2013/07/30

1

The Future of Risk Management

Horst Simon, Head of Risk

How do we go forward with Risk Management?

2013/07/30

2

Developing an Organizational Risk Management Culture

Those who do not understand

the risks or miscalculate the risks stand to be

exploited by those who understand them better

• Is your risk management process still backward-looking and all your risk reporting based on historic information?

• Are your risk assessments still focused on identifying all possible threats? (risks)

• Are you still "extracting" data from different systems to do risk reporting?

• Are you still doing risk management to comply with regulations?

If you answer YES to any of the above you have a problem, if you answer YES to two or more, you

are on your way to "going out of business"

2013/07/30

3

Risk culture arises from the REPEATED behaviours of the employees of the organisation. These behaviours are

shaped by the underlying values, beliefs and attitudes of individuals, which are partly inherent, but are also shaped by

the existing corporate culture in the organisation

Developing an Organizational Risk Management Culture

2013/07/30

4

Over the past decade, risk management became more about quantitative models and less about

behavioral models. Unfortunately, as we discovered during the recent

financial crisis, even the best quantitative models cannot predict the

result of misguided behavior.

Developing an Organizational Risk Management Culture

“The credit crisis has taught us valuable lessons on the limitations of models, the

importance of risk reporting and the need to establish a more effective risk culture”

Post-crisis Risk Management, Carol Beumier, GARP Risk Professional journal, Oct 2010

2013/07/30

5

“Several organisations went well beyond their “risk appetite” –sometimes

without even realizing it”

Post-crisis Risk Management, Carol Beumier, GARP Risk Professional journal, Oct 2010

“The world is in no

position to face major,

new shocks”

Opening line of the Executive Summary, Global Risks, 6th Edition

2013/07/30

6

Twentieth century systems are failing to manage 21st century risks; we need new networked

systems to identify and address global risks before they become

global crises,”

Robert Greenhill, Managing Director and Chief Business Officer at the World Economic Forum.

Top Global risk i.t.o. LIKELIHOOD

• 2007-Breakdown of critical information infrastructure

• 2008-Asset price collapse• 2009-Asset price collapse• 2010-Asset price collapse• 2011-Meteorologigal catastrophes• 2012-Severe income disparity• 2013-Severe income disparity

2013/07/30

7

Top Global risk i.t.o. IMPACT

• 2007-Asset price collapse• 2008-Asset price collapse• 2009-Asset price collapse• 2010-Asset price collapse• 2011-Fiscal crisis• 2012-Major systemic financial failure• 2013-Major systemic financial failure

Some key quotes• “Decision-makers need to improve understanding of

incentives that will improve collaboration in response to global risks”

• “Trust, or lack of trust, is perceived to be a crucial factor in how risks may manifest themselves, in particular, this refers to confidence, or lack thereof in leaders, in the systems which ensure public safety and in the tools of communication that are revolutionizing how we share and digest information”

• “Communication and information sharing on risks must be improved by introducing greater transparency about uncertainty and conveying it to the public in a meaningful way”

2013/07/30

8

“I take risk management very seriously and believe that risks

should be managed, not avoided. Implemented successfully, Risk

Management enables management to effectively deal with uncertainty and

associated risks,”

Rodney E. Hood ,Vice Chairman National Credit Union Administration (NCUA)

Risk Culture & The Credit Crunch“They should haveconfidence in their risk cultureand the courage to be able to say:Although we making lots of moneyhere, additional risk will not resultin additional value being added tothe business in the long term.”

“But it also requires a certaindegree of courage in cases wherea company’s culture is not yetready to embrace RiskManagement fully. As Chris Duncansaid, “… for Risk Management to beeffective, occasionally one doeshave to swim against the tide andrun the risk of getting eaten by thesharks.”

2013/07/30

9

Risk management is everybody’s job. Everybody who does anything in the company is a risk manager to some extent.

Risk Management in the Corporate Culture

The most important thing is to get buy-in from the most senior levels of the organization first. Until you do that, you’re going to have great ideas, but they’ll never see the light of day.

The key to high-performance risk management is aligning risk strategy among key risk stakeholders, obtaining and sustaining senior management engagement, and achieving effective integration with strategic planning

People make it happen and people make sure that it couldn’t happen

again

Risk Management has a primarily human nature

2013/07/30

10

Companies in the UK spent GBP 5 billion in 2010 to buy the latest

technology and systems- but many will fail to implement procedures that

reduce the risk of human error and malpractice causing damage to their single most important business tool

Risk Management has a primarily human nature- example

TRANSFORMATION!

