Enterprise Risk Management ERM - PowerPoint PPT Presentation

About This Presentation

Enterprise Risk Management ERM


Continuous risk assessment, evaluation and management ... Traditional risk management efforts tend to focus on measurable risks while ill ... – PowerPoint PPT presentation

Number of Views:3400
Avg rating:3.0/5.0
Slides: 38
Provided by: StateofO


Transcript and Presenter's Notes

Title: Enterprise Risk Management ERM

Enterprise Risk Management (ERM)
  • Presented At
  • Managing Risk Mission Possible
  • Terri Sahli, Risk Manager
  • State Of Oregon
  • October 23, 2006

  • ERM Definitions
  • Traditional Risk Management v. ERM
  • ERM Objectives Benefits
  • ERM Framework Process
  • ERM Risk Identification
  • Interdependencies Systems Thinking
  • ERM Tools, Techniques, Strategies
  • ERM Implementation
  • QA

ERM Definitions
  • A disciplined approach aligning strategy,
    processes, people, technology and knowledge to
    manage uncertainties as the enterprise creates
    value. (KPMG)
  • The identification and assessment of collective
    risks that affect value, and the formulation and
    implementation of a company wide strategy to
    maximize that value. (AON)

ERM Definitions
  • The effort to find an integrated optimal way of
    managing risk by balancing financing techniques
    with organizational practices and processes.
  • EWRM is a structured and disciplined approach
    it aligns strategy, processes, people, technology
    and knowledge with the purpose of evaluating and
    managing the uncertainties the enterprise faces
    as it creates value. (Arthur Andersen 2000)

ERM Definitions
  • Enterprise risk management is a process, effected
    by an entitys board of directors, management and
    other personnel, applied in strategy setting and
    across the enterprise, designed to identify
    potential events that may affect the entity, and
    manage risk to be within its risk appetite, to
    provide reasonable assurance regarding the
    achievement of entity objectives. (COSO)

ERM Definitions
  • ERM is a disciplined and integrated approach that
    supports the alignment of strategy, process,
    people, and technology and allows corporations to
    identify, prioritize and effectively manage their
    critical risk. By understanding all risks in an
    integrated framework, companies can execute
    proper strategies to successfully achieve their
    objectives and to meet their performance goals.
    (Unidentified) (Sahlis favorite)

Characteristics of Traditional RM
  • Limited strategic scope or influence
  • Narrowly focused
  • Negative
  • Reactive
  • No systematic understanding of correlation and
    interdependencies among risks
  • Fragmented

Characteristics of Traditional RM
  • Risk mitigation and risk financing siloed
  • Inconsistent risk reporting
  • Infrequent, ad hoc risk assessment
  • Ambiguous ownership of some types of risk lack
    of role definition
  • Closed communication
  • Functionally driven
  • Cost based

Characteristics of ERM
  • Supports strategy and planning
  • Broadly focused
  • Positive
  • Proactive
  • Correlation and interdependencies analyzed and
  • Integrated
  • Risk mitigation and risk financing coordinated

Characteristics of ERM
  • Concise, consolidated reporting
  • Continuous risk assessment, evaluation and
  • Assigned ownership with accountability defined
    roles and responsibilities
  • Open communication
  • Process driven
  • Value based

Traditional RM
  • In a decentralized environment, responsibility
    for managing various risks may be assigned to the
    business or functional area with the perceived
  • Insurable risk Risk Management
  • Interest rate risk Treasurer
  • Litigation management risk Department of Justice

Traditional RM
  • Traditional risk management efforts tend to focus
    on measurable risks while ill-defined or
    ambiguous strategic or operational risks, such as
    brand or reputation, may be acknowledged but
  • How do you measure loss of reputation?

ERM Tear Down Those Walls
  • ERM is an approach that requires the tearing down
    of walls between the management of strategic,
    operational, financial and hazard risks, and
    adoption of a single, comprehensive risk
    oversight structure.

ERM Integrated
  • ERM is a holistic, integrated approach that
    requires systems thinking and an understanding of
    the interrelationship among component parts of a

ERM Tear Down Those Walls
  • ERM helps break down the risk silos
  • Within the state
  • Within your agency
  • Within your program
  • Common language and common tools essential to
    begin the non-siloed discussion

Why ERM? Why Now?
  • Perception that Enron, WorldCom, Global Crossing
    would not have happened had risks been more
  • Need for risk transparency
  • Performance pressures
  • Better use of capital (taxpayer dollars)
  • ERM tool development advancing rapidly
  • Competitive advantage

