Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia - PowerPoint PPT Presentation

Loading...

PPT – Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia PowerPoint presentation | free to download - id: 6c104f-YTljM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia

Description:

Presented to The Audit Directors Roundtable Atlanta, Georgia October 16, 1997 Agenda Know yourself - a starting point for Enterprise Risk Management A model for ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 48
Provided by: Toron8
Learn more at: http://www.emory.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Enterprise Risk Management Presented to The Audit Directors Roundtable Atlanta, Georgia


1
Enterprise Risk ManagementPresented to The
Audit Directors RoundtableAtlanta, Georgia
  • October 16, 1997

2
Agenda
  • Know yourself - a starting point for Enterprise
    Risk Management
  • A model for Enterprise Risk Management
  • Four focal points of Enterprise Risk Management
  • The Unconscious Conspiracy
  • Sustainable Enterprise Risk Management

3
Know yourself - three kinds of risk environment
Processes, systems not in place Cultural
attitudes not supportive Basics not
strong Typical of Start-ups, JVs, different
cultures, speed to market. Challenges Lack of
capability where to start.
Financial control processes moderate History of
problems, surprises Rapid change, rapid growth
situations Challenges High stress,
over-stretched, resource constrained
Fire-fighting
Well established systems, common
processes Pockets of slackness, many areas for
improvement Basics well in place Challenges
Operational, strategic Unconscious Conspiracy
4
Risk EnvironmentOF 1
  • How would you describe your current risk
    environment?
  • Unprotected
  • Transitional
  • Go Ahead

5
Risk Readiness
  • Ten indicators of ability to anticipate and
    manage risk (COSO, CoCO, etc.)
  • Objectives and risks
  • Policies and parameters
  • Values and ethics
  • Responsibility and accountability
  • Trust and communication
  • Skills and tools
  • Systems and discipline
  • Scanning and questioning
  • Monitoring and follow-up
  • Assessment and reporting

6
Overall Risk ReadinessOF 2
  • How would you describe your organizations
    overall risk readiness?
  • Very ready
  • Ready
  • Fairly ready
  • Somewhat ready
  • Very unready

7
The Enterprise Risk Model
  • What are you trying to accomplish?
  • What gets in your way?
  • What are you doing to manage this?
  • Where do you feel the most exposed?

8
Enterprise Risk Model
Set Expectations
Assess Performance against expectations
Identify Risks
Business Strategies Objectives
Monitor Risk Environment Risk Management
Measure / Assess Risk Control
Assess Mitigate Exposure
9
Enterprise Risk Model
  • Financing
  • Risk Management
  • Significance
  • Uncertainty
  • Avoidance
  • Risk
  • Capital
  • Identification
  • Measurement
  • Monitoring
  • Control
  • Exposure
  • Mitigation
  • Transfer

10
Enterprise Risk Model
  • Financing - Economic resources available for use
    in pursuing objectives and risk management
    activities
  • Risk Management - The business process of
    managing uncertainty and significance of risk to
    an acceptable level of exposure
  • Significance - Importance and magnitude of
    meaning, influence or effect
  • Uncertainty - The level of the unknown regarding
    a future outcome
  • Avoidance - Declining an opportunity because
    expectation does not justify the risk involved
  • Risk - Anything of variable uncertainty and
    significance that interferes with achievement of
    objectives
  • Capital - Financial resources that support
    objectives and that enable survival under adverse
    outcomes
  • Identification - Recognizing or establishing
    objectives, risks or exposures as being of a
    particular type or origin
  • Measurement - Assessing the likelihood and
    significance of risks, exposures and related
    objectives
  • Monitoring - The process of continuous
    identification and measurement
  • Control - Action to correct or reduce uncertainty
    to an acceptable level
  • Exposure - Susceptibility of objectives to risk
    remaining after control and mitigation activities
  • Mitigation - Action to correct or reduce
    significance of risks and outcomes to an
    acceptable level (such as through
    diversification, financing, transfer, etc.)
  • Transfer - Sharing a portion of risk and
    potential reward with another party

11
Enterprise Risk Model - Risk
Risk (a) Risk is a function of Business
Objectives (b) Risk is lost Opportunity
  • Risk - Anything of variable certainty and impact
    that interferes with achievement of objectives

12
Enterprise Risk Model - Control Mitigate
Control Mitigate Retain Manage/Mitigate
Risk Mitigate - (Detect Correct) Hedge Risk,
diversify, finance Self Insure Avoid
Risk Control (Prevent) to reduce
likelihood Re-engineer to avoid risk Change
objectives (opportunity) Transfer Risk to
others Purchase insurance
  • Control - Action to correct or reduce certainty
    to an acceptable level
  • Mitigation - Action to correct or reduce
    significance of risks and outcomes to an
    acceptable level (such as through
    diversification, financing, transfer, etc.)

