Corp Risk Gov Reform
-
Upload
peterjschild -
Category
Documents
-
view
77 -
download
5
description
Transcript of Corp Risk Gov Reform
![Page 1: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/1.jpg)
Corporate Risk Governance Reform
1 Peter J Schild
![Page 2: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/2.jpg)
The Broad Steps to Risk Governance Reform
• Build a case • Develop a framework • Perform pilots • Develop learning strategies • Implement across the organization
2 Peter J Schild
![Page 3: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/3.jpg)
Change Management
Corporate systems are self-preserving and resistant to change. Only when the need is widely recognized and a solution exists that appears to work does the desire to change exceed the natural tendency to resist it.
3 Peter J Schild
![Page 4: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/4.jpg)
Exploring a Case for Change: Six Questions
Peter J Schild 4
![Page 5: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/5.jpg)
Does the board truly understand the strategic objectives, the top risks the company faces in executing
strategies, and the strength of the processes that keep the board and
senior management informed?
Peter J Schild 5
![Page 6: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/6.jpg)
To evaluate the company’s capacity to achieve objectives, directors need confidence in a system of effective internal controls and the reliability of its maintenance, as well as evidence of widespread attentiveness to risk. They must believe in management’s capacity to stay within the boundaries of established tolerances and to report clearly and concisely when those boundaries are approached.
Peter J Schild 6
![Page 7: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/7.jpg)
Are employees connected to the corporate vision?
Peter J Schild 7
![Page 8: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/8.jpg)
Without the right culture the risk taken can easily exceed the risk intended, regardless of the processes employed to measure and monitor it. The goal is an environment where personal visions connect and employees come to understand and agree with intended outcomes and their individual and team roles in achieving them.
Peter J Schild 8
![Page 9: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/9.jpg)
Are all lines of business that contribute to any given strategic
objective, while likely to be managed separately, evaluated as a complete
set of activities?
Peter J Schild 9
![Page 10: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/10.jpg)
Corporations in their entirety are more than collections of individual activities subject to the separate interests of their components. Operating units work together across the enterprise not in relation to their positions within segments, but according to their relative roles in support of defined strategies.
Peter J Schild 10
![Page 11: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/11.jpg)
Does available capital match the risk appetite?
Peter J Schild 11
![Page 12: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/12.jpg)
Neither capital nor risk can be calculated precisely and confidence in predictable outcomes is necessarily limited; therefore, managing to the measurable alone is insufficient. To provide reasonable assurance that the risk taken is equivalent to the risk intended, enhanced processes of risk evaluation coupled with assessments of human capital must be added to traditional tools of measurement.
Peter J Schild 12
![Page 13: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/13.jpg)
Do all lines of business (particularly support activities) coordinate so that their duties do not overlap and their
reports to the board and senior management are compatible?
Peter J Schild 13
![Page 14: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/14.jpg)
Reliable financial reporting and strict regulatory compliance are unconditional yet costly requirements. Efficient processes that boost coordination and enable leverage across risk, finance, compliance, audit and lines of business are both reasonable expectations and consistent with the imperative of operational effectiveness.
Peter J Schild 14
![Page 15: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/15.jpg)
Does the market perceive corporate governance as a strong point in
evaluating the company’s reputation?
Peter J Schild 15
![Page 16: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/16.jpg)
Disciplined, reliable and comprehensive systems of risk management and corporate governance foster investor confidence in management’s capacity to take and manage risk.
Peter J Schild 16
![Page 17: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/17.jpg)
Deliverables
• Properly executed, effective risk governance satisfies: Management’s need for line of business control and supervision The board’s need for perspective to perform oversight, make
strategic decisions, and evaluate management Regulatory expectations for effective, observable risk
management practices
• And leads to: Efficient processes that enable leverage across finance, risk,
compliance and audit Market confidence in management’s capacity to take and
manage risk
17 Peter J Schild
![Page 18: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/18.jpg)
Aspirations
• Enhanced reputation • Higher P/E multiple • Increased shareholder value/
market capitalization
If the market’s appraisal of management’s competence is reflected in the amount by which total capitalization exceeds net worth, then enhancing one’s reputation leads to increased shareholder value.
18 Peter J Schild
![Page 19: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/19.jpg)
• Assurance • Facilitation • Verification
Process: Enterprise-wide risk
management principles
• Awareness • Literacy • Accountability
Culture: Employees
who feel connected to the company
Reliable reporting Efficient operations
Compliance with laws
Capital preservation
Clear oversight perspective Observable
governance practices Market & regulatory
confidence Better reputation
Increased shareholder
value
Essential Principles + Employee Connection Yields Increased Shareholder Value
19 Peter J Schild
![Page 20: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/20.jpg)
An Overview of the Central Framework
Peter J Schild 20
![Page 21: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/21.jpg)
• The operating framework includes: Employee Engagement Core Objectives Uniform Procedures Shared Corporate Hierarchy Management & Board Reporting
• The roles necessary for the framework’s execution and maintenance are: Assurance of its Effectiveness Facilitation of its Performance & Upkeep Verification of its Reliability
Peter J Schild 21
The Central Framework
![Page 22: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/22.jpg)
Employee Engagement: “Once you blow the whistle you can’t inhale.”