ERM Objectives
  • Better use of taxpayer dollars
  • Competitive advantage preferred place to live
    and work
  • Reduced budget volatility
  • Lower cost of risk transfer
  • Risks explicitly considered in decision making
  • Avoid surprises and predictable failures
  • Align risk exposures and mitigation programs
  • Institute more rigorous risk measurement
  • Integrate ERM into the strategic planning process

ERM Benefits
  • Increased management confidence
  • Improved risk transparency
  • Risk appetite and risk tolerance are aligned with
  • Improved risk v. reward quantifications and
    performance measurements
  • Competitive advantage
  • Risk priced transactions
  • Improved resource and allocation
  • Optimized costs and efficiencies
  • Reduced earnings volatility
  • Early notification of risk patterns
  • Ability to anticipate and communicate

ERM Framework
  • Mission Vision Statement
  • Objectives Strategies
  • Organizational Structure
  • Roles Responsibilities
  • Policies Procedures
  • Tools Techniques
  • Common language
  • Overlays existing framework
  • Integrated into, not isolated from, the

ERM Process RM Process
  • Risk identification
  • Risk analysis
  • Formulation of risk management strategies and
  • Implementation of strategies and solutions
  • Measure, monitor, and report
  • Integration
  • The process is the same. We are simply expanding
    the risks we identify and analyze.

Risk Identification - Traditional
  • Will focus on insurable risks
  • Employees
  • Buildings
  • Vehicles
  • Third parties (general public)

Risk Identification - ERM
  • Will focus on systemic risks (systems thinking)
  • Hazard/insurable risks
  • Operational risks
  • Financial risks
  • Strategic risks
  • What could go wrong

Risk Identification - ERM
  • Systems Thinking
  • Operational risks arising out of your daily
  • supply chain, human resource, IT security,
    culture, weather, regulation
  • Financial risks arising around use of money
  • credit risk, interest rate risk, cash-flow/budget
    management, economic up/down turns
  • Strategic risks arising out of business/policy
  • reorganization decisions, customer/constituency
    base changes, changes in service offerings

ERM Risks
  • Your turn lets identify
  • Operational risks
  • Financial risks
  • Strategic risks
  • Others

ERM Systems Thinking
  • ERM is a holistic, integrated approach that
    requires systems thinking and an understanding of
    the interrelationship among component parts of a
  • Consider the interdependencies
  • Upstream and downstream risks

Unintended Consequences
  • At the core of siloed risk management is the lack
    of correlation of risks (interdependencies and
    interrelationships) and concomitantly, a failure
    to effectively and efficiently integrate risk
    management strategies.

Unintended Consequences
  • Intense Focus on Single Objective or Risk
  • Failure to Consider Corollary Risks
  • Failure to Consider Interdependency Risks
  • Unintended Consequences (the big oops)

Interdependencies of Risk
  • Hazard theft of laptop with unsecured
    confidential bank account information
  • Operational employees not trained in
    information security practices password
  • Financial bank accounts drained of millions of
    dollars before accounts can be identified and
  • Strategic loss of vendors cant pay bills

ERM Tools Techniques
  • Tools and techniques will vary by entity and must
    be compatible with the entitys risk
  • Tools techniques
  • Key risk indicators
  • Individual self assessments or facilitated group
  • Scenario analysis
  • Risk mapping using frequency and severity
  • Statistical analysis/probabilistic modeling

Risk Maps A Tool
S e v e r i t y
Risk Strategies
  • Accept
  • Retain
  • Reduce
  • Transfer
  • Acquire/exploit
  • Share
  • Reject
  • Eliminate
  • Avoid

ERM Implementation
  • Barriers to successful implementation
  • Lack of quantification of soft risks
  • Lack of framework and strategic plan
  • Just another audit or flavor of the day
  • Lack of visibility and support from leadership
  • Project v. process view

ERM Implementation
  • Barriers to successful implementation
  • Competing priorities
  • Lack of needed processes and appropriate
  • Lack of consensus on benefits
  • Insufficient resources (people and technology)
  • Organizational resistance to change

ERM Implementation
  • Factors for successful implementation
  • Leadership and executive sponsorship
  • Establishment of a vision
  • Phased work plan with realistic goals and time
  • Dedicated cross functional teams
  • Managed expectations
  • Quick early visible wins
  • Integration into all planning

Who is implementing ERM?
  • Financial services sector
  • Insurance and banking
  • Energy sector
  • Utilities, energy gas
  • Others
  • Public sector

  • ERM is traditional risk management
  • on steroids
  • ERM can begin within a single agency
  • not the entire entity
  • ERM can be FUN
  • as well as hard work
  • ERM is Mission Possible

Enterprise Risk Management
  • Questions?
  • Thank You!
Write a Comment
User Comments (0)
About PowerShow.com