical & doesn’t look at the big picture (inward-looking) Allows division of risk management in departmental silos Doesn’t force alignment with business strategy Allows selective risk management without oversight

“We are a finance company, we only want to do market related risk management”


We the Finance

Guys

We the Marketing

Guys

5

Build confidence in investment community and stakeholders

Increased expectations /requirements for improved corporate governance of risk

Organizations such as RIMS &PMI are promoting risk management at multiple levels

External Requirements/Pressures

Changing regulatory environment in face of global financial crisis

Rating agencies, such as S&P, evaluate companies on Risk Management

Increased expectations by shareholders for effective risk management


6

Specific External Requirements The SEC requires companies to describe risks

that may have a material impact on future financial performance

The AICPA produced analysis recommends that reporting of risks be improved to include a discussion of all risks/opportunities that

(1) are current, (2) are of serious concern, (3) have an impact on earnings or cash flow, (4) are specific or unique, and (5) have been identified and considered by management

A committee of five major professional accounting associations (COSO) published an integrated framework for enterprise risk management Globe 1, Inc. Proprietary

7

Internal Requirements

Align Risk Appetite and Strategy Minimize operational surprises &

losses Seize Opportunities


Rationalize capital needs and allocation Need to investigate interdependent risks Provide integrated responses to multiple risks Increased expectations /requirements for

improved corporate governance of risk Need to address technology integration and

dependence

8

Current State of Risk Management at Fortune 100 36% of directors surveyed did

not have a full understanding of company’s risks

Directors claimed that they approached risks on case-by-case basis

Only 54% claimed to have clearly defined risk tolerance levels

Only 47.6% of boards rank their key risks

Only 42.3% have formal practices and policies in place to address reputation risk

(Source: The Conference Board, “The Role of U.S. Corporate Boards in ERM”, Brancato, C. K. , et. al.)


9

Risk Management at Fortune 100

Only 11% of companies has a well-defined role of Chief Risk Officer who would report to the Board on Risk Issues

71.8% of directors believe they have the right risk metrics and methodology in making strategic decisions


Only at 25% of non-financial companies the board considers all major risks including strategic risks (versus 54.5% of financial companies)

Only 16.1% companies report having a separate and distinct risk committee for more than 2 years, versus 3.5% in the non-financial area.

(Source: The Conference Board, “The Role of U.S. Corporate Boards in ERM”, Brancato, C. K. , et. al.)

10

Why RM is still ineffective?(Despite these pressures?)

Missing structure & champions (Where is the CRM?)

Missing Integrated RM Methodology Few RM tools available & integration is

difficult Little or no focus on RM education Inconsistent understanding &

application of RM practices


11

Welcome to Enterprise Risk Management (ERM) – New Age RM

Enterprise Risk

Management

• Has interdependencies with other processes

• Has a well defined structure

• Is implemented enterprise-wide & draws participation from other management disciplines

• Promotes Risk Aware Culture

Strategic

Management

Project Management


12

What is Enterprise Risk Management

Risk management is a process, effected by senior management and other personnel of an entity, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Source: Derived from the ERM Framework DRAFT, Published by Committee of Sponsoring Organizations of the Treadway Commission, www.erm.coso.org


13

Enterprise RM is a Process

ERM is not one event or

circumstance, but a series of actions

that permeate

an entity's

activities (Source: COSO ERM

Framework)

Enterprise Risk

Management:


14

TIP: What Makes a Process Successful?

Must haves•Must be well-understood by the people who execute it•Must be consistently applied and iterative•Must be implementable•Must be auditable and controllable •Must have an owner & an executive champion

Should haves

•Should be documented•Should be scalable and incremental•Should be measurable


15

Enterprise Risk Management Process

1. Environment

Scanning

2. Strategic Alignment


Communication

Control & Monitoring

16

ERM - Structure


Board

CRM CEO

RMEC

FRM

FRS

The Board is responsible for providing oversight and direction to ERM

Chief Executive Office is ultimately responsible for ERM.Chief Risk Manager is responsible for reporting risks to the Board and managing the ERM programRisk Management Executive Committee reviews risk assessments & provides recommendations, while also working as the authority for resolving escalated issues. It is composed of Risk Officers (S/VPs) representing all BUsFunctional-Area Risk Manager is responsible for one or more Functional Areas or Risk Categories on the Risk Universe. FRM also chairs

Functional-Area Risk Sub-Committee is responsible for conducting risk management tasks for their assigned functional areas. It consists of SMEs from multiple areas such as Operations , IT, PMO, Legal, Business Architecture & Audit

Globe 1, Inc. Proprietary 17

18

ERM - Structure

CRM – Chief Risk Manager Responsible for reporting risks to the board and managing

the risk management program ERRB – Executive Risk Review Board

Responsible for reviewing risk assessments and approving/suggesting action

FRM – Functional Risk Manager Responsible for a Functional Area or (multiple) risk

categories on the Risk Universe Reports to CRM and ERRB

FRMT – Functional Risk Management Team Responsible for assisting FRM in Functional Risk

Management Globe 1, Inc. Proprietary

Environment Scanning


Regulatory Body/Commissions

Rating

Agency

Govt.

