Presentation is loading. Please wait.

Presentation is loading. Please wait.

Not to be reproduced without permission. Moving from Risk Assessments to Action Enterprise Risk Management Workshop September 20, 2010 Canadian Healthcare.

Similar presentations


Presentation on theme: "Not to be reproduced without permission. Moving from Risk Assessments to Action Enterprise Risk Management Workshop September 20, 2010 Canadian Healthcare."— Presentation transcript:

1 Not to be reproduced without permission. Moving from Risk Assessments to Action Enterprise Risk Management Workshop September 20, 2010 Canadian Healthcare Risk Management Network Leslie Thompson President LESRISK Diana Del Bel Belluz President Risk Wise Inc.

2 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 2

3 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 3

4 Typical Risk Decision- making Model Source: ISO 31000

5 Not to be reproduced without permission. Main challenges of a ‘Risk Decision Model’ approach to ERM … 1.The model leads to a focus on individual enterprise risks in isolation that precludes a portfolio view of risk. 2.The model focuses on risk reduction, which drives risk aversion rather than reinforcing appropriate risk- taking behaviour. 3.The model fails to recognize that implementing ERM is an exercise in organizational development, making it difficult for ERM to gain traction.

6 Not to be reproduced without permission. ISO (but only to the Risk Decision Model) introduces the concept of Continual Improvement

7 Not to be reproduced without permission. “Experience is inevitable. Learning is not.” - Paul J. H. Shoemaker Successful ERM requires: 1.An organizational Learning Framework to guide 2.Systematic development of ERM capabilities, i.e., change management approach 7

8 Not to be reproduced without permission. The Risk Wise ERM Implementation Process (geared to organizational learning) 1. Define ERM context and criteria 2. Assess risk and implications for performance 4. Close the ‘Learning Loop’ 3. Integrate ERM into business practices

9 Not to be reproduced without permission. ERM Best Practices: A Capabilities & Performance Perspective Structural capital (structures & processes)  Establishing structures that clarify accountabilities  Building consideration of risk-taking and risk management into business processes  Developing and implementing control strategies for significant enterprise risks Human capital (knowledge, skills and culture)  Developing ERM know-how  Cultivating an ERM mindset Risk Intelligence capital (information flow)  Supplying risk information that is relevant & timely  Applying risk information (risk awareness and effectiveness) to:  Engage in candid discussions about risks (priorities)  Engage the board as well as staff to align resources (risk and resource optimization and organizational learning)

10 The ERM Journey takes time… Hypothetical of Evolution of ERM Learn & Adapt

11 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 11

12 Not to be reproduced without permission. Why you can’t implement ERM with a memo It’s about people: –How work is done –What the “workers/people” believe and feel about their efficiency and effectiveness –What the people of the organization believe about making decisions under conditions of uncertainty Organizational incongruencies: –Example: how people are rewarded –Example: Who leads? How do they lead? Doesn’t Build Risk Aware Judgement: –Balancing risk intelligence with effective risk decisions Other reasons?

13 Not to be reproduced without permission. Balancing risk the quality of risk information and the effectiveness of risk decisions with the objectives for your ERM program- where do you want to be? Effectiveness of Risk Decisions Quality of Information lowhigh Risk - Aware Judgment Risk Intelligence ? ?

14 Not to be reproduced without permission. Building the Foundation for Commitment Getting Agreement and Setting Direction Check Point Making Changes Keeping It Going Check Point Check Point The change management process: a tool for successful ERM implementation Source: Dr. Harvey Kolodny, Rotman School of Management

15 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts* for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 15 * See Nov-Dec 2008 issue of Risk Management Made Simple Advisory for article: “4 Catalysts to Embed Risk Management Culture”

16 CATALYST #1: Establish Clarity Around Objectives, Strategies, Roles and Responsibilities Having a strategic goal and measurable objectives is fundamental to enterprise risk management. Be explicit about what needs to be accomplished, how, by when, and who is responsible for what. –What are the things that need to be in place for success? –What are the milestones that would let us know when we’ve achieved success? –What is the strategic path to get to each milestone? ASK YOURSELF: Does my organization have clear strategic objectives with explicit measurable milestones? Not to be reproduced without permission.

