Imogen Cunningham By: Kayla Malahiazar Imogen Cunningham Kayla Malahiazar.
Ilta06 developing and selling an enterprise risk management approach by dave cunningham aug 2006
-
Upload
davecunningham -
Category
Business
-
view
740 -
download
1
description
Transcript of Ilta06 developing and selling an enterprise risk management approach by dave cunningham aug 2006
Developing and Selling anEnterprise Risk Management Approach
Presented by:Dave Cunningham, Managing DirectorBaker Robbins & Company
Topics
Enterprise Risk Management
1. Defined2. Trends and Issues3. Applied to Law Firms4. Technology5. Value6. Program Development
1. ERM Defined
ERM is a management approach focused on maximizing shareholder value and ensuring business continuity by creating a single view of internal and external risks and an executive-level strategy to deal with those risks.
Risk Management Categories
Risk can be analyzed in these categories:
Risk Types Internal External
Economic
Strategic
Operational
Market
Technical
ERM Processes
Understanding Risk Management
RM is about managing risks, not eliminating them.
Risks are both positive and negative, involving gains and losses.
Risk management’s overall goal is building and maintaining stakeholder confidence: the key to organizational resilience.
2. ERM Trends and Issues
Compliance RequirementsRole of Chief Risk OfficerEuropean Influences (Data Protection, Ethical Walls, Anti-Cartel, Anti-Money Laundering, External Investments)Technology
Dependency as business toolRisk management tool
Convergence of Performance and Risk Management
3. ERM Applied to Law Firms
“It doesn’t take a visionary to see that an enterprise view of risk is right for law firms. We
are 20 years behind the big accounting firms. It’s just a matter of how fast we move forward.”
- General Counsel of AmLaw 20 law firm
ERM Applied to Law Firms
“Law firms should, in theory, be good in managing risks across the firm because the people we are dealing with are those who are most affected.”
“We are coming off of a difficult loss cycle. Firm are now being much more active in managing risks.”
- Managing Director of Aon
CONFLICTS & ETHICSConflicts & Ethics and Securities Transaction CommitteesInformation Services and Records DepartmentOutside Counsel
EMPLOYMENT &PERSONNEL MATTERSProfessional Personnel and Admin HROutside Counsel
PARTNERSHIP ELECTIONSPolicy CommitteeExecutive GroupFinance DepartmentIT
PARTNERSHIP ELECTIONS(Governance, Departures, Disputes)
Executive GroupPolicy CommitteePension CommitteeFinance DepartmentProfessional PersonnelOutside Counsel
LITIGATION & SUBPOENA MATTERSLitigation Attorneys Managing Attorney’s OfficeOutside Counsel
DATA PRIVACY, SECURITY MATTERSFinance DepartmentITProfessional Personnel and Admin HR
MARKETING & COMMUNICATIONS (Website, Branding, Copyright, Reviewing Marketing Materials, etc.)
Marketing/Communications Department
PROFESSIONAL DEVELOPMENTProfessional Development DepartmentProfessional Personnel
VENDOR CONTRACTSApplicable Departments (IT, Finance, HR, M/C, etc.)
AUDITAudit CommitteeFinance Department
INSURANCE
Professional IndemnityProfessional Insurance CommitteeExecutive GroupFinance Department
Employment/Worker’s CompensationAdministrative HRFinance Department
Other Insurance Finance DepartmentExecutive Group
FIRM MANUALS AND GUIDANCEExecutive Group (and delegates)Applicable Practice Groups & Departments
INFORMATION RETENTIONIR Project TeamSteering GroupOutside ConsultantsAll Practice Groups and Departments
FIRM INVESTMENTSInvestment Committee
Areas of a Firm Addressing Risk (Example)
Risk Exposure
1. Clients2. Employees3. Operations
What keeps General Counsels awake at night?
4. ERM and Technology
IT is not only a source of risk; it provides management with tools
to implement a risk framework.
Technology: Source of Risk
Continuity IntegrityAccessibilityPrivacy
Technology: Mitigating Risks
System Fault TolerancePhysical and Electronic SecurityPerformance ModelingIntranet / Communications
Technology: Mitigating Risks
Firm Business ProcessesConflicts and Ethical WallsBillingBusiness intelligence and reportingRecords (e-mail, paper and document) managementTeam-based folders and workspacesKnowledge management and expertise identificationClient relationship managementEnterprise resource planningSelf-ServiceLitigation Support Management
Technology: Risk Management Tool (example)
InternalLoss Data
ExternalData
EnterpriseRisk Assessor
Map
ping
Frequency
Severity
PanjerRecursion
Unexpected Loss
Adjust for Internal Control
RequiredCapital
Expected Loss
1. Damage to physical assets2. Business disruption and system failures3. Execution, delivery and process management4. Employment practices and workplace safety5. Clients, products and business practice6. Internal fraud7. External fraud
ERM Dashboard (example)
IT Management Dashboard (example)
5. ERM Business Impact
Gartner research shows that 60% of large enterprises without best practice risk management implemented consistently across the enterprise will significantly under-perform their peers.
Aon: Impact on insurable losses has not been measured. ERM helps you look better to the insurance company and establish a sense of awareness.
ERM Business Impact – IT Perspective
Awareness of existing risksMitigation of IT risksNecessary component of:
Service level agreementsBusiness continuity planningProject charters / business cases
Reduction of surprisesA seat with firm management on business issues
6. Program Development
Two TracksIT (Performance and) Risk ManagementEnterprise Risk Management
IT Performance and Risk Management
IT ProcessesIT Service LevelsIT Key Performance IndicatorsRoles and Responsibilities related to risk:
Change and configuration managementQuality assuranceData architecture and integritySecurity and privacy
Content management initiatives
ERM Program Development
Initial StepsContext
Consider current actions and how they may or may not be aligned with desired culture of riskEstablish a baseline
IdentifyIdentify existing risk-related responsibilitiesIdentify existing gaps in risk managementDecide roles and responsibilitiesDetermine maturity of the existing situation
Maturity Assessment Model
Maturity Assessment: Risk Process Ratings
Maturity Assessment: Business Processes
Maturity Assessment: IT Processes (1 of 4)
Maturity Assessment: IT Processes (2 of 4)
ERM Standards and Influences
ERMCOSO ERM FrameworkAS NZS 4360: 2004
ComplianceSarbanes-OxleyBasel IIISO
Standards with risk aspects:IT Infrastructure Library (ITIL)Project Management Institute PMBOK
Risk Identification Example
Risk Types Internal External
Economic
Strategic
Operational
Market
Technical
Continuity
Access Management
Integrity
Privacy
Risk Prioritization
Conclusion
Next StepsReview how risk is considered and managed in IT projectsHave initial conversations in your firm about risksDetermine your own role in enterprise riskPerform an assessment of risk areas and understand the implications
Questions and Comments?