Organization

Units

Area

Industry

CompetitorsConsumers

Region/Country

OffshorePartners/Vendors

World

International Clients

International Investments

20

Environment Factors

External Factors

•Social, Legal & Regulatory trends•Political climate•Competition•International & domestic markets•Fluctuations in demand•Terrorist & criminal activities•International health issues•Weather & Natural Calamities•Pandemic Flue

Internal Factors

•Staff capabilities & skills•Staff availability•Capacity•Systems & technology•Procedures & processes•Communication•Effectiveness•Leadership effectiveness•Risk appetite


21

Environment Scanning

Purpose Capture current and previously known issues

Key Activities Create/update a Risk Universe that identifies:

▪ Risk Categories/Sources within an Environment▪ Common Risks & Descriptions (to get started)▪ Align Risks with Business Units/Functional Areas

Identify Stakeholders (create a structure) Create a Glossary

When Annual

Techniques Interviews/Workshops with SMEs/Stakeholders Analysis of business plans, industry & markets

Tools/Artifacts Expert Knowledge, Operating Manuals, Policies &

Procedures, Compliance Handbooks, Business Rules, etc.


23

Strategic Alignment

Purpose Align Risk Management with organization’s strategic direction

Key Activities Analysis of organization’s Threats & Opportunities (TOs) at

multiple levels Create/update Risk Universe with new Risks & Risk

Categories discovered during the process Map KPIs, Goals & Objectives to Risks in the Risk Universe

When During annual strategy setting

Technique Strategic Audits

Tools Balance Score Card, SWOT, SFAS, PEST etc.


25

External Factor Analysis Summary (EFAS)


External FactorsWeight Rating

Weighted Score Comments

1 2 3 4 5

1.00

Opportunities

Threats

Total Weighted Score

Notes: 1. List opportunities and threats (5–10 each) in column 1. 2. Weight each factor from 1.0 (Most Important) to 0.0 (Not Important) in Column 2 based on that factor’s probable impact on the company’s strategic position. The total weights must sum to 1.00. 3. Rate each factor from 5 (Outstanding) to 1 (Poor) in Column 3 based on the company’s response to that factor. 4. Multiply each factor’s weight times its rating to obtain each factor’s weighted score in Column 4. 5. Use Column 5 (comments) for rationale used for each factor. 6. Add the weighted scores to obtain the total weighted score for the company in Column 4. This tells how well the company is responding to the strategic factors in its external environment. A weighted score of 3.0 means average performance.Source: T. L. Wheelen and J. D. Hunger, “External Strategic Factors Analysis Summary (EFAS).” Copyright © 1991 by Wheelen and Hunger Associates. Reprinted by permission.

26Globe 1, Inc. Proprietary

External FactorsWeight Rating

Weighted Score Comments

1.00

Opportunities• Economic integration of

European Community• Demographics favor quality

appliances• Economic development of Asia• Opening of Eastern Europe• Trend to “Super Stores”

Threats• Increasing government regulations

• Strong U.S. competition• Whirlpool and Electrolux strong

globally• New product advances• Japanese appliance companies

Total Scores

.20

.10

.05

.05

.10

.10

.10

.15

.05

.10

4

5

122

443

12

.80

.50

.05

.10

.20

.40

.40

.45

.05

.20

Acquisition of Hoover

Maytag quality

Low Maytag presenceWill take timeMaytag weak in this

channel

Well positionedWell positionedHoover weak globally

QuestionableOnly Asian presence is

Australia

3.15

1 2 3 4 5

External Factor Analysis Summary (EFAS)

27

Internal Factor Analysis Summary (IFAS)


Internal Factors Weight RatingWeighted Score Comments

1 2 3 4 5

1.00

Strengths

Weaknesses


Notes: 1. List opportunities and threats (5–10 each) in column 1. 2. Weight each factor from 1.0 (Most Important) to 0.0 (Not Important) in Column 2 based on that factor’s probable impact on the company’s strategic position. The total weights must sum to 1.00. 3. Rate each factor from 5 (Outstanding) to 1 (Poor) in Column 3 based on the company’s response to that factor. 4. Multiply each factor’s weight times its rating to obtain each factor’s weighted score in Column 4. 5. Use Column 5 (comments) for rationale used for each factor. 6. Add the weighted scores to obtain the total weighted score for the company in Column 4. This tells how well the company is responding to the strategic factors in its external environment A weighted score of 3.0 means average performance..

Source: T. L. Wheelen and J. D. Hunger, “External Strategic Factors Analysis Summary (EFAS).” Copyright © 1991 by Wheelen and Hunger Associates. Reprinted by permission.