17 CATALYST #2: Articulate Risk Appetite & Tolerance Risk appetite and tolerance set important goal posts for appropriate risk taking. Determine criteria for decision-making before embarking on the process of assessing and weighing decision alternatives. ASK YOURSELF: Has my organization articulated its risk appetite and tolerance? Not to be reproduced without permission.

18 Risk Appetite vs. Risk Tolerance Executives don't end up in the news or in jail merely because they took a risk. They end up there for not managing their business risks properly. We expect our leaders to take appropriate decisions that balance upside and downside elements of risk: upside risk (benefit/opportunity) ≥ risk (threat) + cost Risk Appetite: the size of 'bet' the organization is willing to take to achieve it's objectives. It needs to be commensurate with goals and capabilities. –A clear Risk Appetite is necessary to determine appropriate goals and strategic direction. Risk Tolerance: the margin by which the organization is willing to accept either over- or under-shooting its objectives. –A clear Risk Tolerance is critical for resource allocation decisions Not to be reproduced without permission.

19 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 0% Zone of Risk Tolerance for ‘customer satisfaction with service quality’ Upper Bound (e.g. 90% of customers satisfied with service quality) Objective (e.g. 85% of customers satisfied with service quality) An example - the Zone of Risk Tolerance Lower Bound (e.g. 75% of customers satisfied with service quality) A firm may have a strategic goal to have an average customer satisfaction rating of 85% (its Risk Appetite). Operationally, it is prepared to accept ratings in the range of 75% to 90% (its limits of Risk Tolerance)

20 Why are some executives reluctant to articulate their risk appetite & tolerance? * Not to be reproduced without permission. 1.They mistakenly believe that if they don't formally commit to a tolerable level of risk then they can't be held accountable for setting it incorrectly. 2.They don't know how to go about articulating risk appetite and tolerance. * See March 2008 issue of Risk Management Made Simple Advisory for article: “The Tricks to Tolerance”

21 CATALYST #3: Use Risk Intelligence to Drive Excellent Performance Risk and performance are linked. Develop an understanding of the relationship between the drivers of your performance and your risk. It enables you to anticipate the future and gives you more time to think, plan and innovate *. Ultimately, you’ll experience fewer downside risk events and be able to exploit more upside risks. ASK YOURSELF: Has my organization linked its risk and performance indicators? Not to be reproduced without permission. *See Risk Management Made Simple Advisory ‘New Subscriber Bonus’ for how to map the link between drivers of risk & performance. *See June 2008 issue of Risk Management Made Simple Advisory for article: “The Anticipation Advantage”

22 CATALYST #4: Foster Dissent and Inquiry (part 1) For a risk assessment process to be effective, it must bring to the surface all critical information for the decision at hand. This can’t be achieved if the organization has a culture of silence in which people are afraid to speak the truth. … Not to be reproduced without permission. Executive decisions “are made well only if based on the clash of conflicting views, the dialogue between different points of view, the choice between different judgments.” Peter Drucker ‘Decision-makers need to foster conflict and dissent to ensure that the course of action selected enables the organization to achieve its performance objectives in a way that optimizes resources and balances risk better than all other plausible alternatives.’ Michael Roberto ‘Great companies continually refine the path to greatness by confronting the brutal facts of reality.’ Jim Collins

23 CATALYST #4: Foster Dissent and Inquiry (part 2) One of the biggest contributions you can make is to question how well your organization’s risk estimates reflect its particular reality. –Is your risk estimate accurate? –Is your risk estimate based on high-quality information? –Is your risk estimate relevant? –Is your risk estimation process objective? –Is the risk estimation model built on solid assumptions? Initial assessments of risks may have to be based on opinion. However, transition as quickly as possible to evidence-based measures. It is only way to distinguish between valid and invalid assumptions and guard against willful blindness. ASK YOURSELF: Does my organization foster dissent and inquiry in its strategic decision-making? Can the truth be heard? Not to be reproduced without permission.

