Slide 1

Download Report

Transcript Slide 1 

Presentation
AIG CIRC
October 21 11:00-12:30
Seven Contributions of
Enterprise Risk Management
The Center for
Professional Education
1
1
Enterprise Risk Management (ERM)
Newest entry in the risk management.
• Hazard (insurable) Risk. Fortuitous
losses in traditional risk management.
• Business Risk. When an organization
has the chance for either a gain or a
loss.
The Center for
Professional Education
2
2
Contributions of ERM (1-3)
• #1. Recognize Upside of Risk. Failure to take
a risk is a risk itself.
• #2. Identify Risk Owners. Assign each risk to
a single owner with hierarchical co-owners.
• #3. Align Risk Accountability. Match risks
with business units and key initiatives.
The Center for
Professional Education
3
3
Contributions of ERM (4-5)
• #4. Create a Central Risk Function.
Identify exposures and share findings.
•
• #5. Create a High-tech Platform. For
risk identification and collaboration.
The Center for
Professional Education
4
4
Contributions of ERM (6-7)
• #6. Involve the Board. Make it easy to
view critical risks.
• #7. Standardize Risk Evaluation. Follow
a consistent process.
The Center for
Professional Education
5
5
7 ERM Contributions
#1 Recognize
Upside of Risk
#7 Standardize
Risk Evaluation
#2 Identify
Risk Owners
#6 Involve
the Board
The Center for
Professional Education
#3 Align Risk
Accountability
#5 Create a
High-tech
Platform
#4 Create a
Central Risk
Function
6
6
#1. Recognize Upside of Risk
• Risk Interaction. An exposure does not
occur in isolation. One risk affects other
risks.
• Upside of Risk. Business risk can
produce gains and losses. A failure to
take a risk is a risk itself.
The Center for
Professional Education
7
7
#2. Identify Risk Owners
A risk owner has:
• Responsibility. Identify a strategy.
• Authority and Resources. To deal with the
exposure.
• Support. Shares ideas with so risk
management is coordinated.
The Center for
Professional Education
8
8
#2a. Risk Owner
Example:
Exposure: Avoid money laundering.
•Risk Owner: Chief Financial Officer
The Center for
Professional Education
9
9
#3. Align Risk Accountability
Align risk categories with business model.
• Strategy to be successful.
• Least disruption of current successful
practices.
• New perspective on business risk.
The Center for
Professional Education
10
10
Business Model Alignment
• Functional Staff. C-level production,
marketing, finance, administration, technology,
• Business Units. Regions, autonomous
operations, and subsidiaries.
• Key Initiatives. Major activities reflecting
highly visible goals.
The Center for
Professional Education
11
11
Match Risks with Owners
• We look only at important risks.
• Key risks have risk owners.
• Internal controls take care of “all” risks.
The Center for
Professional Education
12
12
Match Key Risks Example
European Aeronautic Defense and Space
Company (EADS) and its Airbus unit.
(Next slide)
The Center for
Professional Education
13
EADS Key Risks
EADS
CEO
Defense &
Security
Airbus
Military
Transport
The Center for
Professional Education
Other
Astrium
Space
14
14
A380 Key Initiative Risk
All by itself, A380
Airbus
Operations
Engineering
Procurement
The Center for
Professional Education
A380
Aircraft
Programs
15
15
Power8 for the A380
Power8
Program
Structure
Operations
Lean
Manufacturing
The Center for
Professional Education
Cut
Costs
Streamline
Assembly
Improve
A380
Airport
Issues
16
16
Key Risk of A380 Large Size
• Assign an owner.
• Develop options.
• Take action.
• (Next slide.)
The Center for
Professional Education
17
17
Large Size – Airport Risk
Airport
Risks
8 Airports in
the world?
Emergency with
800 people?
One bag at
a time?
The Center for
Professional Education
One
passenger
at a time?
18
18
Large Size – Airline Risk
Airline Risks
at Airports
Emergency
Management
The Center for
Professional Education
Baggage
Handling
Passenger
Handling
19
19
#4. Create a Central Risk Function
An individual or unit coordinates risk discussions.
It:
• Should occupy a high position in an
organizational hierarchy.
• Should facilitate efforts by risk
owners to manage risk.
• Should not manage risk itself.
The Center for
Professional Education
20
20
Role of Central Risk Function
A central risk function enhances an ERM
program:
• Risk Identification. Risks that might
otherwise be missed by key executives.
• Risk Sharing. Open channels for
collaboration.
The Center for
Professional Education
21
21
Scan Externally for Risks