28

Internal Factor Analysis Summary (IFAS)


Internal Factors Weight RatingWeighted Score Comments

1 2 3 4 5

1.00

Strengths• Quality Maytag culture• Experienced top management• Vertical integration• Employee relations• Hoover’s international orientation

Weaknesses• Process-oriented R&D• Distribution channels

• Financial position• Global positioning

• Manufacturing facilities


Quality key to successKnow appliancesDedicated factoriesGood, but deterioratingHoover name in cleaners

Slow on new productsSuperstores replacing

small dealersHigh debt loadHoover weak outside the

United Kingdom and Australia

Investing now

3.05

.15

.05

.10

.05

.15

.05

.05

.15

.20

.05

54433

22

22

4

.75

.20

.40

.15

.45

.10

.10

.30

.40

.20

29

Strategic Factor Analysis Summary (SFAS)


Strategic Factors

(Select the most important opportunities/threats from EFAS, Table 3.4 and the most important strengths and weaknesses from IFAS, Table 4.2)

S1 Quality Maytag culture (S)

S3 Hoover’s international orientation (S)

W3 Financial position (W)

W4 Global positioning (W)

O1 Economic integration of

European Community (O)

O2 Demographics favor quality (O)

O5 Trend to super stores (O + T)

T3 Whirlpool and Electrolux (T)

T5 Japanese appliance companies (T)

Total Score

Weight RatingWeighted Score Comments

1.00

Notes: 1. List each of the factors developed in your IFAS and EFAS tables in Column 1. 2. Weight each factor from 1.0 (Most Important) to 0.0 (Not Important) in Column 2 based on that factor’s probable impact on the company’s strategic position. The total weights must sum to 1.00. 3. Rate each factor from 5 (Outstanding) to 1 (Poor) in Column 3 based on the company’s response to that factor. 4. Multiply each factor’s weight times its rating to obtain each factor’s weighted score in Column 4. 5. For duration in Column 5, check appropriate column (short term—less than 1 year; intermediate—1 to 3 years; long term—over 3 years.) 6. Use Column 6 (comments) for rationale used for each factor. A weighted score of 3.0 means average performance.Source: T. L. Wheelen and J. D. Hunger, “Strategic Factors Analysis Summary (SFAS).” Copyright © 1997 by Wheelen and Hunger Associates. Reprinted by permission.

SH

OR

T

INT

ER

ME

DIA

TE

LO

NG

Duration

3.05

.10

.10

.10

.15

.10

.10

.10

.15

.10

Quality key to success

Name recognition

High debt

Only in N.A., U.K., and Australia

Acquisition of Hoover

Maytag quality

Weak in this channel

Dominate industry

Asian presence

5

3

2

2

4

5

2

3

2

.50

.30

.20

.30

.40

.50

.20

.45

.20

X

X

X

X

X

X

X

X

X

30

Event Identification

Purpose Identify & Assess Risk Event (Triggers/Situations)

Key Activities Identify Risk Events and map them to the Risks in the Risk Universe Create/Update “Risk Profiles” for departments, projects, initiatives

When At least annually if not quarterly, or on as needed basis

Techniques Facilitated Meetings and/or Guided Surveys Analysis of Business Processes and IT systems Analysis of External & Internal environments Analysis of marketing plan, business plans, and lessons learned

Tools/Artifacts Business Process Models, Systems Architecture Diagrams,

Subscription to Event Alerts (policy/form /requirement changes)


31

Risk Assessment

Purpose Prioritize and Report Organization’s Risk Events

Key Activities Create/Update Risk Profile with:

▪ Impact analysis results & assignment of a Impact/Severity level to each Risk Event

▪ Identify the Proximity of each Risk Event▪ Identify the Likelihood of each Risk Event▪ Assign Adequacy of Response rating to each Risk Event

Calculate Risk Priority/Rating When

Immediately following Risk Identification Techniques

Analysis of Decision Trees, Probability Trees, Expected Monetary Value, NPV, Payback Period, Probabilities, Forecasting, What-if-Analysis, etc.

Using Financial data, probability data, historical data/logs, risk-assessment

guidelines & worksheets (internally agreed)Globe 1, Inc. Proprietary

32


33

Risk Response Planning

Purpose To prepare a well planned response to Risk Events when and if they occur

Key Activities Define business’s Risk Appetite Define Risk Response Strategies (Reduction, Removal, Transfer,

Acceptance) Document Flow Charts , Define Roles and Responsibilities Define Policies and Procedures Define Residual Risk

When At least annually if not quarterly, or on as needed basis

Techniques WBS, Scheduling, policy definition, flow-charting, consensus-development,

cost-benefit justification Using

Project management tools, process flow tools, organization charts, quantitative management methods (probability distributions, forecasting)


35

Where to Start then?

Start where you are Do at least the basic stuff (develop a

basic framework and artifacts) Practice it, promote it within you

group and then sell it to other groups Build a manual or excel based

system Include Risk Reporting in status

meetings (promotes risk culture)Globe 1, Inc. Proprietary


Thanks

Tools & Techniques for Effective Risk Management

Q & A

Chetan Gautam, PMP, MBAPresident, Globe 1, Inc.

[email protected]

P: 215-262-0557 F: 1-(888) 749-8519

tools &techniques for effective risk management v3.0

Business

risk appetite

risk ownership

risk identification

traditional risk

risk issues

division of risk management

selective risk management

risk processes management