Gaining Ground: Building Existing Practices into Enterprise Risk Management ERM002.

Gaining Ground: Building Existing Practices into Enterprise Risk Management
ERM002

• Linda Conrad - Director of Strategic Business Risk; Zurich Linda leads a global team responsible for delivering tactical solutions to strategic issues like business resilience, supply chain risk, Enterprise Risk Management, Total Risk Profiling. Linda addresses enterprise resiliency issues in print and television appearances, including CNBC and Fox Business News, and a Wall Street Journal Microsite. Linda is on the RIMS ERM Committee and Supply Chain Risk Leadership Council. Linda holds a Specialist designation in ERM, and serves on the Educational Board of the Institute of Risk Management in London. • Radu Demian - Director of Corporate Risk Management and Compliance; Correctional Healthcare Companies Oversees the Enterprise Risk Management, Insurance, Safety and Compliance program. Past member of the RIMS ERM Committee. Previously: Manager of Corporate Risk Management at University Hospitals (UH) in Ohio; Risk Manager for the City of Windsor, Canada; Branch Manager for a European insurer.

Learning Objectives: Differentiate between traditional risk management and ERM. Describe the advantages of transitioning to ERM. Adopt steps to make the ERM expansion. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Agenda: Traditional RM vs. ERM Catalysts for ERM
Business Results Board or C-Suite Impetus Compliance and Regulatory Push Rating Agency Pressure Risk Management Roles in ERM What if ERM Is Led by Another Part of the Organization? Collaborating with Other Internal Risk Management Functions Translate Risk into Senior Executives’ Language Aligning KPIs and KRIs Demonstrating Value 5 Simple Steps to Transition to Enterprise Risk Management ERM Case Studies Exercise To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Comparing Traditional RM with ERM
Traditional RM focuses on hazard risk. Traditional RM seeks to restore an organization to former pre-loss condition. Traditional RM focuses on the value of the accidental loss. Therefore traditional RM is both its own discipline & part of the broader ERM discipline. ERM encompasses both hazard risk and business risk. ERM seeks to enable an organization to fulfill its greatest productive potential. ERM focuses on the value of the organization. ERM focuses on the organization as a whole. Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliot and Harrison page 1.14.

The Anatomy of Enterprise Risk
Hazard Cause Event 1st ORDER RISKS Physical Damage, Personal Injuries/Deaths More Insurable Visible Can Be Evaluated 2nd ORDER RISKS Consequential Losses (Production, Profits) 3rd ORDER RISKS Poorly Visible Difficult to Evaluate Indirect Economic Losses (Market share, image, managing upset, personnel, lost investments) Less Insurable 4th ORDER RISKS A consequence of the preceding risks and unacceptable to society

Evolution of Enterprise Risk and Resilience Management (ERM)

Enterprise Risk Wheel Source: Zurich

Embedding a Robust and Positive Risk Culture

The Value Killers: share price declines in one month
Frequency of contributing causes on value losses 100 companies among the largest 1000 international companies that experience the greatest declines in share price in a one-month period relative to MSCI. Note: the numbers in Risk Categories chart do not total to 100 since companies experience more than one type of risk. Leading risks: M & A economic value not realized, liquidity etc. Approx. 90% say it was not the original risk but the correlated risks that cascade A Harvard Study sponsored by Zurich showed that over two-thirds of executives from around the world recognize that risk management has become somewhat or significantly more important since the recession. Sound risk stewardship now demands an enterprise risk management approach that addresses exposures and opportunities from all angles, searching for emerging exposures and unexpected interconnections – concentration and correlations – which may not be as visible from a decentralized viewpoint. Source: Deloitte –The Value Killers Revisited, 2014

Risks that matter the most: Market capitalization loss of 50% at top 20% of Fortune 1000
Top 200 companies- Stock loss of 50% or more Source: CEB Audit Leadership Council Research. n = 128

Change in causation demands a change in risk management
Source: Deloitte –Disarming the Value Killers, 2005 Source: Deloitte –The Value Killers Revisited, 2014

Time required for share price to recover
Why does it matter? Time required for share price to recover Source: Deloitte –The Value Killers Revisited, 2014.