To change the way you see and think about Risk Management and equip you

with knowledge and practical experiences on how to apply that thinking in your

organisations

2013/07/30

11

Managing Risk in the Era of Behaviour

The future of risk management lies in an ability to incorporate and

inspire more of the behaviors we want- both the behaviors we want to encourage and those we would like

to avoid

2013/07/30

12

Overview of People Risk factors

• Diminishing ability of companies to survive without talent

• Lack of Ethics• Companies often cut the fat– and some of

the muscle with it• People Risk is endogenous!• You cannot control what you do not

quantify and measure

2013/07/30

13

Frequency of Change

Organisational Change & Exposure to Risk

Gradual Change

Increased pace of change

Inte

nsity

of C

hang

e

EX

PO

SU

RE

TO

RIS

K Dynamic-continuous

change

What is the first thing you do?

2013/07/30

14

“In a world where change is the only constant, success depends on the depth of our awareness of the risks and rewards on the horizon and on the quality of our preparations to respond to them appropriately”

Jaime Caruana, Chairman of the Basle Committee, Hong Kong, 7 February 2005

It is not just what you know,

but what you do with what you know

The biggest change is shifting organisations from having a rear-view risk

focused based on historic data, past events and modeling to a forward-looking

perspective of an effective risk culture based on pro-active risk mitigation,

scenario analysis and risk optimization.

Life after the crisisThe future of risk management

2013/07/30

15

Five Pillar Methodology

Leadership

Actualization

The R

ight P

olicies

Spiritual needs

PEOPLE RISK MITIGATION

Com

petency F

ramew

ork

Maslow's Hierarchy of Needs

It is all about themselves!!It is all about themselves!!It is all about themselves!!It is all about themselves!!

1954

Abraham Maslow

2013/07/30

16

“In the workplace of the future, the fiercest

competition may not be for customers, but for the hearts and minds of

employees”“The Economist” 1993

1993

Spiritual needs

• In a bad risk culture , people will not do the right things regardless of risk policies and controls

• In a typical risk culture , people will do the right things when risk policies and controls are in place

• In a good risk culture , people will do the right things even when risk policies and controls are not in place

The R

ight Policies

2013/07/30

17

• In an effective risk culture every person will do something about the risks associated with his/her job on a daily basis

• In the ultimate risk culture every person is a risk manager and will evaluate, control and optimise risks to build sustainable competitive advantage for the organisation

At what level of maturity is your organisation?

The R

ight Policies

Com

petency Fram

ework

Use the competency framework to your own benefit- let it drive your

Total Employee Value

Skills WorthPotentialValue

TotalEmployee Value+ =

•Experience•Education•Competencies•Character

•Ability to apply skills•Value-add•Organisational fit?

High Potential Employees vs. High Performance Emplo yees

$

2013/07/30

18

PEOPLE & Risk Culture

TASKS

ROLES

STRUCTURE

BEHAVIOUR

CULTURELevel of effort

Change increases People Risk…

• Intense competition for individuals capable of leading business organisations

• Requirement for extraordinary strategic thinking skills

• Major lack of experienced staff• Requirement to make high-quality decisions

quickly in the face of competitive pressure• Highly refined communication and talent

development skills• Employee attitude is everything!

2013/07/30

19

Challenging your thinking

Does you risk management process

MOTIVATE or IRRITATEyour staff?

The risk culture of an organisation is a direct reflection of the quality of Leadership Horst Simon

2013/07/30

20

Major Cultures of the worldHonor / Shame

Guilt / Innocence Power / Fear

Generations

• Lost Generation (1883–1900) • G.I. Generation (1901–1924) • Silent Generation (1925–1942) • (Baby) Boom Generation (1943–1960) • 13th Generation (Gen X) (1961–1981) • Millennial Generation (Gen Y) (1982–

2000) • New Silent Generation (Gen Z) (2001-)

2013/07/30

21

“… few companies bother to measure their investments in human capital or the return on these investments”

Outlook, Accenture, May 2003

2003

And you are still not considering this important…

• You cannot transfer reputational risk• You can never take the human element

out of risk management• Every employee is a potential risk

manager– just train them• Do not make people risk a post-event

affair– be proactive

2013/07/30

22

Show the Risk Return on Investment

• Reduce internal and external Audit costs-integrated and shared approach to risk management

• Track near-miss incidents and show the value of “built-in” risk mitigation

• Help to identify operational improvements• Management will fully understand all risks• Enhanced decision-making• Improved risk response times and crisis

preparedness

“The reliability of business operations at financial institutions (and other companies) depends to a

large extend on the expertise, discipline and morale of each employee in these institutions.

Efforts to maintain and improve this aspect remains a major issue”

Bank of Japan

2013/07/30

23

“Most people are more comfortable with old problems than with new solutions”

Organisational revolution is necessary

Anonymous

2013/07/30

24

Ignoring Enterprise Risk Management leads to the corporate graveyard

2013/07/30

25

THANK YOUThe comments made in this presentation are views based on the research and experience

of the presenter and does not necessarily reflect any processes or policies of any of the

companies he works with.