Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.

Published byHarold Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO."— Presentation transcript:

1 Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO

2 Basic Model of Value Creation 1. Idea 2. Develop 3. Execute 4. Monetize  How the Information Technology firm creates value  Absent uncertainty, the process simply repeats over time  Not a realistic view

3 Simplistic Model of Value Creation: Adding Uncertainty 1. Idea 2. Develop 3. Execute 4. Monetize Uncertainly exists and affects all processes, therefore adaptation is required The comprehensive and incisive approach to manage uncertainty is Enterprise Risk Management (ERM): Prevent or minimize disruptions to the value creation chain Improve ability of IT firms to achievestrategic objectives Help ensure survival of IT firm Adapt External Factors

4 What in this distinguishes IT firms from other services? 1. Idea 2. Develop 3. Execute 4. Monetize Successful execution of steps 1 through 3 gives rise to an “Intellectual asset” (in step 4) that must be protected ERN within the IT firm is different from ERM within other service firms because of substantial, inherent differences in the nature of Intellectual Property assets

5 What is Enterprise Risk Management (ERM)? Enterprise Risk Management (ERM) is a strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.

6 Principles of Enterprise Risk Management  Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.  Enhancing risk response decisions – Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.  Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.  Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.  Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.  Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.

7 Two types of Risk Insurable Risk Operational Risk

8 Components of ERM Define the risk criteria (e.g., any event that could impact profit by more than 1%) Risk identification (list of possible events, see our Excel chart, IT Risk Assessment) Risk analysis (essentially, impact X probability) Risk treatment, prioritize and: - Avoidance (eliminate, withdraw from or not become involved - Reduction (optimize – mitigate) - Sharing (transfer – outsource or insure) - Retention (accept and budget) Monitoring and review (continually improve the ERM process)

9 Risk Identification The entity as a while, and each department, faces risk. Each worker is responsible for the risks that affect his/her role and activities. Identify risks on two levels: 1.Corporate Risks: impact the whole organisation and high-level goals and objectives 2.Unit Risks: impact department goals and objectives Categorise risks based on type: Physical Technological Political Financial Operational (HR, IT, Process) Strategic Executive

10 Integration of ERM Embedded in all practices and processes in a way that it is relevant Should become part of, and not separate from, those organisational processes Embed into the policy development, business and strategic planning and change management process

11 Operational HRProcessIT FraudCapacityData Integrity Health & SafetyDesignSystem Availability Evacuation PlansExecutionDevelopment Attract/retainProduct QualityMaintenance top talentSupplierSecurity IP Rights Data breach Compliance EXECUTIVE Ethics Board E&O Kidnap, ransom Compliance Regulatory PHYSICAL Catastrophic loss (e.g., fire) Environmental Incidents Weather Asbestos TECHNOLOGICAL Obsolescence Opportunity Emerging STRATEGIC Financial viability Competition M&A Legal disputes Emerging technologies Commodity pricing/volatility Alliances Black Swan Macroeconomic FINANCIAL Tax Access to capital Interest rates Foreign exchange Repatriation of funds Cash Management POLITICAL Policy changes Regulations Enforcement Compliance Foreign government actions

12 Cross Functional & Emerging View of Risks LegalFinancialBusiness/Strategic CivilOverheadBrand CriminalInterestReputation RegulatoryForeign ExchangeService ContractualInsuranceAlliance FinancingExpansion OperationalSafety/SecurityAudit TechnologySafetyFinancial Controls Info SecurityEnvironmentProcess Risks E-businessEmployee SafetyDisclosure ContinuitySafetyFraud Functional Risk View The challenge is to address cross functional and forward looking “horizon” risks

13 Risk Register Risks identified and assessed should be documented in a risk register for the organization. We use Microsoft Excel to build out the Information Technology firms’ risks registers (e.g., risk maps). We provide a risk register: Executive Owner –Leader of function (e.g., CFO, Director ) Risk Owner – Person(s) who are responsible for mitigating the risk. The risk owner(s) are usually people whose responsibilities are directly related or impacted by the risk. However, risks may have multiple risk owners. Risk Owner Department – Department that risk and risk owner are assigned to. Risk Description – A sentence or two describing the risk event. Expected/Residual/Current Likelihood Expected/Residual/Current Impact Risk Tolerance Risk Velocity Management Preparedness Please see “Risk Analysis section” for definition

14 Risk Analysis Following risk identification, stakeholders have to assess the risk using predetermined metrics. The Enterprise Risk Management function created criteria and a scoring system to prioritize the risks. The criteria established are: Likelihood – How likely is the risk to occur? Impact – If the risk were to occur, how much impact would it have on the organization? Tolerance – How much risk is the organization willing to tolerate (e.g., impact and/or likelihood of risk occurring)? Velocity – If the risk were to occur, how long would it be before the organization was impacted? Management Preparedness – How prepared or aware is management of the risk? History has shown that organizations tend to falter when risks were not identified or addressed properly.

15 Risk Appetite The amount of risk that an organisation is willing to accept in pursuit of corporate objectives Willingness to accept risk LowMediumHigh 12345 X X X X X X X Physical Technological Political Financial Operations Strategic Executive

16 Risk Mitigation Plan Following risk identification, stakeholders have to assess the risk using predetermined metrics Risk Monitoring Timeline Mitigation plan 6 Month check-up: Documentation 12 Month Check- up: Re-score & Documentation Integration

17 5622 72 Street Edmonton, AB T6B 3J4 780.469.4668 1.855.385.9888 www.plbinsurance.ca

Download ppt "Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO."

Similar presentations

Organizational Governance

Organizational Governance
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Corporate Governance Chapter 2.

Corporate Governance Chapter 2.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
Own Risk & Solvency Assessment (ORSA): The heart of Risk & Capital Management John Spencer Director, Ultimate Risk Solutions.

Own Risk & Solvency Assessment (ORSA): The heart of Risk & Capital Management John Spencer Director, Ultimate Risk Solutions.
CLOSERISKS Be CLOSE to RISKS Tashkent, April 2011 E NTERPRISE R ISK M ANAGEMENT E NTERPRISE R ISK M ANAGEMENT.

CLOSERISKS Be CLOSE to RISKS Tashkent, April 2011 E NTERPRISE R ISK M ANAGEMENT E NTERPRISE R ISK M ANAGEMENT.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
1 Risk Management at Progressive Insurance How we got started Getting corporate support Capital Management Examples of deliverables The value risk management.

1 Risk Management at Progressive Insurance How we got started Getting corporate support Capital Management Examples of deliverables The value risk management.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

MODELING CORPORATE RISK AT FORD Freeman Wood Director Global Risk Management.

Similar presentations

Ads by Google