Board Impetus: Increasing complexity of global business risks is challenging. Boards must understand the risks facing the company and how they affect its ability to achieve its business objectives. Disclosure and transparency are imperative to understanding and potentially having proper oversight of risk. Of additional interest, the SEC just released their examination priorities for 2014: Corporate Governance, Conflicts of Interest, and Enterprise Risk Management. This initiative is designed to: (i) evaluate firms’ control environment and “tone at the top,” (ii) understand firms’ approach to conflict and risk management, and (iii) initiate a dialogue on key risks and regulatory requirements. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

C-Suite Impetus: CEOs are faced with creating greater shareholder value CFOs are challenged with achieving higher returns while spending considerable resources on ensuring compliance with internal financial controls. CIOs are dealing with ever-changing technology and sophisticated hacking threats. GCs must manage traditional legal issues and also improve legal and regulatory compliance. As a result, the C-suite is mandating that management provide greater transparency of risk across the organization, demanding a more integrated, holistic approach to understanding these enterprise-wide risks. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Compliance and Regulatory Push:
'Strategic Risk" was sited as a driver of 63% of decline in market capitalization among Fortune 200 companies, according to a study by The Corporate Executive Board Your company can reap many benefits from increased business continuity planning, including reduced earnings volatility, improved protection for reputation and shareprice, reduced capital requirements, and increased transparency to make better informed decisions through risk insight….and peace of mind for management in their fiduciary responsibilities! The positive strategic impacts of better business continuity management can be amplified when integrated into an enterprise-wide risk management program that encourages ongoing risk identification, assessment and improvement. In fact, a recent study from The Conference Board showed that the incorporation of a sophisticated risk management program can lead to increased management accountability and profitability, and can yield increased enterprise resilience and agility Source: Zurich

Rating Agency Pressure:
S&P: Business managers may demonstrate proficiency by institutionalizing comprehensive policies that recognize the complex interdependencies of the risks their businesses face, the trade-off between risk and reward, and the interplay between business and financial risk. Questions regarding risk management standards and tolerances include: Does the corporate regularly identify and assess the impact of critical strategic risks? Has the corporate determined limits for acceptable levels of risk, and if so, how are they enforced? Does the corporate hold accountable specific individuals for oversight of the most critical risks the enterprise faces, and if so, what are the rewards (consequences) for success (failure)? Does the corporate employ an effective risk-based approach to strategic decisions? Has the corporate effectively communicated to employees, owners, and other key stakeholders its tolerance for risk and commensurate expectations for earnings volatility? Proposed Criteria from General Criteria: Request For Comment: Management And Governance Credit Factors To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template). Source: |

Risk Management Roles in ERM
Author Caroline McDonald writes: “Risk managers, often seen mostly as insurance buyers, have work to do in expanding their view of risk to match those of senior executives and board members….Today, senior executives and boards think of risk in much broader terms, and risk managers need to see themselves as more than insurance buyers.” To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template). Source: RIMS Risk Management Professional Growth Model

What if ERM Is Led by Another Part of the Organization?
Just over 55% of the respondents to the 2013 RIMS ERM Benchmark Survey indicated that ERM is being led by risk management within their organizations. Two important steps for integration as part of the ERM team: conduct a frank and honest strength/developmental needs self-assessment, seeking external feedback, based on the RIMS Professional Growth model create a 15-word mission statement that answers the following question: What do or can I do that adds remarkable, measurable, distinctive and distinguished value to my organization? Understanding how to be a contributing and valued team member is indeed a leadership characteristic. Being able to demonstrate that value goes a long way towards winning a spot on the team. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Collaborating with Other Internal Risk Management Functions
To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Translate Risk into Senior Executives’ Language
To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Carol Fox, director, strategic and enterprise risk practice at the Risk and Insurance Management Society, began promoting this broader concept in a 2014 article for CFO.com article called ‘Total Cost of Risk’ Redefined Carol Fox, agreed: “CFOs don’t think of total cost of risk as what we’re measuring.” While insurance remains important for transferring risk and protecting the balance sheet, Fox said, companies are trying to strengthen their overall risk-management capabilities with an eye to overcoming obstacles to reaching organizational goals. “They’re looking at what their strategic plans are and how those play into risk scenarios,” she said

In the same article, we hear from Rich Sarnie, vice president of risk management at the Great Atlantic & Pacific Tea Co. “We need to expand it and make sure it includes all the risks and the costs associated with those risks, not just the insurable ones.” Mr. Sarnie says, “Executives are much more focused on risk management these days, but “it’s not the insurable risks that are keeping them up at night. It’s other risks,” said Sarnie. Such risks include the availability of affordable financing, reputational risk, supply-chain risk, and technology or social-media risk. Boards “want to know how we are identifying those risks and how we are managing them, plain and simple.”

