Your SlideShare is downloading. ×
0
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Enterprise Risk Management ~ Inovastra

3,180

Published on

Concepts and principles of Enterprise Risks Management

Concepts and principles of Enterprise Risks Management

Published in: Business, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,180
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
473
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Enterprise Risk Management ~ The Pathway for Assuring the Achievement of Corporate Vision Nik Mohd Hasyudeen Yusoff Executive Chairman KHR Business Advisory Sdn. Bhd. 21 December 2006
    • 2. Agenda <ul><li>Strategic Objectives and Risks </li></ul><ul><li>The Concept of Enterprise Risk Management (ERM) </li></ul><ul><li>Steps in Implementing ERM </li></ul><ul><li>The Role Play in making ERM works </li></ul>
    • 3. <ul><li>The underlying premise of Enterprise Risk Management (ERM) is that every entity exists to provide value for its stakeholders . </li></ul><ul><li>Value is maximized when management sets strategy and objectives to strike an optimal balance between growth and return goals and related risks , and efficiently and effectively deploys resources in pursuit of the entity’s objectives. </li></ul>Strategic Objectives and Risks
    • 4. <ul><li>For governmental agencies, the purpose of their creation goes beyond providing financial returns </li></ul><ul><li>The balancing between commercial aspects and people expectation makes realising strategic objectives more challenging </li></ul><ul><li>That’s why the GLCs need so many books! </li></ul>Strategic Objectives and Risks
    • 5. Strategic Objectives and Risks Vision and Mission Strategic Objectives Programmes and Projects Outcome Cascading Strategy into Action Feedback Feedback Feedback
    • 6. <ul><li>The next question then is, what is RISK? </li></ul><ul><li>Is “risk” all bad? </li></ul>Strategic Objectives and Risks
    • 7. Strategic Objectives and Risks
    • 8. Strategic Objectives and Risks Mark Beasley, North Carolina State University
    • 9. Strategic Objectives and Risks Mark Beasley, North Carolina State University, 2004 Survey Disconnect
    • 10. Strategic Objectives and Risks Inovastra Risk Model Potential Areas of Risks to Organisations
    • 11. <ul><li>Some examples of Strategic Risks </li></ul><ul><ul><li>A property development company plans to develop link houses surrounding a beautiful natural lake (Demand risk) </li></ul></ul><ul><ul><li>A scientific research agency sets up an education institution offering business courses (Competition risk) </li></ul></ul><ul><ul><li>An agency enters into a business which it has no expertise (Capability risk) </li></ul></ul>Strategic Objectives and Risks
    • 12. <ul><li>Some examples of Other Risks </li></ul><ul><ul><li>A deposit taking company promises fixed return to investors when its investment generates fluctuating returns (Financial ~ Market risk) </li></ul></ul><ul><ul><li>A company sets new strategy that requires people with different attitude and mindset (Operational ~ People risk) </li></ul></ul><ul><ul><li>An entity makes investment into new information technology infrastructure without considering potential changes in technology (Operational – Technology </li></ul></ul>Strategic Objectives and Risks
    • 13. <ul><li>Some examples of Other Risks </li></ul><ul><ul><li>An agency entered into a joint venture and relied on the joint venture’s partner to draft the joint venture agreement (Compliance ~ Contractual risk) </li></ul></ul><ul><ul><li>A company has to provide a huge impairment losses as its fleet of vessels is no longer allowed to transport certain cargo due to changes in maritime rules (Compliance ~ Regulatory risk) </li></ul></ul><ul><ul><li>A company which certifies its products as HALAL is involved in corrupt practices (Compliance ~ Corporate values risk) </li></ul></ul>Strategic Objectives and Risks
    • 14. Strategic Objectives and Risks <ul><li>Full service </li></ul><ul><li>Convenience </li></ul><ul><li>Full of legacy </li></ul><ul><li>Government linked company </li></ul><ul><li>Low cost </li></ul><ul><li>Price driven </li></ul><ul><li>New start-up (technically) </li></ul><ul><li>Privately controlled </li></ul>There are also situations where multiple of risks are involved:
    • 15. Strategic Objectives and Risks Politics Economy Education Society Technology Environment Spirituality Global Regional National Organisation The world keeps on changing!
    • 16. <ul><li>Technology </li></ul><ul><li>Keeps changing and changing very fast! </li></ul><ul><li>New products and services </li></ul><ul><li>New way of doing business </li></ul><ul><li>Increased production efficiency and effectiveness </li></ul><ul><li>New markets </li></ul><ul><li>New threats </li></ul>Strategic Objectives and Risks
    • 17. <ul><li>Economy </li></ul><ul><li>More open and globalised economy </li></ul><ul><li>Movement from production based to service based economy, driven by knowledge capital </li></ul><ul><li>Intangible (Intellectual) assets are main value driver for business, not easily measured though </li></ul><ul><li>Companies becoming less “nation” based </li></ul><ul><li>9MP introduces the “regional” concept of development </li></ul>Strategic Objectives and Risks
    • 18. <ul><li>Education </li></ul><ul><li>Driver of intellectual capital – Knowledge Workers </li></ul><ul><li>Global based education standards </li></ul><ul><li>Shorter lifespan of knowledge, 12 months for IT! </li></ul><ul><li>Continuous Re-education is the way forward </li></ul><ul><li>What matters is “What do you do with the knowledge you learned?” </li></ul>Strategic Objectives and Risks