(Bill Chadwick, former National Hockey League referee)
Unless those who initiate transactions care about and understand their impact on the company’s risk appetite, the outcome may depart from that which was intended.
How people communicate matters as much as how they measure.
22 Peter J Schild
![Page 23: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/23.jpg)
Employee Engagement
Employee engagement is founded on four principles: Leadership accountability Education and awareness Recruitment and hiring Development and retention
23 Peter J Schild
Accountability plus literacy produces a shared vision.
![Page 24: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/24.jpg)
Core Objectives
To implement processes that provide for: Achievable strategies – reasonable
assurance of sustainable results Reliable financial and non-financial reporting Effective and efficient operations Compliance with prevailing laws and
regulations Preservation of economic and human capital
resources
24 Peter J Schild
![Page 25: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/25.jpg)
Begin with articulating strategic objectives and cycle through identifying, accepting and monitoring risks, determining residual risk, and, based on the results, reaffirming or adjusting risk appetite and strategy.
Peter J Schild 25
Uniform Procedures
![Page 26: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/26.jpg)
Articulate strategic
objectives
Identify inherent
risk
Establish control
activities
Assess and accept
intended risk Monitor
controls/report
actual vs. expected
Determine actual
residual risk
Escalate and resolve exceptions
Evaluate outcomes/
renew strategy
acceptance
Recursive evaluation and reaffirmation
Uniform Procedures
Peter J Schild 26
![Page 27: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/27.jpg)
Inherent Risk, Control Activities, Residual Risk
• Inherent risk is a function of generic and unique determinative factors that give rise to uncertainty – change, volume, complexity and what can go wrong with an entity’s specific activities.
• The control environment is the set of activities intended to keep things from going wrong or to raise warnings when they start to.
• Residual risk is determined by combining the relative level of inherent risk with the observed control effectiveness.
27 Peter J Schild
![Page 28: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/28.jpg)
• How the enterprise is subdivided into levels of assessable parts starting with all segments and ending with the lowest level of separately managed silos (“operating units”).
• To assure efficient communication and consistency of reporting, a common hierarchy should be shared by the entire enterprise (especially Finance, Risk, Compliance and Audit), at least to the point that they can map their individual procedures to the shared hierarchy.
Peter J Schild 28
Corporate Hierarchy
![Page 29: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/29.jpg)
Segment 1
Line of Business 1
Operating unit 1
Operating unit 2
Operating unit 3
Line of Business 2
Operating unit 4
Operating unit 5
Corporate Hierarchy
Level I Level II Level III Enterprise
Segments: 1 2 3 4 5 6 7 8 9
Peter J Schild 29
![Page 30: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/30.jpg)
• Information travels many paths to reach senior management and the board
• Coordinating the diverse sources of data while respecting their distinct voices requires deliberate structure and dedicated resources
• Oversight is only as effective as the clarity of knowledge necessary to exercise it
Peter J Schild 30
Senior Management & Board Reporting
![Page 31: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/31.jpg)
Two innovative groups help to promote senior management literacy and enhance board reporting: Senior Risk Committee: chaired by CEO, comprised
of Chief Operating Officer, Chief Risk Officer, Chief Audit Executive, Chief Financial Officer, General Counsel, Head of HR...
Risk Governance Council: chaired by CRO, comprised of CAE, Chief Accounting Officer, Heads of Operational, Credit & Market Risk, Chief Compliance Officer...
Peter J Schild 31
Senior Risk Committee & Risk Governance Council
![Page 32: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/32.jpg)
• No formal agenda, meet periodically (e.g., monthly)
• Review high and emerging risks to strategies, incidents and incident responses; discuss economic and human capital resource allocations; renew commitments to intended risk
Peter J Schild 32
Senior Risk Committee
![Page 33: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/33.jpg)
• Provide assurance to senior management and the board that residual risk across the enterprise is continuously monitored
• Determine that residual risk is based on actual, as opposed to expected, internal control environments
• Examine identified control weaknesses for potential damage; recommend changes to accepted risk tolerances, both up and down
• Calibrate risk tolerance by clarifying choices among reducing inherent risk, tightening controls, or allowing greater residual risk, and present analysis to Senior Risk Committee
Peter J Schild 33
Risk Governance Council
![Page 34: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/34.jpg)
Board of Directors
Senior Risk Committee
Credit Risk Committee
Market Risk Committee
Operational Risk
Committee
Internal Audit
Risk Governance
Council
Peter J Schild 34
Senior Committee Organizational Structure
![Page 35: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/35.jpg)
Apply the Framework
1 In each entity of the hierarchy… 2 execute the uniform procedures… 3 to determine whether the objectives are being
met.