Attacking Gaps Between Perceived and Actual Risks:
Must differentiate between perceived and actual risk. Identify risks that matter to the organization’s objectives and those that do not. Ask whether the risk: is relevant and important to achieving the organization’s objectives? will improve or worsen the organizations position? If NO, the risk may be a perceived rather than an actual risk. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Aligning KPI’s and KRI’s:
Key Performance Indicators (KPIs) help a firm see how it is performing in relation to its strategic goals and objectives. Key Risk Indicators (KRIs) are leading indicators of risk to business performance, giving early warning about potential risk event Zurich uses KRIs to monitor risks are in the areas such as: natural catastrophe risks (as % of group shareholder equity) asset-liability matching (duration mismatch) strategic asset allocation (% allowed in investment category) credit risk (weighted average credit rating) other risks specific to business or functional areas To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Key Risk Indicator example
ERM Vulnerability: • Inability to attract and retain necessary talent, especially in key areas A KPI would be “maintaining a company’s retention rate at X%” Possible KRI metrics to track risk significance and / or mitigation • Personnel turnover, especially in key operational areas • Number of declined job offerings • Time to fill job openings, especially key spots • Client disputes and / or losses • Qualitative measures, such as feedback obtained from HR personnel Risk is outside of our norm, indicating special causation, as monitored in control chart variance

Key Performance and Risk Indicators:
Key Performance Indicators (KPI) Progress on organizational targets and strategic goals Monitoring of employee activity completion and budget spend Measurement of results Forecasting for planning purposes Key Risk Indicators (KRI) Track metrics that are leading indicators to risk of performance Measurement based on data of influencing factors Ongoing monitoring of the level and cost of risk against risk tolerance Track changes in the risk profile of business landscape Source: Zurich

Link KRI’s to Business:
Vulnerability Trigger Key Risk Indicators Consequence Endangered asset or goal Source: Zurich

A Risk Scenario: Vulnerability Trigger(s) Consequence(s) What? Where?
How? Why? How big? How bad? How much? Existing Controls If any… Source: Zurich

Link Risk Scenario to Business Goal:
Vulnerability Trigger(s) Consequence(s) What? Where? How? Why? How big? How bad? How much? Controls If any… Strategic Objective When? What? Where? Who? Source: Zurich

Key Performance Indicator(s)
Link KPI’s: Vulnerability Trigger(s) Consequence(s) What? Where? How? Why? How big? How bad? How much? Controls If any… Strategic Objective When? What? Where? Who? Key Performance Indicator(s) When? What? Where? Who? Source: Zurich

Link KRI’s to Business:
Vulnerability Trigger(s) Consequence(s) What? Where? How? Why? How big? How bad? How much? Controls If any… Strategic Objective When? What? Where? Who? Key Perform Indicator(s) When? What? Where? Who? Key Risk Indicator(s) When? What? Where? Who? Source: Zurich

The Value of ERM A survey by Federation of European Risk Management Associations found firms with a more mature approach to Risk Management have better financial results. 75% more firms with advanced risk management practices had Earning Before Interest Taxes Depreciation and Amortization (EBITDA) growth of over 10% 62% more firms with advanced risk management practices attained annual revenue growth of 10%. Creating an active risk culture is correlated with higher growth, as the company becomes more aware and accountable for risk. 'Strategic Risk" was sited as a driver of 63% of decline in market capitalization among Fortune 200 companies, according to a study by The Corporate Executive Board Your company can reap many benefits from increased business continuity planning, including reduced earnings volatility, improved protection for reputation and shareprice, reduced capital requirements, and increased transparency to make better informed decisions through risk insight….and peace of mind for management in their fiduciary responsibilities! The positive strategic impacts of better business continuity management can be amplified when integrated into an enterprise-wide risk management program that encourages ongoing risk identification, assessment and improvement. In fact, a recent study from The Conference Board showed that the incorporation of a sophisticated risk management program can lead to increased management accountability and profitability, and can yield increased enterprise resilience and agility Source: 2012 study by Federation of European Risk Management Associations