A central risk function should scan the
horizon for:
• Operating risk.
• Market risk.
• Regulatory risk
• Political risk.
• Other exposures.
The Center for
Professional Education
22
22
Scan for Internal Risks
A central risk function should scan for
• Cultural risk.
• Management risk.
• Leadership risk.
• Human resources risk.
• Unit life cycle risk.
The Center for
Professional Education
23
23
Central Risk Leader
Title of chief risk officer (CRO)?
CRO title can become a distraction.
CEO is the real chief risk officer.
Senior vice president avoids the problem.
The Center for
Professional Education
24
24
Central Risk Function
Senior
Vice President
Human
Resources
Analyst
Consultant
#1
Industry
Analyst
The Center for
Professional Education
Project
Analyst
Consultant
#2
25
25
#5. Use Technology to Collaborate
An ERM high-tech electronic platform allows:
• Risk identification by any authorized party.
• Collaboration among risk owners and
others to understand risk and find solutions.
The Center for
Professional Education
26
26
Authorized individuals share ideas.
• Electronic Platform. Can be queried by
remote parties.
• Access. Passwords and authorizations.
• Contributor or Risk Owner. Authorized to
add risks.
The Center for
Professional Education
27
27
Airport Risk with the A380
• Board member wants to know situation.
• Risk ownership passes through Airbus to
A380 to Power8 program.
Activities are visible (see next slide).
The Center for
Professional Education
28
28
Airbus A380 Airport Risk
Francois
David
Board
Member
Airbus
One
Passenger
at a time?
A380
Power8
Program
Airport
Risks
One bag at
a time?
Emergency with
800 people?
The Center for
Professional Education
Only 8 airports
ready in
the world?
29
29
Management of the Platform
Keep out unwanted visitors and messages:
Queries. Searchable by key words.
Formatting. User-friendly structures.
Vetting. Compliance with organizational
guidelines.
The Center for
Professional Education
30
Importance of Vetting
Accuracy is important:
• Collaboration enriches knowledge and
problem solving.
•
• Still, opinion-style blogs show the
danger of relying on opinions of others.
• Central risk should vet contributions.
The Center for
Professional Education
31
31
#6. Involve the Board
Various structures facilitate a fiduciary role:
A central risk function working with an individual
board member.
Structure on next slide.
The Center for
Professional Education
32
32
Member of Board Reports on ERM
Board of
Directors
Audit
ERM
Board Member
CEO
Internal
Audit
The Center for
Professional Education
COO
Central
Risk Function
33
33
#7. Employ a Standard Evaluation Process
Assessment key risks:
• Identify the risk.
• Assign an owner.
• Assess the impact.
• Evaluate mitigation options.
• Implement, monitor, and revise.
The Center for
Professional Education
34
34
Identify the Risk
•Risks come from various sources:
• External. Environment, economy, regulatory
body, competitor, other.
• Cultural. Management or leadership styles, unit
sub-cultures, relationships, other.
• Business Process. Internal controls, skills,
capabilities, other.
The Center for
Professional Education
35
35
Assign Owners
Accountability and collaboration:
• Owner. Functional area, business unit, or
key initiative.
• Co-owners. Work with the owner.
• Interested Parties. Authorized to
participate.
The Center for
Professional Education
36
36
Assess the Impact -- Likelihood
Likelihood assessment.
• High. Likely at some future time.
• Medium. Possible.
• Low. Not likely to occur.
The Center for
Professional Education
37
37
Assess the Impact -- Severity
Severity assessment.
• High. Major disruption or damage.
• Medium. Important damage.
• Low. Damage but not significant.
The Center for
Professional Education
38
38
Assess the Impact -- Quantification
Use a common-sense system:
• Standardization. Approach to risk.
• Simple Scale. Red, Yellow, Green.
The Center for
Professional Education
39
39
Identify Mitigation Options
• Mitigation. Risks to acceptable levels.
• Avoidance. Risks not mitigated.
• Transfer. Risks too big to keep all.
• Retention. Risks that are acceptable.
The Center for
Professional Education
40
40
Implement, Monitor, and Revise
Cost Benefit. Is mitigation cost effective?
Assess. Does the risk meet an acceptable
likelihood and severity?
Decision Rule. Accept or avoid.
Monitor Results. Revise as necessary.
The Center for
Professional Education
41
41
Conclusion
The brain can get it right.
The Center for
Professional Education
42
42