Risk Management in the 21st Century - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Risk Management in the 21st Century

Description:

... Management in the 21st Century. Steve Winks - Cape Town Breakfast - 11 April 2006 ... Industrial Age fire companies and Lloyds ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 18
Provided by: AV845
Category:

less

Transcript and Presenter's Notes

Title: Risk Management in the 21st Century


1
Risk Management in the 21st Century
  • Steve Winks - Cape Town Breakfast - 11 April 2006

2
A Brief History
  • Pre-history survival and common sense
  • Ancient World benefits (and risks) of community
  • Industrial Age fire companies and Lloyds
  • Insurance era cure for all ills growth of
    products rating
  • Insurance era management abdication
  • Insurance era chasing the money loosing the
    plot cycles
  • Insurance era inventing Risk Management
  • Risk Finance big business does the math
  • Compliance regulations stakeholder
    expectations
  • Full Circle common sense and accountability
  • ENTERPRISE RISK MANAGEMENT

3
ERM a Definition
  • A structured and consistent approach that aligns
    strategy, processes, people, technology and
    knowledge, with the purpose of evaluating and
    managing the uncertainties the enterprise faces
    to create stakeholder value.
  • with
    apologies to Jim DeLoach

4
The Goals of Enterprise Risk Management
  • Extract value from uncertainty
  • Embed risk management in all processes
  • Align risks with enterprise objectives
  • Achieve a comprehensive and integrated view
  • Risk-sensitise all decision making
  • Develop a 3 dimensional view of change
  • Learn from all risk events
  • Stimulate dynamic processes for managing risk
  • Resilience not Rigidity
  • Meet all stakeholder expectations
  • Corporate Governance as result, not driver

5
ERM Best Practice Environments
  • Policy and Procedure
  • Organisation and Training
  • Implementation and Embedding
  • Alignment with Enterprise Strategy
  • Integration with Change Management
  • Control and Assurance
  • Integration with Learning Management
  • Performance Measurement and Reporting
  • Risk Management Information System
  • Business Continuity Management

6
ERM a Summary Self-Evaluation
  • For each of the 10 environments there will be
    presented a few broad best practice statements
  • As we discuss each of these, consider its
    application in your own enterprise
  • On the sheet provided, assign a score from 0 to 4
    to reflect your perception of maturity in the
    enterprise
  • Please ask questions for clarity as we go along

7
1. Policy and Procedure
  • There is a written statement of risk management
    policy endorsed by the board, for which senior
    management accepts accountability.
  • There are established procedures for policy
    implementation, applicable to all activities in
    all departments of the enterprise.
  • Oversight is provided by the Board Risk Audit
    Committee

8
2. Organisation and Training
  • Risk management champions are appointed and
    allocated specific time for carrying out the
    duties.
  • Line managers are aware of and accountable for
    their general and particular risk management
    responsibilities.
  • Structured and appropriate training is provided
    for risk champions, line managers and general
    staff.

9
3. Implementation and Embedding
  • Formal risk management plans have been developed
    for the implementation and embedding of the
    policy and procedures.
  • Specific tasks in the plans are allocated to
    managers, with timelines that are reported on in
    the risk management or other appropriate
    committees.
  • Verification of embedded risk management
    processes and control strategies is provided by
    self-evaluation at all levels.

10
4. Alignment with Enterprise Strategy
  • Alignment of corporate and departmental
    objectives with stakeholder value drivers is
    formally expressed and clearly understood.
  • All managers have discussed and reached consensus
    on the risks facing the objectives and their
    contribution to the enterprise risk profile
  • Risk assessment of past and proposed objectives
    is a requirement for business planning approval.

11
5. Integration with Change Management
  • Risk assessment in accordance with a set standard
    is required as part of the enterprise change
    management policy and procedure.
  • The policy and procedure are applied to all types
    of change, whether internally and externally
    initiated and all departments are involved.
  • Post event reviews are conducted following all
    changes, whether planned or unplanned, with
    positive or negative outcome.

12
6. Control and Assurance
  • Control strategies are developed and prioritised
    in relation to residual and inherent risk
    ratings derived from risk assessments.
  • A control self assessment programme is
    established throughout the entity to internally
    verify the ongoing efficacy of all controls.
  • The risk management system and the controls for
    critical risk issues are regularly audited by
    external agency, such as Internal Audit.

13
7. Integration with Learning Management
  • There is a formal mechanism, such as a continuous
    improvement programme, to capture and disseminate
    learning from all available sources and
    activities.
  • The mechanism also facilitates the exchange of
    learning between departments in the enterprise
    and with other enterprises.
  • The mechanism captures learning from post-event
    reviews (success and failure), new risk
    assessments, control self assessments and
    Internal Audit reviews.

14
8. Performance Measurement and Reporting
  • A mechanism is provided to measure risk
    management performance in the enterprise .
  • The system includes criteria for system
    implementation and maintenance as well as
    management of the risks themselves .
  • Risk management objectives are included in KPIs
    and linked to the balanced score-card or other
    performance management system.

15
9. Risk Management Information System
  • There is a formalised, automated system for
    capturing, tracking and reporting risk
    information (RMIS).
  • Risk maturity self-evaluations, risk assessments,
    post event reviews, control and assurance reviews
    are all entered in the system, together with
    their respective plans and progress.
  • The system provides for tracking and all
    personnel with risk management and/or risk
    control responsibilities have access to the
    system.

16
10. Business Continuity Management
  • There are specific business continuity plans that
    cover all critical (terminal) eventualities,
    whether external, functional or operational.
  • The plans have been comprehensively tested within
    the past twelve months.
  • All managers and business continuity team members
    have been trained on the plans and their roles.

17
ERM Maturity a Vital Planning Tool
  • This was a cursory examination only. 50 to 100
    statements should be reviewed in a team workshop
    to arrive at a comprehensive maturity evaluation.
  • The resulting gap analysis can then be used to
    develop a road map to world class Enterprise Risk
    Management.
  • In large enterprises the exercise should be
    conducted annually at all tiers of management.
  • THANK YOU FOR YOUR PARTICIPATION
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Risk Management in the 21st Century" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!