Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management:

Published byTracy Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Risk Management:"— Presentation transcript:

1 Enterprise Risk Management:
Understanding Enterprise Risk Management: An Overview 07/2014

2 What is Enterprise Risk Management (ERM)?
Risk Management is a defined set of coordinated activities to direct and control an organization with regard to risk. Risk Management allows an organization to identify risk mitigation strategies so the organization can achieve its goals.

3 Principles of Risk Management
Enterprise Risk Management Principles of Risk Management Risk Management creates and protects value. Risk Management is an integral part of all organizational processes. Risk Management is part of decision making. Risk Management takes human and cultural factors into account. Risk Management is systematic, structured and timely. Risk Management is based on the best available information. Risk Management is transparent and inclusive. Risk Management facilitates continual improvement of the organization.

4 What role do you play in ERM at NYU?
Enterprise Risk Management What role do you play in ERM at NYU? NYU staff members play a vital role in identifying and managing the University’s risks. You are the expert in your area of responsibilities. As the expert, we need your guidance, input, and advice with regards to the risks NYU faces and their impact on the organization. What are the objectives for this process? To identify both institutional/business unit risks and address them through mitigation activities with the goal of managing the risks to a more tolerant level. To establish understanding and organizational awareness around the risk management process and the importance of thinking through risks on a continual/regular basis. To help NYU’s Administrative and Educational functions improve performance and achieve their own stated goals and objectives.

5 Two Types of Risk Insurable Risk Operational Risk
Enterprise Risk Management Two Types of Risk Insurable Risk Operational Risk

6 Components of the Enterprise Risk Management Program
Support from the Senior Management Team Implement Risk Management in the Organization Define the risk criteria Risk identification Risk Analysis Risk Treatment Monitoring and Review

7 Some questions to ask yourself: Factors to consider include:
Enterprise Risk Management Risk Identification Every organization faces risk(s). Every department within an organization faces risk(s). And every person working for an organization is responsible for the risks that affect his/her role and activities. At NYU we identify risks on two levels: Institutional risks are those that impact the whole organization, its high-level goals and objectives. Unit risks are those that impact a particular department’s goals and objectives. We also categorize the risks based on the areas they address. Below is a list of our official categories: Strategic Financial Operational Compliance Human (Health and Safety) Information Technology Some questions to ask yourself: What events or conditions could disrupt this organization/department/individual operations and activities? What type of events or incidents could impact NYU’s reputation? (News Headlines) Do you use any systems for automation of tasks? Are there any risks that would impact the University’s financially or legally? Factors to consider include: NYUWSQ vs. Global sites Does the risk address students, faculty or staff? Does the risk you identified impact other departments?

8 Integration into the Organizational Processes
Enterprise Risk Management Integration into the Organizational Processes Risk management should be embedded in all the organization's practices and processes in a way that it is relevant, effective and efficient. The risk management process should become part of, and not separate from, those organizational processes. In particular, risk management should be embedded into the policy development, business and strategic planning and review, and change management processes.

9 Financial Strategic Market Operations Environmental Political
Enterprise Risk Management Financial Foreign exchange risk Currency inflation Repatriation of funds Cash management Economic decline Financial statements Strategic Campuses Abroad New degree programs Attraction of top talent Leadership succession plans Market Rise of online degrees Student loans Operations No use of NYU Traveler Global research exposure Cyber risk Business continuity Lack of student housing Security on campus Lack of resources Theft of university property Environmental Asbestos Pollution/Waste handling Hazardous material storage Climate conditions Natural disaster Political Partnerships at NYU international sites Health & Safety Infectious illnesses/disease Missing students Employee injury Emergency evacuation plans Student suicide Compliance Data breaches Changes in governmental regulations Research compliance OFAC laws Export/Import laws

10 Cross functional & Emerging View of Risks
Enterprise Risk Management Cross functional & Emerging View of Risks Legal Financial Business/ strategic Operational Safety/ security Audit Brand Reputation Service Alliances Expansion Technology Info Security E-business Continuity Revenue Fuel Interest Foreign Exchange Insurance/Financing Civil Criminal Regulatory Contractual Safety Environment Employee safety Security Financial controls Process risks Disclosure Fraud Functional Risk View The challenge is to address cross functional and forward looking “horizon” risks.