13
Enterprise Risk Model - Exposure
Exposure Function of the Certainty of Risk
Occurrence, Significance of Risk, if it
occurred Measured on a spectrum of acceptable
----- unacceptable
E
  • Exposure - Susceptibility of objectives to risk
    remaining after control and mitigation activities

14
Risk Exposure
VH
Unacceptable
M
Significance
Caution
Acceptable
VL
M
VH
Certainty
15
Current Risk Assessment ProcessOF 3
  • How would you describe your satisfaction with
    your current enterprise risk management process?
  • Setting expectations
  • Identifying risks
  • Measuring and assessing risks
  • Assessing and mitigating exposure
  • Monitoring risk environment and risk management
  • Assessing performance against expectations

16
Focal points for Enterprise Risk Management
Basics
Examples Financial processes (purchasing,
payments, accounting) Typical Risk Classes
Information, Methods, Technology, Ethics
Examples Structure (accountability,
responsibility) Tone trust, motivation,
ethics, enablement Typical Risk Classes People,
Organizational, Environment
Behavior
Examples Production, sales, distribution,
design, engineering, human resources,
service Typical Risk Classes Operational
Methods, Materials equipment Interest,
Liquidity, Concentration, Market, Environment
Business
Examples Unconscious Conspiracy issues - sales
practices product liability Challenger
transportation disasters Typical Risk Classes
Ethics, Environment, Organization
Burning
17
Supporting different starting points..
?
?
?
Basics
?
?
?
Behavior
?
?
?
Business
?
?
?
Burning
Build It
Fix It
Demonstrate It
18
Focal Point for Risk ManagementOF 4
  • What is your organizations focal point for risk
    management at this time?
  • 1. Basics
  • 2. Behavior
  • 3. Business
  • 4. Burning
  • 5. Any combination or all of the above

19
The value of Enterprise Risk Management
Reduce fraud, Minimize error, Increase
efficiency effectiveness
20
Risk Management Focus - Basics
Objective Integrity of assets, transactions,
reporting Risk Classes Methods systems
Facilities People Information Environment
Technology Control Procedural Risk Frameworks
(globally established) Guidance
materials Policy infrastructure (Corporate,
accounting) Established through training
Customized for hostility of local
environment Assessed by audit, or self
assessed Metrics from benchmarking,
compliance Risk Consequences Fraud, error,
inefficiency ineffectiveness
Basics
21
Four focal points
Common
Cultural
Specific
Core
Basics
Behavior
Business
Burning
Capability issues - what, how, where Policies,
procedures, processes Reengineering, Business
process redesign Quality improvement
processes Benchmarking best practices Handbooks
Training Surveys, questionnaires, audits
22
The value of Enterprise Risk Management
Reduce fraud, Minimize error, Increase
efficiency effectiveness
Behavior
Reduce fraud error Increase efficiency
effectiveness Engage enthuse Minimize
penalty
23
Risk Management Focus - Behavior
Objective Standards of ethics, trust,
integrity, openness of communication, learning,
responsiveness ....... Risk Classes People
Environment Control Ethics policy
infrastructure Tone at the top attention to
detail Culture creation / development
processes Customized for hostility of local
environment Assessed by culture
profiles Metrics from benchmarking - internal
external Risk Consequences Fraud,
Ineffectiveness, Loss of key people Regulatory
penalty, Loss of reputation, .......
Behavior
24
Four focal points
Common
Cultural
Specific
Core
Basics
Behavior
Business
Burning
Commitment issues - why, whether Structural
issues - accountability, responsibility,
authority Leadership issues Cultural issues -
trust, motivation Workshops, conferences,
workgroups, surveys,
25
The value of Enterprise Risk Management
Reduce fraud, Minimize error, Increase
efficiency effectiveness
Behavior
Reduce fraud error Increase efficiency
effectiveness Engage enthuse Minimize
penalty
Business
Avoid or transfer risk Quantify risk uncertainty
for specific risks Use capital market techniques
to manage certain risks Improve quality /
timeliness / price / delivery / technology
Reduce costs / downtime / lost
productivity Improve relationships with customers
/ employees / suppliers / regulators / investors
/ creditors Protect against criminal / civil /
regulatory penalties Improve achievement of
business objectives
26
Risk Management Focus - Business
Objective Achievement of business
objectives Strategic Group division
department team Risk Classes Methods
systems Facilities People Information Environ
ment Technology Operations Market
Credit Control Business Risk Frameworks
(globally established) Impact likelihood
assessments Business risk management
assessment Avoid (Prevent, Re-engineer) Retain
manage (Detect, Correct, Hedge..) Transfer
(purchase insurance self-insure) Policy
infrastructure Engagement of key people
Assessed by audit, or management self
assessed Metrics based on business risk Risk
Consequences Failure to achieve business
objectives
Business
27
Four focal points
Common
Cultural
Specific
Core
Basics
Behavior
Business
Burning
Objectives / Purpose issues