Demonstrating Value: An Underwriter’s Perspective on ERM
Since underwriters have to assess and price the overall exposure, an underwriter typically finds the details on an ERM program very valuable. If the company does not mention its ERM program, the underwriter must assume it does not exist. Companies must communicate to insurance markets the strength and effectiveness of their ERM programs if they wish to maximize the value. The best approach is a simple meeting several months in advance of a renewal to present the ERM program details, including stakeholders, resource support and expected benefits. Do not be afraid to educate the underwriter on ERM fundamentals, if applicable. There is very little to risk, but much to be gained, by making your underwriter a partner in your ERM efforts. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Demonstrating Value: From a traditional risk management perspective, there may be quantifiable benefits in hard savings on insurance premiums and loss costs. For one healthcare organization, it meant significant premium savings: significant increase in insurance costs (30%) in the prior year. implemented an ERM program that identified and developed mitigation plans around the top five risks. before presenting ERM program, received a renewal estimate of 14% rate increase. after describing the details of ERM program and mitigation plan, we were able to significantly reduce the increase to just 4%, which translated into several hundred thousand dollars of savings. The implementation of the ERM program provided not only more operational and financial stability but also hard dollar savings for the company. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Demonstrating Value: Using Total Risk Profiling, Zurich moved from an asset-based approach to risk-based approach for operational risk quantification and capital allocation One Zurich business unit reduced operational risk-based capital (RBC) consumption by 21.7 percent The business unit then identified high risk exposures, performed a deeper assessment and developed mitigation They had an additional reduction of 28.9 % in operational RBC consumption Capital not consumed was then available to fund profitable growth for Zurich.

5 Steps to Transition to ERM:
1. Determine what value your organization will gain from ERM. What business need will be met through a structured ERM approach? Competitive advantage; more productive workforce; more stable, transparent trading partner. 2. Scan the internal environment for what is already being done. Many organizations have established controls against commonly and widely understood risks: business disruption, environmental, execution failure, etc. Leverage practices already in use within a broader ERM environment. 3. Find a champion. Should have one or more executive sponsors. Successful implementers form a cross functions working committee, including leaders responsible for management control options. Find individuals who are able to positively influence others. Create a network of risk assessment champions and trainers. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