24 Group Discussion Break into groups of 3. Each group to focus on 1 catalyst Task 1: Each individual takes 1 minute to jot down their answer to the question: “Have you applied this catalyst in your organization? (No / Partially / Fully)” Task 2: In your group, take 3 minutes each to discuss: –If your answer is “No” or “Partially”: Tell the group the main barrier/challenge that is preventing you from fully applying the catalyst. Ask the other members of your break-out group for advice on how you might overcome your main challenge. –If your answer is “Fully”: Share with the group your lessons learned and pointers based on your experience. Be prepared to share key insights with the other break- out groups. Not to be reproduced without permission.

25 Pick your catalyst… CATALYST #1: Establish Clarity Around Objectives, Strategies, Roles and Responsibilities CATALYST #2: Articulate Risk Appetite & Tolerance CATALYST #3: Use Risk Intelligence to Drive Excellent Performance CATALYST #4: Foster Dissent and Inquiry Not to be reproduced without permission.

26 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 26

27 Not to be reproduced without permission. Building the Foundation for Commitment Getting Agreement and Setting Direction Check Point Making Changes Keeping It Going Check Point Check Point Where is your organization in the change management process? Source: Dr. Harvey Kolodny, Rotman School of Management

28 Not to be reproduced without permission. Intervention Change Management Action Understand the need for change Enlist a core change team Develop vision and strategy Create a sense of urgency Communicate the Vision Act: Implement the vision Consolidate the Change Align and build congruence. Building the Foundation for Commitment Getting Agreement & Setting Direction Making Changes Keeping it going ? ERM Implementation – designing the change

29 Not to be reproduced without permission. LEARN as much as you can about both the benefits of ERM and how other groups have implemented it Evaluate your organization’s capacity and capabilities Diagnose organizational support and incongruencies Secure leadership support: –Identify allies, influencers and resisters –Engage an executive ERM champion –Engage board or trustee support for the strategic benefits of ERM Develop an ERM function or task force Involve all organizational silos in the development of your own ERM framework, and definitions Promote a common language Establish feedback loops and check-in Stage 1: How do you build support for ERM?  Leslie Thompson, 2010

30 Not to be reproduced without permission. 1.Each participant group chooses a spokesperson. 2.Task 1: In your groups review the change design map and develop a list of change interventions consistent with the objectives of the change management stage assigned to your group: Stage 1: Building a foundation for commitment, or Stage 2: Getting agreement and setting direction, or Stage 3: Making changes, or Stage 4: Keeping the changes going 3.Task 2: Discuss at what stage your organization is in ERM implementation and whether any of the suggested interventions might work for you 4.We will pool our suggestions after 10 minutes and discuss task 2. Small Group Exercise  Leslie Thompson, 2010

31 Not to be reproduced without permission. Some Interventions Understand the need for change Enlist a core change team Develop vision and strategy Create a sense of urgency Communicate the Vision Act: Implement the vision Consolidate the Change Align and build congruence Getting Agreement & Setting Direction Making ChangesKeeping it going ERM Implementation – designing the change Learn about ERM Learn about ERM in your organization Evaluated ERM capacity & capability Develop an ERM task force Secure leadership support Customize the ERM process Define terms and risk categories Communicate. Leaders show support Framework development Training Identify and assess risks for each dept. Aggregate enterprise risks Develop a risk map Develop a risk appetite statement Review alternative risk management strategies and take action Integrate with planning, budgeting, performance measurement Build infrastructure support: IT, organizational architecture Refine assessment methodologies Share best practices. Celebrate Building a Foundation for Commitment

32 Agenda 2:00Overview, Goals, and Introductions 2:10PART 1: Why a framework isn’t enough. 2:20Why you can’t implement ERM with a memo. 2:30PART 2: Catalysts for inspiring appropriate risk management action 2:45Group discussion 3:15PART 3: Applying change design to ERM Implementation 3:30Group exercise 3:55Closing Thoughts Not to be reproduced without permission. 32

33 Not to be reproduced without permission. Questions and Conclusions Leslie Thompson MBA, MFA, FSCI, CMC, ICD.D LESRISK (416) Diana Del Bel Belluz M.A.Sc., P.Eng. Risk Wise Inc. (416)


Download ppt "Not to be reproduced without permission. Moving from Risk Assessments to Action Enterprise Risk Management Workshop September 20, 2010 Canadian Healthcare."

Similar presentations


Ads by Google