11 Risk Register Enterprise Risk Management
Risks identified and assessed should be documented in a risk register for the organization. We use Microsoft Excel to build out the University’s risks registers (e.g., risk maps). We provide a risk register template to all risk owners who have participated in ERM training. Executive Owner –Leader of function or school (e.g., V.P., E.V.P, Dean, or Director ) Risk Owner – Person(s) who are responsible for managing mitigation of the risk. The risk owner(s) are usually people whose responsibilities are directly related or impacted by the risk. That being said, risks may have multiple risk owners. Risk Owner Department – Department that risk and risk owner are assigned to. Risk Name – Two to four word description of risk. Risk Description – A sentence or two describing the risk event. Expected/Residual/Current Likelihood Expected/Residual/Current Impact Risk Tolerance Risk Velocity Management Preparedness Comments – Further details or background information regarding the risk. How did the risk come to be? Are there any previous instances of the risk occurring? Please see “Risk Analysis” slide for definitions

12 Risk Analysis Enterprise Risk Management
Following risk identification, stakeholders have to assess the risk using predetermined metrics. The Enterprise Risk Management function created criteria and a scoring system to prioritize the risks. The criteria established are: Likelihood – How likely is the risk to occur? Impact – If the risk were to occur, how much impact would it have on the organization? Tolerance – How much risk is the organization willing to tolerate (e.g., impact and/or likelihood of risk occurring)? Velocity – If the risk were to occur, how long would it be before the organization was impacted? Management Preparedness – How prepared or aware is management of the risk? Please note: It is very important that you are honest and open when scoring the risks. History has shown that organizations tend to falter when risks were not identified or addressed properly.

13 1 Risk Tolerance 2 3 4 5 Enterprise Risk Management
Definition: The amount of risk an organization is willing to tolerate. Also known as risk attitude and/or risk appetite. 1 Tolerance The organization can tolerate 100% chance of the risk occurring. The organization will sustain minor impact or disruption. 2 The organization can tolerate 80-99% chance of the risk occurring. 3 The organization can tolerate 50-79% chance of the risk occurring. The organization will sustain moderate impact or disruption. 4 The organization can tolerate 20-49% chance of the risk occurring. The organization will sustain major impact or disruption. 5 The organization can tolerate 0-19% chance of the risk occurring. The organization will sustain extreme impact or disruption. No Tolerance Accept the risk Do not accept the risk Risk Tolerance Impact Likelihood

14 Current Likelihood x Current Impact = Current Risk Score
Enterprise Risk Management Risk Score Current Risk: What the Risk level is under current controls. Risk Score is calculated by using the following values and formulas. Assuming the controls that are in place work as expected. Current Risk Current Likelihood x Current Impact = Current Risk Score

15 Risk Mitigation Plan Enterprise Risk Management
Following risk identification, stakeholders have to assess the risk using predetermined metrics. Risk Monitoring Timeline 12 Month Check-Up: Re-score and Documentation Mitigation Complete 6 Month Check-Up: Documentation Integration

16 Enterprise Risk Management
Risk Example 1

17 Risk Example 1 (continued from slide 15)
Enterprise Risk Management Risk Example 1 (continued from slide 15)

18 RISK SUB-RISKS OUTCOMES RISK: Weather Risk Human Error Risk
Enterprise Risk Management RISK SUB-RISKS OUTCOMES Causes the Risk to occur The results if the risk occurs Example: Weather Risk Icy conditions, flooding Human Error Risk Driver inattention, distraction Mechanical Risk Brake fails, stuck accelerator RISK: Multi-vehicle accident Health & Safety Risk Injury, loss of life Financial Loss Risk Possible litigation, increased insurance premiums Property Damage Risk Surrounding environment, vehicles

19 Contact Information Michael Liebowitz Senior Director Insurance and Enterprise Risk Management Ashleigh Shelton Enterprise Risk Management Analyst

Download ppt "Enterprise Risk Management:"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.
DERBYSHIRE COUNTY COUNCIL RISK MANAGEMENT AWARENESS TOOLKIT FOR ELECTED MEMBERS Martin Brassington and Tom Smith 2006.

DERBYSHIRE COUNTY COUNCIL RISK MANAGEMENT AWARENESS TOOLKIT FOR ELECTED MEMBERS Martin Brassington and Tom Smith 2006.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Enterprise Risk Management in DHHS

Enterprise Risk Management in DHHS
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
1 Risk management and Investigation Peter Roberts

1 Risk management and Investigation Peter Roberts
Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.

Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.
Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.

Enterprise Risk Management at Your School: Getting Started Constance Neary, VP for Risk Management, United Educators Debra Wilson, Legal Counsel, National.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.
Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.

Irish League of Credit Unions, 2012 W E L O O K A T T H I N G S D I F F E R E N T L Y Risk Management for Credit Unions September 2013 Risk Management.
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.

Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.

Similar presentations

Ads by Google