5 Steps to Transition to ERM:
4. Adapt processes to the organization’s needs. Keep the message focused on the organization’s objectives. Make risk-informed decisions and implementing their selected responses. Strengthening the risk culture can yield great results. Embed risk metrics into the performance objectives of business managers. 5. Strive for continuous improvement. Provide progress reports in at least two ways: by material risk and by ERM program progression. Periodic reports to senior management on ERM program progression might include progress related to milestones for specific objectives. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: Ward Ching Vice President Risk Management Operations Safeway Brian Thelen Chief Risk Officer and General Auditor General Motors Sandra Carson Vice President, Enterprise Risk Management and Compliance Sysco To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What was the impetus for the ERM program at your organization? Safeway: Significantly self-insured and self-administered for most of its insurance program and utilizes two captives, on-shore and off-shore. “Culture of Safety” started in Goal was to integrate risk management into retail operations, strategy, execution, mergers and to find opportunities to grow. It was meant to reduce the cost per share by being proactive. GM: Knew that they needed to be both systemic and episodic in their approach. Must be prepared for episodic scenarios such as an earthquake in Japan, or flooding in Thailand on an operational basis. Also galvanize the company against the risk of failure on a longer-term systemic basis. Sysco: In 2009, the board was not satisfied with Sysco’s risk assessment process. The CEO wanted to get ahead of the board of directors. The ERM program needed to be flexible, have enough structure, add value and be consistently applied. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: Who was the champion of the ERM program? Safeway: The executive committee of the company: the CEO, CFO and the executive vice president of retail. The CEO and the executive committee delivered messages to employees that the Culture of Safety is an important process that will create competitive advantage for the company. GM: The Chairman and CEO. Sysco: After the retirement of the general counsel, the ERM function was moved to the CFO who served as the executive sponsor and champion for the program. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What were the first steps? Safeway: Started with an evaluation of the company’s culture to ensure the program’s cultural alignment with the core business culture. They defined core tenets, key drivers and their impact, after which the culture was mapped. Significant savings were obtained by reducing the frequency, which allowed the company to significantly reduce the loss reserves. GM: Created in 2010 with the appointment of a chief risk officer. ERM provides coverage for all GM functions and regions, including insurance and claims management activity. Sysco: Utilized outside resources to learn the “academics” of ERM and best practices. Conducted interviews with management and board committee chairs. Held prioritization workshops with executive management. Found an ability to use a “common lens” to objectively evaluate very different risks. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What was the structure and process of your ERM program? Safeway: Much more aggressive claims management approach to eliminate frequency. Cultural transformation: looked at both upside and downside potential of risk and both behavioral economics (price) and behavioral safety (losses). Compared previous trends with current to determine the savings value - show the value of prevention. Also, bonuses were calculated based on the budgeted insurance/loss number. Premium refunds were provided and process was made very transparent. Modeling tools such as Monte Carlo were used, together with Six Sigma processes, dynamic financial analysis and efficient frontier analysis. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What was the structure and process of your ERM program? GM: ERM team consists of a small core group plus approximately 40 executive-level risk officers that represent all regional and functional areas. Monthly meetings to discuss top risks, mitigation plans, tools and techniques, and emerging risk topics. The group determines what risks to focus on and who is responsible for managing and mitigating them. Assigned teams are often multi-departmental. The risk owner is the senior operating executive over the department most affected by the risk. Key risks are identified through a blue-sky thinking approach and company objectives are layered on top. The key risks selected are presented to senior management. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What was the structure and process of your ERM program? Sysco: Audit committee oversees the ERM process and recommends assignment/oversight for each of the specific key enterprise risks to the appropriate board committee. ERM process framework is reported annually to the board, but key risks are reported quarterly by executive dashboard to the full board and annually to the appropriate board committee. Each quarter a few of the top risks are selected for deeper review and discussion. Each risk is reviewed and discussed by the board at least annually. The risk assessment also captures “emerging and changing risks”. Currently transitioning to centralizing more risk via an ERP initiative. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What is the involvement of ERM in the strategic process? Safeway: The Culture of Safety program helps identify embedded risks that can influence acquisitions and structural changes. The process is used to support senior management in the due diligence process. GM: The output of the strategic plan is evaluated from a risk perspective. Stress tests are developed and presented for evaluation and possible impact on the plan prior to it being finalized. Sysco: Considers risks “of” and “to” the strategy. There is some degree of setting strategic initiatives to address the key risks identified through the ERM process and also aligning the enterprise risks with the strategy in mind. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What was a major stumbling block? Safeway: Setting up the risk management system planning in order to eliminate project risks was difficult. It was accomplished through using risk mapping peer reviews with customers and through using retail language. GM: It is a bit of a shift to try and get everyone in a room and talk openly about everything that can go wrong. However, with strong support from the top, and a carefully selected team of risk officers, we believe we have cultivated an excellent team that is open and challenges the status quo. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: What did you find to be most effective? Safeway: Positive observations had a great impact. Store manager centric experience modifiers (ExMod), were very useful as well. We now use a three-year rolling database. The ExMod stays with the store manager throughout their career and is calculated each year for publication and comparison by retail management. GM: The big wins were the decision support tools—scenario analysis and game theory, which were developed in house. The involvement in the budget process made a big difference. The results of the stress tests contributed to modification of strategic plans. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: How do you measure success? Safeway: Cascade reports that measure frequency of claims per store per hour. Divisions were charged with identifying three initiatives that move the needle: what were the key performance indicators and processes that generate savings? They fed certain behaviors over time to see if systems would change. The process contributed to managing volatility across the system. GM: Measured by the number of requests for participation received. Have been able to contribute to process improvement and help management to make more informed decisions. Everything we do should be adding value. Sysco: KRIs were developed with early warning signs, and a process for escalation. Identifying and addressing low-hanging fruit, using near-miss learnings to feed ERM, and using game theory on complicated risks to determine the best route forward. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

