Common failures of risk management Presentation Transcript
Common Risk Management failures &how to avoid them Presented by: Internal Audit Department
Goals of this presentation What can hold To make back an management organization aware of the key from success factors successfully for ERM as an implementing effective tool for ERM?– sustainable common growth mistakes & how to avoid them
Existence without risk!“A ship is safe in a harbor, but thats not what ships are for.” - “Salt from my attic” by John Augustus Shedd, USA How many organizations have prospered without taking risks? How many great discoveries have taken pace without taking risks? How many governments run without facing risks? How many of our jobs does not depend on risk? Is there a life that is without risk? ….Life is all about taking risks, face challenges and overcoming them
Why ERM is so important? Stakeholder involvement Changes in customer preference Board & Audit Committee Commodity price changes responsibilities Technology obsolescence Executive management Adverse changes to laws & regulations responsibilities Cyber security & privacy protection External risk reporting Business discontinuities / supply disruptions responsibilities Failed acquisitions Changes in Federal laws and regulations Company reputation risk Highly visible litigation Growing media attention Executive compensation Shareholder involvement
Global trend in Risk Management
Global study snapshot The Accenture 2011 Global Risk Management Study is based on a quantitative survey of executives from 397 companies across ten industries. All respondents were C-level executives involved in risk management decisions at their companies;One of the largest risk management organizations were split primarily among Europe,surveys of its kind, the Accenture 2011 North America, Latin America and Asia Pacific. Different-sized companies were also represented:Global Risk Management Study finds about half the companies represented had annualthat advanced risk management revenues over US$5 billion; one-fourth had revenues between US$1 billion and US$5 billion; thecapabilities are high on the executive remaining quarter had revenues between US$500agenda and now seen as a critical million and US $1 billion.business driver and source ofsustained growth and long-termcompetitive advantage.
ERM: Why a hot topic today?Holistic capabilities Clear maturity witnessed overExecutive mindset is broadening, and risk management is the last four years in the riskbecoming both more comprehensive and more integrated— management capabilitiesin decision making, in formalizing ERM programs or in therestructuring of the RM organization and its leadership. across all industries—a rapid march up the business value chain and the development of governance and organizationalLeading practices structures that give risk a voiceThe gap between the ―best and the rest‖ when it comes to at the executive table.positioning, leveraging and executing risk management isincreasing. Survey results indicate: Risk management capabilities areIndustry specificity more critical, more connected,Executives want to compare and contrast their experiences more strategic and overallwith peers from many types of companies, but especially more valuable to enterpriseswith leaders within their own industry. as they execute their business plans. As a result, companiesPragmatism are spending more time andOne message heard loud and clear is the need to identify effort advancing their riskpractical steps that can be taken to address the risk management capabilities as amanagement capability gaps which may exist within anorganization. business priority.
Enabler of long-term competitive advantage : fromreactive to proactiveRisk management as a source of competitive advantageBeyond the immediate pressures of global markets, more demandingcustomers and dramatic industry change is a growing recognition thatcompanies have an opportunity to drive competitive advantage from their riskmanagement capabilities, enabling long-term profitable growth and sustainedfuture profitability.This means that risk management at the top-performing companies is nowmore closely integrated with strategic planning and is conducted proactively,with an eye on how such capabilities might help a company move into newmarkets faster or pursue other evolving growth strategies. At its best, riskmanagement is a matter of balance—the balance between a company’sappetite for risks and its ability to manage them.Meeting the coming challengesSurveyed executives also noted that stiff challenges lie ahead when it comes todeveloping risk management capabilities that are adequate to the needs of thebusiness in the future.
Enabler of long-term competitive advantage Source: 2011 Global Risk Management Study, Accenture
Challenges of Risk Management
Major challenges faced in establishing ERMThe types of risks to which Despite major investments to improve riskcompanies are exposed, as well as capabilities, critical exposures persist,their severity, are growing according especially given companies’ inability toto surveyed executives. Companies improve their risk measurement capabilitiesare increasingly concerned about the sufficiently. Risk management needs tospectrum of risks - from supply chain support positive business growth, not onlyto operations to regulation to protect against negative occurrences, soreputation. Financial fraud and crime companies need a better way to assess theirare on the rise. risk-bearing capacity. Performance gaps exist betweenOrganizational silos and outdated companies’ expectations for riskinformation systems prevent many management and what is actually achieved.enterprises from adequatelysharing information that could Cost pressures continue unabated -mitigate risks more effectively. requiring effective management both inBetter organizational terms of cost of operations and in terms ofstructures and underpinning investment decisions.systems are essential if thechallenge of integration is to bemet.
Improving Risk Management Capabilities As the importance of risk management expands, and as companies increasingly view the risk management function not only as a preventive capability but also as a performance enabler, one would expect spending levels to rise accordingly.Source: 2011 Global Risk Management Study, Accenture
Focus categories of risks In the rapid and continuously changing environment, there are growing concerns about a broader spectrum of risks, including those related to the supply chain, operations, regulation and reputationSource: 2011 Global Risk Management Study, Accenture
Common RM failures and how to avoid them
How do you measure success of ERM?Objective of ERM: to help senior and operating management makebetter decisions about how risks should be managed organization-wide. Integration of risk assessment into strategic and operating processes Improved risk identification Implementation of more effective and early warning techniques Improvement in specific risk measures, metrics and monitoring Reduced number or avoidance of risk incidents Reduced performance variability Reduction of cost of capital and improvement in shareholder value Increased risk sensitivity and risk awareness Integration with KPI reporting Continued success of the organization
Key success factors in Risk Management
What is your risk appetite?As business strategy is linked to performance management, riskmonitoring and reporting is linked with risk appetite as both contributeto the quality of business performance One of the critical role of risk appetite is that the tone it sets for the risk culture across the organization; most major contemporary organization failures or financial frauds occurred due to flawed risk culture; To reinforce risk culture, organization’s risk appetite should be integrated into the performance management framework at the individual level to ensure consistent application; At the organizational level risk appetite should be expressed through risk based performance targets measured against actual results
Measuring success of ERM?Objective of ERM: to help senior and operating management makebetter decisions about how risks should be managed organization-wide. Integration of risk assessment into strategic and operating processes Improved risk identification Implementation of more effective and early warning techniques Improvement in specific risk measures, metrics and monitoring Reduced number or avoidance of risk incidents Reduced performance variability Reduction of cost of capital and improvement in shareholder value Increased risk sensitivity and risk awareness Integration with KPI reporting Continued success of the organization Source: Guide to Enterprise Risk Management, FAQ, Protiviti, page 121, paragraph – 136