The resulting database includes, by operating unit, inherent risks, control environment evaluations, control exceptions, and residual risks
35 Peter J Schild
![Page 36: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/36.jpg)
Systems Thinking
• While complete in their silos, operating units – entities of sales and support – work together, not only according to their individual nature, but also according to their relative roles and positions in the system.
• Inherent delays between actions and outcomes naturally give rise to unintended consequences because actions taken in one part do not affect all related parts at the same time, but do so at the pace of their movement through the system.
• By delivering consistent assessments of each of the parts and enabling an assembled view of the whole, the framework provides perspective that augments preparation, anticipation, response, and recovery.
36 Peter J Schild
![Page 37: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/37.jpg)
Manage by Segment
Oversee by Strategy
A
B
C
D
Line of Business 1
Technology
Legal/Com
pliance
Hum
an Resources
Finance
Operations
Line of Business 2
Line of Business 3
Risk M
anagement
Management
1 2 3 4 5 6 7 8 9
37 Peter J Schild
![Page 38: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/38.jpg)
Presentation Format: Segment Risk
• The following slide is a compilation of individual assessments of all operating units within a sample segment: Technology.
• It displays how control concerns in separate parts affect the entire segment.
• Risk tolerance can be defined as the intended risk – the inherent risk intentionally taken with the assumption of an acceptable control environment.
• Comparing actual risk to intended risk presents senior management and the board the opportunity to quickly evaluate the segment capacity to take on additional risk, such as new products, strategies or acquisitions.
38 Peter J Schild
![Page 39: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/39.jpg)
Strategy Inherent Risk
+ Tested Control Environment
= Residual (Actual) Risk
Intended Risk*
A B C D Composite Segment
Peter J Schild 39
Actual vs. Intended Risk: Technology Segment
* Inherent Risk + Acceptable Control Environment = Intended Risk
Risk Control Environment Low Acceptable Medium Marginal High Unacceptable
![Page 40: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/40.jpg)
Manage by Segment 1 2 3 4 5 6 7 8 9
Oversee by Strategy
A
B
C
D
Line of Business 1
Technology
Legal/Com
pliance
Hum
an Resources
Finance
Operations
Line of Business 2
Line of Business 3
Risk M
anagement
Oversight
40 Peter J Schild
![Page 41: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/41.jpg)
Presentation Format: Strategy Risk
• The following slide is a compilation of individual assessments of interdependent entities engaged in the execution of a particular strategy (a “strategic domain”) .
• It displays how control concerns in separate parts affect the strategy.
• Comparing actual risk to intended risk presents senior management and the board the opportunity to quickly evaluate strategies and determine exactly where they need to focus their attention to increase assurance that strategies are most likely to achieve intended objectives.
41 Peter J Schild
![Page 42: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/42.jpg)
Strategic Domain: Operating units
Inherent Risk
+ Tested Control Environment
= Residual (Actual) Risk
Intended Risk*
Line of Business Finance Technology Operations Compliance Human Resources Risk Management
Peter J Schild 42
Actual vs. Intended Risk: Strategy “A”
* Inherent Risk + Acceptable Control Environment = Intended Risk
Risk Control Environment Low Acceptable Medium Marginal High Unacceptable
![Page 43: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/43.jpg)
Is This What We Want? • Both inherent and residual risk are important to monitor –
well-managed/high inherent or poorly managed/low inherent can each lead to unacceptable outcomes.
• In its silo, the line of business may be well-managed; but if other components of the strategy exhibit high residual risk, the overall risk may exceed that which was intended.
• Decision: resolve the control issues, reduce the inherent risk, or accept the residual risk.
• Comparing segment and strategy evaluations: Are any operating units stressed supporting multiple strategies? Are economic and human capital resources distributed most
favorably? 43 Peter J Schild
![Page 44: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/44.jpg)
Four Key Roles to Execute and Sustain 1 Monitor employee engagement – a function of human resources. As with
any initiative, employee engagement must be tracked and tested to evaluate the depth of its understanding and fulfillment.
2 Assure effectiveness – to align accountability with ownership, lines of business should be responsible for assurance by attesting to the design and operating effectiveness of their identified controls, and for reporting and resolving exceptions.
3 Facilitate performance and upkeep – a discrete risk management function is desirable to facilitate process execution through focused support units that consult on building, implementing, and maintaining the framework. Risk units serve as a central clearing organization for retaining shared databases, and promote replication of the pattern of evaluation and reporting across the enterprise.
4 Verify continued reliability – internal audit verifies through independent, objective oversight that management’s assurances can be relied upon, internal controls are designed and operating as reported by management, exceptions are appropriately escalated, and practicable resolutions are prescribed and on track.
44 Peter J Schild
![Page 45: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/45.jpg)
Perform Pilots in Selected Business Units
45 Peter J Schild
![Page 46: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/46.jpg)
Develop Learning Strategies
46 Peter J Schild
![Page 47: Corp Risk Gov Reform](https://reader034.fdocuments.in/reader034/viewer/2022042614/5589adffd8b42ab3448b46b1/html5/thumbnails/47.jpg)
Implement Across the Organization
47 Peter J Schild