1 / 36

Linking Risk To What Matters Most

Linking Risk To What Matters Most. Dorothy M. Gjerdrum, ARM-P, CIRM Executive Director & Risk Consultant. Agenda. Linking Risk to What Matters Most. How Risk Management is Evolving Attributes of Enhanced Risk Management Key Outcomes: Understanding your risks

khalil
Télécharger la présentation

Linking Risk To What Matters Most

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linking Risk To What Matters Most Dorothy M. Gjerdrum, ARM-P, CIRM Executive Director & Risk Consultant

  2. Agenda Linking Risk to What Matters Most How Risk Management is Evolving Attributes of Enhanced Risk Management Key Outcomes: Understanding your risks Managing risks within set criteria Linking Risk to Decision Making Consideration of Strategy, Mission, Objectives – and What Matters Most

  3. Risk Management is Evolving Strategic Integrated Transactional • Enterprise-wide Risk Management • A wide range of risks are discussed and reviewed, including reputational, human capital, strategic and operational • Aligns RM process with strategy and mission • May include “upside risks” (opportunities) • Helps manage growth, allocate capital & resources • Risks are owned by all & mitigated at the department level • Many risk mitigation & analytical tools available • Risk Manager is the risk facilitator and leader • Advanced Risk Management • Greater use of alternative risk financing techniques • More proactive about preventing and reducing risks • Integrates claims mgmt, contracts review, special event RM, insurance and risk transfer techniques • Cost allocation used for education and accountability • More collaboration – as depts are willing • Risk Manager may be the risk owner • Traditional Risk Management • Purchase insurance to cover risks • Hazard-based risk identification and controls • Compliance issues addressed separately • Safety & emergency mgmt handled separately • “Silo” approach – risk mgmt is not integrated across the organization • Risk Manager is the insurance buyer Risk is uncertainty – focus is on optimizing risk to achieve goals Risk is bad – focus is on transferring risk Risk is an expense – focus is on reducing cost-of-risk

  4. Attributes of Enhanced Risk Management Measuring Success! Key Outcomes The organization has a current, correct and comprehensive understanding of its risks The organization’s risks are within its risk criteria Attributes Continual improvement Full accountability for risks Application of risk management in decision making Continual communications Full integration into governance structure Annex A ANSI/ASSE/ISO 31000:2009

  5. Attributes of Enhanced Risk Management Measuring Success! Key Outcomes The organization has a current, correct and comprehensive understanding of its risks The organization’s risks are within its risk criteria Attributes Continual improvement Full accountability for risks Application of risk management in decision making Continual communications Full integration into governance structure Annex A ANSI/ASSE/ISO 31000:2009

  6. External Risks Geopolitical risks Internal Risks Unemployment Mergers & Acquisitions of key partners or vendors Credit markets stability Currency & foreign exchange rate fluctuations Meeting public expectations Strategic Risks Financial Risks Public support Unexpected loss of revenue Bank failures Ethics violations Stock market performance Health care costs Tax caps Reputation Budget cuts Long-term planning vs. budget limitations Stakeholders’ interests Energy costs Financial reporting Capital availability Unfunded mandates Union relations Strategy & initiatives Interest rates Bond rating Retirement funding Governance Public-private partnerships Counterparty risk Revenue & grant $$ management Code of Conduct Investment limitations Negative media coverage Building subsidence or collapse Terrorism Aging infrastructure Student activities Procurement Contractual liability Facilities maintenance Theft Code violations Workers’ comp Natural events & catastrophes Labor practices Fraud Mold exposure Accounting or internal controls failures Gov’t sanctions War Lawsuits Business interruption IT system failure Asbestos exposure Public Official & D & O liability Pollution Workplace violence Hazard & 3rd Party Risks Public safety Building security HR & personnel actions Loss of key suppliers Animal or insect infestation Disease & epidemics Utilities failure Health & safety violations Operational Risks Mandated public services Typical purview of RM

  7. www.fox4kc.com/news September 14, 2010 “Suspect in Custody Following Knife Attack” The Penn Valley Dean of Student Instruction was attacked and slashed in the throat by a mentally ill student. The attacker meant to stab the governor of Missouri.

  8. External Risks Geopolitical risks Internal Risks Unemployment Mergers & Acquisitions of key partners or vendors Credit markets stability Currency & foreign exchange rate fluctuations Meeting public expectations Financial Risks Strategic Risks Public support Unexpected loss of revenue Bank failures Ethics violations Stock market performance Health care costs Tax caps Reputation Budget cuts Long-term planning vs. budget limitations Stakeholders’ interests Energy costs Financial reporting Capital availability Unfunded mandates Union relations Strategy & initiatives Interest rates Bond rating Retirement funding Governance Public-private partnerships Counterparty risk Revenue & grant $$ management Code of Conduct Investment limitations Negative media coverage Building subsidence or collapse Terrorism Aging infrastructure Student activities Procurement Contractual liability Facilities maintenance Theft Code violations Workers’ comp Natural events & catastrophes Labor practices Fraud Mold exposure Accounting or internal controls failures Gov’t sanctions War Lawsuits Business interruption IT system failure Asbestos exposure Public Official & D & O liability Pollution Workplace violence Hazard & 3rd Party Risks Public safety Building security HR & personnel actions Loss of key suppliers OperationalRisks Animal or insect infestation Disease & epidemics Utilities failure Health & safety violations Mandated public services Typical purview of RM

  9. Why should we take a broader approach to risk? • Only 20-30% (?!) of all risks are insurable • Global interconnectedness forces us to think more broadly – for example: • Pandemic flu • Cyber attacks • World economy & supply chain risks • Now more than ever, we need all stakeholders to be risk aware

  10. What Can You Do – Starting Right Now? Educate yourself – ISO, CSA trainings, PRIMA Develop your “elevator speech” about taking a broader approach to risk – and find supporters Interviews and discussion opportunities Compile an inventory of risks – and think beyond “insurable” and beyond “local” – could you take this to the next level?