ERM Case Studies: Recommendations: Safeway: You need to understand who the company is, what the drivers are, how decisions are made, what the key measures are and what the language of the business is. You need to make sure you are in tune with cultural differences and that you partner with the stakeholders instead of giving them direction. GM: Sit with each of the senior leaders of the company and determine what their desired outcomes are. What can the process do for them? What is beneficial to them? The ultimate goal is to build a function that will satisfy customers. One should not make the mistake to tell business/risk owners how to do their job. The role of ERM is to help them think through and to make the most informed decisions. This approach should be adjusted based on the culture of the company. To create objectives targeted to the audience and desired level of learning/thinking: 1. Ask yourself whether you want attendees to be able to: know, apply, integrate, consider the human dimension, care, learn to learn, comprehend, apply, analyze, synthesize, or evaluate .These outcomes represent different levels/kinds of thinking. 2. Match your action words to the desired level of learning/thinking (see Presenter Tips #1 at end of presentation template) 3. Match learning objective with appropriate teaching/learning strategy (see Presenter Tips #2 at end of presentation template).

Exercise Evaluating Enterprise Resilience
You are the Risk Director of Sprocket plc, reporting to the CFO on risk management, insurance and business continuity across your enterprise In light of increasing press speculation, the Board of Sprocket has voted in favor of an aggressive bid for rival company, CLS Board asked for an urgent review of risks and resiliency in the value chain C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Enterprise Risk Wheel Source: Zurich

How will your ‘risk landscape’ change after the merger? Identify potential disruption scenarios and possible impacts What are risk assessment, mitigation and transfer options? Underline and label the four area of the ERM Risk Wheel: Strategic Operational People Financial Market C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Strategic risks Threats and opportunities that influence the ability of the company to attain strategic ambitions and remain viable: New product research and development Mergers and acquisitions Joint ventures and subsidiaries Intellectual property Management skills Brand or reputation issues And more… C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Operational risks Adverse unexpected developments to business resulting from internal processes, people, and systems, or from external events: Innovation risks Supply chain risks Growth risks People and talent risks Information technology risks Product liability risks C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

People risks changes are likely to affect the ability to attract and retain qualified staff Aging workforce globally – can companies assist in education and training? Moves in workforce from one geographic region to another skilled tradespeople Facilitate sharing of best practices Safety leadership and culture And more… How does the Deep Horizon accident and the President’s subsequent moratorium on new offshore drilling affect the markets? C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Financial risks cover risks related to accounting, treasury, pensions and fiscal, such as: Stock exchange Capital markets Liquidity Fraud Debtors/creditors Currency fluctuation C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Market risks changes are likely to affect all market participants in a similar manner: Economic and political risks Growth risks Competition risks Governmental risks Regulatory risks Geographical spread Market share How does the Deep Horizon accident and the President’s subsequent moratorium on new offshore drilling affect the markets? C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Financial Times reports that Sprocket is eyeing up CLS
Rumours abounded in the City this week that engineering group Sprocket was positioning itself to make a bid for rival CLS. CLS’s share price rose by 10% to 319p. CLS, which made profits of £95m in the last financial year, is thought by many to be ahead of its rival in transforming itself into a services business. However, its profit stream is still dominated by OEM manufactured products and the lucrative aftermarket in both the automotive and aviation sectors. Analysts didn’t like CLS’s recent bid for the smaller French firm Laroule which was designed to accelerate its diversification but was felt to be an unduly ambitious and expensive move. This has resulted in the share price lagging behind the market. Sprocket, which is seen as having a more traditional manufacturing focus may be taking advantage of CLS’s short term vulnerability to acquire the company. Sprocket has also been criticised recently for its apparent reliance on specialist bottleneck production facilities at its plant in Luxembourg. A merger could alleviate this in a stroke and while not without other risks, there are significant synergies, with some analysts estimating immediate annual cost savings of £50m. More importantly, a bigger company, with a focus on aviation as well as automotive, looks better placed to expand its share of the UK ministry of defence budget and various other markets, especially the Middle East.

CLS annual report extracts
’Operating profit up 3% at £95m with gross margins up to 29% (27%). Operating margins rose to 9.5% from 8.3% in This increase has been driven by increased operational efficiencies, lower product costs, supplier rationalisation and a developing supply chain in China.’ ‘Our strategy is to continue to build global capability, to expand in emerging markets and serve customers globally. This means working alongside our customers in the territories that drive demand in the aviation and automotive industries, channelling more products and services through our existing and expanding organisation to strengthen local relationships’. ‘We are committed to building confidence in our own ever-expanding internal knowledge base. CLS supports and resources joint projects and cross-divisional initiatives in areas of operational excellence, such as product development, market research, low-cost country sourcing and global supply chain.’

