Development of Risk Management in the Contemporary World

1
Development of Risk Management in the
Contemporary World

• 9th Dec 2011
• CFO Summit, New Delhi.
• Presented by Venkataram Arabolu, MD, BSI India.

2

• The policy of being too cautious is the biggest
  risk of all
• Jawaharlal Nehru

3
Risk Mismanagement

• Risk mismanagement or the absence of risk
  management are at the root of each and every
  corporate failure that we have seen

4
Sample Organizational Risk Culture
Board
Seeks strategic dialogue about risk but must rely
on intuition
Lacks the knowledge risk vocabulary to engage
in dialogue with management
Has narrow siloed view of risk, often focusing
on compliance
CEO
Understands the risks but has little influence on
decision making
CFO
CRO
Business Unit
Business Unit
Business Unit
Treasurer's office
Uses sophisticated risk management tools, but
only for short term risk
Lacks the sophistication to understand, much less
measure, their own risks
Source HBR Sept 08
5
Risk Management

• A survey by

6
Key Finding 1

• Overall, post the global crisis, there is a
  consensus that anticipating and managing risks
  proactively is going to deliver tremendous long
  term value to organizations. Establishing a
  global footprint, cross border regulations,
  geo-political events and increased complexity in
  the value chain are leading to more risks.

7
Key Finding 2

• While organizations are making progress in
  implementing risk management processes and
  structures, the biggest challenge is around
  integrating risk with strategy and the business.
  There is a need to de-mystify risk and make it
  simpler for business managers to grasp and
  implement. A firm commitment at the top and
  training in the use of risk management tools and
  approaches is essential to overcome this hurdle.

8
Key Finding 3

• Boards today are expected to play the watchdog
  role that of linking strategy, risks, rewards
  and executive compensation to ensure that there
  are no misalignments. Risk oversight challenges
  faced by independent directors are on account of
  their limited review of strategy and inadequate
  inputs into the information architecture to know
  about the business, industry and external
  factors.

9
Key Finding 4

• The survey also reveals that organizations have
  made little or no progress in actually linking up
  the dots. Risk responses / mitigation strategies
  are still developed in isolation rather than on
  the basis of more holistic views that takes into
  account multiple scenarios and potential events.
  The usage of economic models and technology is
  limited. Also, few organizations look beyond 3
  years while identifying and assessing risks and
  aspects such as sustainability and climate change
  are given limited importance.  Some companies are
  now adopting the practice of appointing Chief
  Risk Officers even within the non-financial
  services sector. CEOs expect their risk officers
  to be more market and strategy-oriented than be
  overly focused on the operations and processes.
  Risk officers who are able to transcend to a
  strategic role will deliver the greatest value to
  their organizations.

10
Today's risk management
11

• The Seven Golden Truths of Risk Management

12

• Risk is not uncertainty. Risk is the effect of
  uncertainty

13

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....

14

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial

15

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial
• Much of the risk that affects us is manufactured
  by us

16

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial
• Much of the risk that affects us is manufactured
  by us
• Control what we can control dont try to
  control what we cannot control

17

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial
• Much of the risk that affects us is manufactured
  by us
• Control what we can control dont try to
  control what we cannot control
• Risk management is impossible without knowledge

18

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial
• Much of the risk that affects us is manufactured
  by us
• Control what we can control dont try to
  control what we cannot control
• Risk management is impossible without knowledge
• The Unthinkable, the Impossible and the
  Unknowable together can create the perfect risk
  storm which no company can survive

19

• Risk is not uncertainty. Risk is the effect of
  uncertainty
• The impossible always happens somewhere,
  sometime, to someone....
• The greatest risk of all is denial
• Much of the risk that affects us is manufactured
  by us
• Control what we can control dont try to
  control what we cannot control
• Risk management is impossible without knowledge
• The Unthinkable, the Impossible and the
  Unknowable together can create the perfect risk
  storm which no company can survive

20
Obstacles to Effective RM

• Top management support
• Internal communication/buy-in
• Fragmented risk systems/processes
• Risk measurement
• Dispersed/global operations
• Changing regulatory/legal requirements
• 3rd-party risks
• Risk prioritization over time

21
Historically Speaking
2001 The terrorism of September 11 and the
collapse of Enron remind the world that nothing
is too big for collapse
1993 The title Chief Risk Officer is first
used by James Lam, at GE Capital, to describe a
function to manage all aspects of risk,
including risk management, back-office
operations, and business and financial planning
1980s Companies begin Risk departments, typically
focused on insurance
1970s Risk management gains wider acceptance
1950s-1960s Traditional Risk Management (TRM)
2004 Release of COSO ERM Integrated Framework
2009 ISO 31000 published- Principles and
Guidelines.
1950
2010
2002 Sarbanes-Oxley Act of 2002
1977 Foreign Corrupt Practices Act (FCPA)
1992 Committee of Sponsoring Organizations
(COSO) published Internal Control Integrated
Framework
1920 British Petroleum forms Tanker Insurance
Company, Ltd., one of the first captive insurance
companies, beginning a movement that exploded in
the 1970s and 1980s.
1995 A multi-disciplinary task force of
Standards Australia/Standards New Zealand
publishes the first Risk Management Standard,
AS/NZS 43601995.
2008 BS 31100 published which is Principles and
Guidelines on Risk Management.
22
Risk - definition

• Effect of uncertainty on objectives
• Effect is a deviation from the expected
  positive and/or negative
• Objectives can have different angles (such as
  financial, health and safety and environmental
  goals) and can apply at different levels (such as
  strategic, organisation wide, project, product
  and process)

23
The RiSM Model
24
(No Transcript)
25
How we look at Risk
26
How should we look at Risk?
27
ISO 310002009, Risk Management Principles and
Guidelines.
28
(No Transcript)