Enterprise Risk Management


Published on

Overview of enterprise risk management and process for setting up a program

Published in: Economy & Finance

Enterprise Risk Management

  1. 1. AH&T Nonprofit’s 13 th Annual Risk Management Seminar Leslie T. White CPCU, CIC, ARM, CRM Croydon Consulting, LLC November 10, 2005 Enterprise Risk Management
  2. 2. Risk Management A discipline for dealing with the possibility that some future event may cause unexpected results Dealing with uncertainty . . .
  3. 3. Principles of Enterprise Risk Management <ul><li>Every entity exists to provide value to stakeholders </li></ul><ul><li>All entities face uncertainty which presents both risk & opportunity with potential to erode, preserve or enhance value </li></ul><ul><li>ERM enables management to deal with uncertainty, associated risk & opportunity, enhancing its capacity to build value </li></ul>
  4. 4. Purpose of Enterprise Risk Management <ul><li>To provide value to stakeholders </li></ul><ul><li>To help nonprofits get to where they want to go </li></ul><ul><li>To avoid pitfalls & surprises </li></ul><ul><li>To enhance value, achieve the mission </li></ul>
  5. 5. Dealing with uncertainty . . . <ul><li>Pre-loss exercise that reflects organization’s post-loss goals and reflective of the organization’s culture </li></ul><ul><li>To identify potential events that if they occur would affect the organization </li></ul><ul><li>Events can have negative, positive or both impact </li></ul><ul><li>To manage risks within your risk appetite </li></ul>
  6. 6. Dealing with uncertainty . . . <ul><li>Determine how much uncertainty (risk and opportunity) you are prepared to accept as strive to grow value, achieve mission </li></ul><ul><li>Risk management enable management to effectively deal with uncertainty and associated risk and opportunity </li></ul><ul><li>Helps management achieve performance targets and prevent loss of resources </li></ul>
  7. 7. Innovation requires risk taking. Taking risks requires informed, fact-based decision making. Why Risk Management?
  8. 8. Risk Management Roles <ul><li>Board </li></ul><ul><ul><li>Define expectations </li></ul></ul><ul><ul><li>Set strategy & high level objectives </li></ul></ul><ul><ul><li>Resource allocation </li></ul></ul><ul><ul><li>Adopt risk management policy </li></ul></ul><ul><li>Senior Management </li></ul><ul><ul><li>Responsible for all activities </li></ul></ul><ul><ul><li>Sets the tone & influences of the internal environment (principles, values) </li></ul></ul><ul><ul><li>Develop risk management philosophy, appetite & culture </li></ul></ul>
  9. 9. Risk Management Roles <ul><li>Risk Management Committee </li></ul><ul><ul><li>Propose risk management policy & philosophy </li></ul></ul><ul><ul><li>Establish risk management goals </li></ul></ul><ul><ul><li>Develop & implement a risk management program </li></ul></ul><ul><ul><li>Help managers incorporate risk management into operations </li></ul></ul><ul><ul><li>Convert risk management strategies into operations </li></ul></ul><ul><ul><li>Present annual report to Board </li></ul></ul>
  10. 10. Risk Management Program Development Plan <ul><li>Establish risk management committee </li></ul><ul><li>Create action plan </li></ul><ul><li>Establish risk management goals </li></ul><ul><li>Adopt risk management policy </li></ul><ul><li>Evaluate risk attitudes (tolerance & appetite) for areas of risk </li></ul>
  11. 11. Risk Management Program Development Plan <ul><li>Follow steps of risk management process </li></ul><ul><ul><li>Identify & analyze risks (risk assessment) </li></ul></ul><ul><ul><li>Evaluate & prioritize </li></ul></ul><ul><ul><li>Select & implement strategies and techniques </li></ul></ul><ul><ul><li>Monitor & revise </li></ul></ul><ul><li>Annual report to board </li></ul>
  12. 12. Risk Management Attitudes <ul><li>Level of risk tolerance & risk appetite </li></ul><ul><li>Level of commitment to risk management </li></ul><ul><li>Risk management strengths & weaknesses </li></ul><ul><li>Available resources – people, time & money </li></ul>
  13. 13. Risk Management Basics <ul><li>A state of mind </li></ul><ul><li>Involve people at all levels </li></ul><ul><li>Provide instruction, training and equipment </li></ul><ul><li>Develop and follow procedures </li></ul><ul><li>Encourage input </li></ul>
  14. 14. The first standard that should be in effect for any organization is the safety of its constituents. Goal of Risk Management
  15. 15. Risk Management Cycle Identify risks Evaluate & prioritize risks Select risk management techniques Implement techniques Monitor & improve the program
  16. 16. Risk Management Process 1. Acknowledge and identify risks “ What could go wrong?” <ul><li>People </li></ul><ul><li>Property </li></ul><ul><li>Income </li></ul><ul><li>Goodwill </li></ul>Nonprofit Assets Dimensions of Risk <ul><ul><li>Operational </li></ul></ul><ul><ul><li>Legal </li></ul></ul><ul><ul><li>Political </li></ul></ul><ul><ul><li>Financial & market </li></ul></ul>
  17. 17. Risk Management Process 2. Evaluate and prioritize risks Frequency Severity Risk Analysis
  18. 18. Risk Management Process 3. Select and implement risk management techniques Avoidance Modification Retention Transfer “ What will we do?”
  19. 19. Risk Management Process 4. Monitor and update the program <ul><li>Compare actual to expected results </li></ul><ul><li>Any new programs, activities or risks? </li></ul><ul><li>Changes in mission or strategy? </li></ul>
  20. 20. Cost of Risk <ul><li>Retained losses </li></ul><ul><li>Insurance premiums or payments to outside sources for funds </li></ul><ul><li>Costs of measures to prevent or reduce losses </li></ul><ul><li>Administrative costs for risk management </li></ul>
  21. 21. Croydon Consulting, LLC Leslie T. White, CPCU, CIC, ARM, CRM P. O. Box 1414 Severna Park, MD 21146-8414 410-544-0913 Fax 410-544-9913 Email: Lwhite@croydonconsult.com www.croydonconsult.com