The Center for Professional Education 11 Presentation AIG CIRC October 21 11:00-12:30 Seven...

The Center for Professional Education 11

Presentation

AIG CIRCOctober 21 11:00-12:30

Seven Contributions ofEnterprise Risk Management


Enterprise Risk Management (ERM)

Newest entry in the risk management.

•Hazard (insurable) Risk. Fortuitous losses in traditional risk management.

•Business Risk. When an organization has the chance for either a gain or a loss.


Contributions of ERM (1-3)

• #1. Recognize Upside of Risk. Failure to take a risk is a risk itself.

• #2. Identify Risk Owners. Assign each risk to a single owner with hierarchical co-owners.

• #3. Align Risk Accountability. Match risks with business units and key initiatives.



• #4. Create a Central Risk Function. Identify exposures and share findings.

• • #5. Create a High-tech Platform. For

risk identification and collaboration.



• #6. Involve the Board. Make it easy to view critical risks.

• #7. Standardize Risk Evaluation. Follow a consistent process.


7 ERM Contributions

#1 Recognize Upside of Risk

#4 Create a Central Risk

Function

#7 Standardize Risk Evaluation

#5 Create a High-techPlatform

#3 Align Risk Accountability

#2 Identify Risk Owners

#6 Involve the Board


#1. Recognize Upside of Risk

• Risk Interaction. An exposure does not occur in isolation. One risk affects other risks.

• Upside of Risk. Business risk can produce gains and losses. A failure to take a risk is a risk itself.


#2. Identify Risk Owners

A risk owner has:

•Responsibility. Identify a strategy.

•Authority and Resources. To deal with the exposure.

•Support. Shares ideas with so risk management is coordinated.


#2a. Risk Owner

Example:

Exposure: Avoid money laundering.

•Risk Owner: Chief Financial Officer


#3. Align Risk Accountability

Align risk categories with business model.

•Strategy to be successful.

•Least disruption of current successful practices.

•New perspective on business risk.


Business Model Alignment

• Functional Staff. C-level production, marketing, finance, administration, technology,

• Business Units. Regions, autonomous operations, and subsidiaries.

• Key Initiatives. Major activities reflecting highly visible goals.


Match Risks with Owners

• We look only at important risks.

• Key risks have risk owners.

• Internal controls take care of “all” risks.


Match Key Risks Example

European Aeronautic Defense and Space Company (EADS) and its Airbus unit.(Next slide)


EADS Key Risks

EADSCEO

Defense &Security

MilitaryTransport

OtherAirbus

AstriumSpace


A380 Key Initiative Risk

All by itself, A380Airbus

Engineering

Procurement

A380Operations

AircraftPrograms


Power8 for the A380

Operations

CutCosts

Structure

ImproveA380

StreamlineAssembly

LeanManufacturing

Power8Program

AirportIssues


Key Risk of A380 Large Size

• Assign an owner.

• Develop options.

• Take action.

• (Next slide.)


Large Size – Airport Risk

8 Airports inthe world?

One bag ata time?

Emergency with 800 people?

One passenger at a time?

Airport Risks


Large Size – Airline Risk

Passenger Handling

Emergency Management

Airline Risksat Airports

Baggage Handling


#4. Create a Central Risk Function

An individual or unit coordinates risk discussions. It:• Should occupy a high position in an

organizational hierarchy.

• Should facilitate efforts by risk owners to manage risk.

• Should not manage risk itself.


Role of Central Risk Function

A central risk function enhances an ERM program:

• Risk Identification. Risks that might otherwise be missed by key executives.

• Risk Sharing. Open channels for collaboration.


Scan Externally for Risks

A central risk function should scan the horizon for:•Operating risk.•Market risk.•Regulatory risk•Political risk.•Other exposures.


Scan for Internal Risks

A central risk function should scan for•Cultural risk.•Management risk.•Leadership risk.•Human resources risk.•Unit life cycle risk.


Central Risk Leader

Title of chief risk officer (CRO)?

CRO title can become a distraction.

CEO is the real chief risk officer. Senior vice president avoids the problem.


Central Risk Function

SeniorVice President

Consultant#2

ProjectAnalyst

Consultant#1

IndustryAnalyst

HumanResources

Analyst


#5. Use Technology to Collaborate

An ERM high-tech electronic platform allows:• Risk identification by any authorized party. • Collaboration among risk owners and

others to understand risk and find solutions.


Authorized individuals share ideas.

• Electronic Platform. Can be queried by remote parties.

• Access. Passwords and authorizations.

• Contributor or Risk Owner. Authorized to add risks.


Airport Risk with the A380

• Board member wants to know situation.

• Risk ownership passes through Airbus to A380 to Power8 program.

Activities are visible (see next slide).


Airbus A380 Airport Risk

Francois DavidBoard

Member

Only 8 airports ready in

the world?

One bag ata time?

Airport Risks

Emergency with 800 people?

Power8Program

A380

One Passenger at a time?

Airbus


Management of the Platform

Keep out unwanted visitors and messages:

Queries. Searchable by key words.

Formatting. User-friendly structures.

Vetting. Compliance with organizational guidelines.


Importance of Vetting

Accuracy is important:

• Collaboration enriches knowledge and problem solving.• • Still, opinion-style blogs show the danger of relying on

opinions of others.

• Central risk should vet contributions.


#6. Involve the Board

Various structures facilitate a fiduciary role: A central risk function working with an individual board member. Structure on next slide.


Member of Board Reports on ERM

Board ofDirectors

CentralRisk Function

CEOAudit

COOInternalAudit

ERMBoard Member


#7. Employ a Standard Evaluation Process

Assessment key risks:• Identify the risk. • Assign an owner. • Assess the impact.• Evaluate mitigation options.• Implement, monitor, and revise.


Identify the Risk

•Risks come from various sources:

• External. Environment, economy, regulatory body, competitor, other.

• Cultural. Management or leadership styles, unit sub-cultures, relationships, other.

• Business Process. Internal controls, skills, capabilities, other.


Assign Owners

Accountability and collaboration:

• Owner. Functional area, business unit, or key initiative.

• Co-owners. Work with the owner.

• Interested Parties. Authorized to participate.


Assess the Impact -- Likelihood

Likelihood assessment.• High. Likely at some future time.

• Medium. Possible.

• Low. Not likely to occur.


Assess the Impact -- Severity

Severity assessment.

• High. Major disruption or damage.

• Medium. Important damage.

• Low. Damage but not significant.


Assess the Impact -- Quantification

Use a common-sense system:

• Standardization. Approach to risk.

• Simple Scale. Red, Yellow, Green.


Identify Mitigation Options

• Mitigation. Risks to acceptable levels.

• Avoidance. Risks not mitigated.

• Transfer. Risks too big to keep all.

• Retention. Risks that are acceptable.


Implement, Monitor, and Revise

Cost Benefit. Is mitigation cost effective?

Assess. Does the risk meet an acceptable likelihood and severity?

Decision Rule. Accept or avoid.

Monitor Results. Revise as necessary.


Conclusion

The brain can get it right.

The Center for Professional Education 11 Presentation AIG CIRC October 21 11:00-12:30 Seven...

Documents

Transcript of The Center for Professional Education 11 Presentation AIG CIRC October 21 11:00-12:30 Seven...