Operational risks Legal / regulatory Capital /
financial Strategic Measurement - analysis,
hedge, transfer, avoid Assessment - workshop,
survey, interview Engage, enable, enthuse
28
The value of Enterprise Risk Management
Reduce fraud, Minimize error, Increase
efficiency effectiveness
Behavior
Reduce fraud error Increase efficiency
effectiveness Engage enthuse Minimize
penalty
Business
Avoid or transfer risk Quantify risk uncertainty
for specific risks Use capital market techniques
to manage certain risks Improve quality /
timeliness / price / delivery / technology
Reduce costs / downtime / lost
productivity Improve relationships with customers
/ employees / suppliers / regulators / investors
/ creditors Protect against criminal / civil /
regulatory penalties Improve achievement of
business objectives
Protect against fundamental risk
Burning
29
Risk Management Focus - Burning
Objective Protection from fundamental risk
Achieve quantum leap opportunity Risk
Classes All.... Control Structured format for
open dialogue Heightened awareness of
unconscious conspiracy Cross-silo workshops,
conferences, meetings Knowledge / memory
management Governance processes Risk
Consequences Massive fraud, or
error Disaster Loss of competitive
position Loss of value
Burning
30
The Unconscious Conspiracy
  • Disaster events
  • No single cause
  • Environment, technology, structure, culture,
    systems, processes, people all play a role
  • The organization had all the information about
    the risk - but no one person had it all, or made
    the connections.
  • A number of indicators of unconscious conspiracy
    were available..... in hindsight.

31
The Unconscious ConspiracyIndicators...
  • Todays Business Imperative - industry wide
  • Hot opportunity
  • High reliance on a few wizards
  • Dominating objective
  • Unchallenged assumptions
  • Dominating individual
  • .......

32
Four focal points
Common
Cultural
Specific
Core
Basics
Behavior
Business
Burning
Learning issues - fundamental issues that are
stuck at awareness / action stages
Accessed by workshops - shared awareness, moving
the unconscious conspiracy to conscious awareness
and action Issues are normally
fundamental, sometimes critical to
survival
33
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection
Strategic Operational
34
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Avoid
Transfer
Insurance Risk Management
Capital Market Strategies
35
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Insurance Risk Management
Operational Uncertainty (non-quantified)
36
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Risk control frameworks Gap analysis
Operational Uncertainty (non-quantified)
Systems quality integrity
37
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Risk control Maps Gap analysis
Operational Uncertainty (non-quantified)
Systems quality integrity
Culture profiles Control environment change
management
38
Integrated Risk Management
Burning
Basics
Behavior
Business
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Risk control frameworks Gap analysis
Operational Uncertainty (non-quantified)
Systems quality integrity
Business Risk Management Self-assessment of
exposure - leading to Action Risk Control
frameworks
Culture profiles Control environment change
management
39
Integrated Risk Management
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Risk control frameworks Gap analysis
Operational Uncertainty (non-quantified)
Systems quality integrity
Business Risk Management Self-assessment of
exposure - leading to Action Risk Control
frameworks
Governance review Facilitated business
strategic risk assessment Diagnostics
Culture profiles Control environment change
management
40
Integrated Risk Management
Governance Accountability Tone Values Ethics Trust
Unconscious Conspiracy
Policies Procedures Fraud protection Information
Systems
Strategic Operational
Quantify uncertainty
Risk control frameworks Gap analysis
Operational Uncertainty (non-quantified)
Systems quality integrity
Business Risk Management Self-assessment of
exposure - leading to Action Risk Control
frameworks
Governance review Facilitated business
strategic risk assessment Diagnostics
Culture profiles Control environment change
management
Internal Audit based on integrated Risk Framework
41
Enterprise Risk Management Implementation
approaches
Common
Cultural
Specific
Core
Basics
Behavior
Business
Burning
Facilitated workshop
Risk Profiles
Risk Frameworks Quantitative methods Insurance
methods
Procedural frameworks Surveys
Enterprise risk framework database
42
What are the major challenges you face in
developing an integrated approach risk management?
43
  • What do you think needs to be done to manage
    these challenges?

44
Sustainable Risk Management aligns People,
Objectives, Risks
  • Builds Employee Involvement
  • Creates Business Value
  • Builds a Global Connection
  • Enhances Teamwork
  • Anticipates risk

45
The value of Enterprise Risk Management
Reduce fraud, Minimize error, Increase
efficiency effectiveness
Behavior
Reduce fraud error Increase efficiency
effectiveness Engage enthuse Minimize
penalty
Business
Avoid or transfer risk Quantify risk uncertainty
for specific risks Use capital market techniques
to manage certain risks Improve quality /
timeliness / price / delivery / technology
Reduce costs / downtime / lost
productivity Improve relationships with customers
/ employees / suppliers / regulators / investors
/ creditors Protect against criminal / civil /
regulatory penalties Improve achievement of
business objectives
Protect against fundamental risk
Burning
46
Presentation Evaluation
47
Next Steps
  • Incorporate group brainstorms and Option Finder
    exercises into a report of todays session
  • Distribute report to all participants
  • Other?
About PowerShow.com