CLS annual report extracts
‘The Group is committed to the protection of the environment in all the countries in which its companies operate. Each CLS company will comply with the relevant regulatory requirements applicable to its business. Each CLS company will ensure that it acts as a good citizen in the community in which it operates and adopt practices aimed at minimising the environmental impact of its operations.’ ‘Many CLS companies collaborate with suppliers to address environmental considerations throughout the supply chain to our mutual benefit, particularly in areas such as raw materials, packaging and recycling. We focus our improvement efforts on the areas that have the most environmental and financial impact’

CLS Supply chain ‘The CLS Group sources components, materials and services on a world-wide basis. Our suppliers are an integral part of the Group’s business. Relationships with all suppliers are built on total quality practices and principles to achieve best performance, product, delivery, service and total cost. We recognise that our supply chain activities have a broad impact and that our responsibilities extend beyond our own operations and into those of our suppliers. The Group has, therefore, adopted a Supply Chain Policy to ensure that suppliers to the Group comply with or exceed certain standards in connection with their workforce, legal compliance, health and safety, business ethics and environmental standards. Our key supplier partners are expected to either have accreditation to OHSAS and ISO or be able to demonstrate a plan to achieve it within a reasonable amount of time.

CLS Supply chain We recognise that our corporate responsibility also reflects the way we behave towards our suppliers. The Group does not operate a standard policy in respect of payments to suppliers and each operating company is responsible for agreeing the terms and conditions under which business transactions are conducted, including the terms of payment. It is Group policy that payments to suppliers are made in accordance with the agreed terms. At 1 January 2010, the Group had an average of 71 days purchases outstanding in trade creditors.’ Partnership with Star Precision Following the closure of our Birmingham precision forging facility, sourcing of forged components used in 70% of our finished products has been fully transferred to our supply partner Star Precision in Nantong, China. Volumes supplied to CLS account for around one fifth of Star’s total output, highlighting the mutual benefit of the arrangement and we continue to work with Star to build this important relationship.

Analyst Update on CLS plc
Current price: 289p 12 month hi / lo: 301p / 230p Market cap: £895m Recommendation: Hold CLS is well positioned for growth but is vulnerable to an opportunist takeover if it doesn’t clarify its strategy Recent results highlights Resilient aftermarket contributed 54% of revenues Record operating profit benefiting from positive currency effect Margin benefit from stronger aftermarket, growing support services and cost management Exceptional free cash flow generation Net debt halved in the year Stabilisation of Automotive order input Stronger current trading driving a more positive outlook for CLS Aviation to benefit from record order book 2010 expectations upgraded Expensive bid for Laroule threatens share price rating and would significantly increase borrowings

While CLS delivered a sound set of results, we believe its expensive bid for Laroule has damaged its reputation for clear thinking and could threaten its steady progress towards being re-rated as a services company. This could make it vulnerable to a bid, especially if rival Sprocket renews its long held interest in consolidating the two firms’ operations. The potential for cost savings and leveraging of respective positions in the defence markets is a compelling proposition. However, there are possible downsides to a merger including CLS’s uncertain reliance on one or two supply ‘partners’ in China. The opportunity to consolidate the common supply base elsewhere is a double-edged sword. For example, both CLS and Sprocket source special steels equally from 2 European steel manufacturers and there would be increased buying power. However, Sprocket’s reputation for relentless pressure on supply costs could be a threat if it relies on this approach as part of its acquisition strategy. Some key suppliers are still financially weak as a result of the recession and could be put into further difficulty with an over-aggressive approach from customers like Sprocket.

Our analysis of Sprocket plc in January 2009 looked at the aftermath of the second and more severe fire at its Glasgow plant in 2008 which destroyed a large part of the forging and machining hall. We highlighted Sprocket’s decision following the fire to consolidate critical precision forging operations at the core site in Luxembourg and the danger of over-reliance on the one location. CLS’s partnership with Star Precision in China could alleviate this vulnerability in the event of a merger but the veil of secrecy surrounding this arrangement would need to be lifted if investors are to be assured that it is soundly based.