  11. Attributes of Enhanced Risk Management Measuring Success! Key Outcomes The organization has a current, correct and comprehensive understanding of its risks The organization’s risks are within its risk criteria Attributes Continual improvement Full accountability for risks Application of risk management in decision making Continual communications Full integration into governance structure Annex A ANSI/ASSE/ISO 31000:2009

  12. Risk Criteria As Defined in ANSI/ASSE/ISO 31000 Risk Criteria – the terms of reference against which the significance of a risk is evaluated Notes: Risk criteria are based on organizational objectives and external and internal context Risk criteria can be derived from standards, laws, policies and other requirements

  13. Defining Risk Criteria • One axis will be likelihood • The other will be consequence • It doesn’t have to be a 5x5 grid (3x3…10x10) • You define the values in the grid Consequence or Severity Likelihood

  14. Sample – Impact

  15. Sample – Likelihood

  16. Remote Unlikely Possible Likely Certain Likelihood 1 9 6 2 3 7 4 8 5 10 Low Moderate Significant Serious Severe Consequence

  17. Remote Unlikely Possible Likely Certain Likelihood 1 9 6 2 3 Risk Tolerance Level 7 4 8 5 10 Low Moderate Significant Serious Severe Consequence

  18. Significant Extensive management essential Must manage and Monitor risks Considerable management required Moderate Management effort required Risks may be worth accepting with monitoring Management effort worthwhile Minor Accept, butmonitor risks Accept risks Manage andmonitor risks Low/Remote Moderate High/Certain Why Do It?Risk Maps Guide Risk Mitigation Efforts Consequence Likelihood

  19. Developed by a Major University

  20. Risk Register Straw Man – Human Resources University Business Executive Roundtable “A Practical Approach to Institutional Risk Management” The Education Advisory Board, 2012

  21. What Can You Do – Starting Right Now? What inventories of risk exist right now? Could they be integrated – expanded? How is information about risk communicated? If you’re going to build it – get help! Recognize where risk is being managed well – as important as problems or threats A quick note about “risk appetite attitude”

  22. Attributes of Enhanced Risk Management Measuring Success! Key Outcomes The organization has a current, correct and comprehensive understanding of its risks The organization’s risks are within its risk criteria Attributes Continual improvement Full accountability for risks Application of risk management in decision making Continual communications Full integration into governance structure Annex A ANSI/ASSE/ISO 31000:2009

  23. Example from a Community College ERM Supports Opportunities A Potential International Culinary Competition: A key “ingredient” in a culinary arts training program An important opportunity for students, but the event occurred during uprisings in Egypt

  24. The Middle East and Northern Africa During the “Arab Spring”

  25. Results of the Discussion of the Opportunity and Key Risks The college decided to support the trip Six students & one faculty member participated Plans were developed to minimize the threats, including training on the appropriate code of conduct and cultural context, supervision by an experienced traveler & the purchase of travel abroad insurance Result: Awarded silver medal!

  26. RAP Tool – Outline SAMPLE • Preparation • Consistent language, risk criteria, context • Involve appropriate stakeholders • Facilitator & recorder, consistent process • Discussing the Project, Risk or Opportunity • Goals & strategy – for entity & for decision • Context & stakeholders • Opportunities & benefits • Threats

  27. RAP Tool • Assessing the Risks • Using risk criteria • Consideration of connected risks • Decision Making • Can you effectively treat the threats? • Can the opportunity be supported and enhanced? • Assign risk owners • Next Steps • Communication, monitoring & review SAMPLE

  28. Risk Workshop Agenda Purpose of the workshop Overview of “risk” Linking to strategy & key goals Context and stakeholders Key definitions Brainstorm and rank key risks What’s next SAMPLE

  29. Questions re Effectiveness Principle c) Risk Management is Part of Decision Making Risk management helps decision makers make informed choices, prioritize actions and distinguish among alternative courses of action. • How would external/internal stakeholders be affected by decisions? • Is there consistency re metrics and values? • How are decisions communicated and implemented? • How are decisions made? • Who is involved? • Who should be involved? • What knowledge and skill do decision makers need in order to incorporate risk management in the process?

  30. What Can You Do – Starting Right Now? Answer the questions re effectiveness… Are there opportunities to incorporate risk into decision making in your organization? How could you apply this to your decision making or your department? A pilot project? Online tools? (www.ucop.edu/enterprise-risk-management/ )

  31. APQC Best Practices re ERM Clarity of purpose – ERM increases and protects value Understand that pursuit of strategy carries risk – ERM assists in making good choices and managing risk Effective risk management is a competitive advantage American Productivity & Quality Center

  32. What Best Practice Organizations Do Risk assessment process is robust, with clear criteria, guidelines for escalation, inclusion of dissenting opinions & “thinking the unthinkable” Use standardized language and processes Use simple, user friendly tools to encourage adoption Integrate ERM with strategic planning and existing processes Embrace continuous improvement & communication

  33. Brainstorm Mission statement? Strategic goals? Management initiatives? New projects or programs?

  34. Specific Action Plan For You • Educate yourself, develop your “elevator speech”, build your network of peers • Create an inventory of risk management practices across all operations; can you build support for integration? • Seek opportunities for a broader approach to risk; can you help with decision making? • Develop tools and resources – and develop your leadership skills • Be patient – it’s a journey, not a destination!

More Related