CLS due diligence highlights – resilience
Some evidence of business continuity planning but inconsistent between business units and nowhere near as structured as Sprocket’s own resilience program Concern expressed by Operations Director of speed with which specialist forging capabilities were shut down and manufacture transferred to China In-house precision forging capacity and skills remain in Poland but limited. Forging capacity in Birmingham is obsolete with no associated skills remaining. Very impressive procurement policy (referred to in annual report) which appears to have been followed through with most key European suppliers. Less so with Chinese suppliers. Only a few examples where single sourcing policies are in place with no firm back-up plans – see key suppliers below.

CLS due diligence highlights – resilience
Given the strategic importance of Star Precision, while there are no immediate concerns over product quality or delivery capabilities there is a concern over the relationship with CLS no formal contract has yet been agreed, more than 12 months into the partnership no discussions on joint business continuity planning no response to request for information on Star’s supply base CSL’s Technical Director currently in China with Star Precision to develop 12 month production plan, including contingency planning, and to reach long term commercial agreement

CLS, which made profits of £95m in the last financial year, is thought by many to be ahead of its rival in transforming itself into a services business. However, its profit stream is still dominated by OEM manufactured products and the lucrative aftermarket in both the automotive and aviation sectors. Analysts didn’t like CLS’s recent bid for the smaller French firm Laroule which was designed to accelerate its diversification but was felt to be an unduly ambitious and expensive move. This has resulted in the share price lagging behind the market. C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

CLS, which made profits of £95m in the last financial year, is thought by many to be ahead of its rival in transforming itself into a services business However, its profit stream is still dominated by OEM manufactured products and lucrative aftermarket in both the automotive and aviation sectors. Analysts didn’t like CLS’s recent bid for the smaller French firm Laroule which was designed to accelerate its diversification but was felt to be an unduly ambitious and expensive move. This has resulted in the share price lagging behind the market. C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Sprocket, seen as having a more traditional manufacturing focus, may be taking advantage of CLS’s short term vulnerability to acquire the company. Sprocket has also been criticized recently for its apparent reliance on specialist bottleneck production facilities at its plant in Luxembourg. A merger could alleviate this in a stroke and while not without other risks, there are significant synergies, with some analysts estimating immediate annual cost savings of £50m. More importantly, a bigger company, with a focus on aviation as well as automotive, looks better placed to expand its share of the UK ministry of defense budget and various other markets, especially the Middle East. C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Some areas influencing resilience and, ultimately, share price
Sprocket Bottleneck production - interdependencies Merger gives alternative capacity Fire record Sprocket’s aggressive policy towards suppliers Other? CLS China partnership – uncertainties (capacity, relationship, priority) Supplier rationalisation Special steels sources – leverage vs. risk (financially weak) Other? C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Next steps for analysis and improvement
Some information given but limited . For example, quantities are required Internal risks – Business Continuity Management, company integration, and more Supplier and market risks – varied Quantification, mapping and scenario analysis of business interruption exposure Supply chain risk assessment and mitigation Business continuity plan assessment and benchmarking C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

So make the move, start gaining ground!
Exercise conclusions A reactive response is not enough. Must be proactive. Stakeholder are complex and far-reaching; communication is key. Risk Management can team with Supply Chain, Operations, HR, Finance and others. It is not only enterprise risk management but business performance improvement So make the move, start gaining ground! Build the bridge between existing risk practices into Enterprise Risk and Resilience Management C:\Documents and Settings\chy5484\Local Settings\Application Data\Office\Macros\Ppt_ci\Templates\Pres_blue_on_white.pot

Questions and Contact Information • Linda Conrad – Director of Strategic Business Risk; Zurich Global Corporate • Radu Demian - Director of Corporate Risk Management and Compliance; Correctional Healthcare Companies

The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this presentation is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. © 2014 The Zurich Services Corporation.

Please complete the session survey on the RIMS14 mobile application.

Gaining Ground: Building Existing Practices into Enterprise Risk Management ERM002.

Similar presentations

Presentation on theme: "Gaining Ground: Building Existing Practices into Enterprise Risk Management ERM002."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Gaining Ground: Building Existing Practices into Enterprise Risk Management ERM002.

Similar presentations

Presentation on theme: "Gaining Ground: Building Existing Practices into Enterprise Risk Management ERM002."— Presentation transcript:

Similar presentations

About project

Feedback