    • 19. <ul><li>Environment </li></ul><ul><li>Matters to a lot of people now – Corporate Responsibility Reporting </li></ul><ul><li>Environment based compliance standards – Eco Labelling </li></ul><ul><li>New “barrier” to trade </li></ul>Strategic Objectives and Risks
    • 20. <ul><li>Society </li></ul><ul><li>Its all about people, remember Enron, WorldCom? </li></ul><ul><li>Public views are easily influenced through digital media </li></ul><ul><li>Society with global values? – War on terrorism, Freedom of expression </li></ul>Strategic Objectives and Risks
    • 21. <ul><li>Politics </li></ul><ul><li>A shift in political direction would have impact on business environment </li></ul><ul><li>Globalisation of political issues? </li></ul><ul><li>Influence the level of transparency in business dealings </li></ul>Strategic Objectives and Risks
    • 22. <ul><li>Spirituality </li></ul><ul><li>Islamic financial market is an example of influence of spirituality on business </li></ul><ul><li>Ethical funds </li></ul><ul><li>Cuts across borders, based on people’s belief </li></ul>Strategic Objectives and Risks
    • 23. The Concept of Enterprise Risk Management How Organisations manage their risks? Risk management equals buying insurance Regulators are demanding risk management activities We need a sustainable Process to monitor all risks We need to know the Economic impact of our Largest risks Risks need to be quantified comprehensively Shareholders demand a risk/return framework Decision making across firm is linked to building economic value I III II VI V IV VII Mercer Oliver Wyman analysis (modified) Value add for organisations
    • 24. The Concept of Enterprise Risk Management Source: Protoviti Inc.
    • 25. The Concept of Enterprise Risk Management Strategic Market Risks Operations Risks Finance Risks Human Capital Risks IT Risks Reputation Risks Legal Risks Enterprise Focus On Risks Risks are managed in silos, each business unit or entity manage only theirs
    • 26. The Concept of Enterprise Risk Management Strategic Market Risks Operations Risks Finance Risks Human Capital Risks IT Risks Reputation Risks Legal Risks Enterprise Focus On Risks Value Creation and Preservation Risks are managed on integrated basis
    • 27. <ul><li>Enterprise risk management is a process , effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise , designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite , to provide reasonable assurance regarding the achievement of entity objectives . </li></ul>The Concept of Enterprise Risk Management Enterprise Risk Management – Integrated Framework, COSO
    • 28. <ul><li>Enterprise – Not just selected “silo” of risks </li></ul><ul><li>Process – Ongoing, living, systematic </li></ul><ul><li>Consideration of risk on portfolio basis </li></ul><ul><ul><li>Collection of risks </li></ul></ul><ul><ul><li>Interactions of risks </li></ul></ul><ul><li>Done to enhance entity value </li></ul><ul><ul><li>Heavily integrated with business strategy </li></ul></ul>The Concept of Enterprise Risk Management
    • 29. <ul><li>Focus is on coordinated programme for identification, measurement, assessment, and response to risks primarily across 2 dimensions </li></ul><ul><ul><li>Probability (Likelihood) </li></ul></ul><ul><ul><li>Criticality (Consequence) </li></ul></ul><ul><li>Key part of entity’s corporate governance </li></ul><ul><ul><li>Responsibility of senior management and board </li></ul></ul><ul><ul><li>Pushed down to key business segment management </li></ul></ul>The Concept of Enterprise Risk Management
    • 30. <ul><li>How does ERM enhance Value? </li></ul><ul><ul><li>Aligning risk appetite and strategy ~ management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanism to manage related risks </li></ul></ul><ul><ul><li>Enhancing risk response decisions ~ ERM provides the rigor to identify and select among alternative risks responses – risk avoidance, reduction, sharing and acceptance </li></ul></ul>The Concept of Enterprise Risk Management
    • 31. <ul><li>How does ERM enhance Value? </li></ul><ul><ul><li>Reducing operational surprises and loses ~ Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses </li></ul></ul><ul><ul><li>Identifying and managing multiple and across-enterprises risks ~ ERM facilitates effective response to the interrelated impacts, and integrate responses to multiple risks </li></ul></ul>The Concept of Enterprise Risk Management
    • 32. <ul><li>How does ERM enhance Value? </li></ul><ul><ul><li>Seizing opportunities ~ By considering a full range of potential events, management is positioned to identify and proactively realise opportunities </li></ul></ul><ul><ul><li>Improving deployment of capital ~ Obtaining robust risk information allows management to effectively assessed overall capital needs and enhance capital allocation </li></ul></ul>The Concept of Enterprise Risk Management
    • 33. Steps in Implementing ERM Eight components of ERM Considers all levels of the enterprise ERM helps entity to achieve Objectives across these categories
    • 34. Steps in Implementing ERM Internal Environment Objective Setting Risk Response Risk Assessment Event Identification Control Activities Information & Communication Monitoring
    • 35. <ul><li>Internal Environment </li></ul><ul><ul><li>Foundation of other components of ERM. Sets the management philosophy, risk appetite, the composition and role of the board, corporate values and culture. </li></ul></ul><ul><ul><li>Risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value. </li></ul></ul>Steps in Implementing ERM
    • 36. <ul><li>Objective Setting </li></ul><ul><ul><li>Objectives must exist before management can identify potential events affecting their achievement. ERM ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risks appetite. </li></ul></ul><ul><ul><li>Risk tolerance is the acceptable level of variation to the achievement of objectives. </li></ul></ul>Steps in Implementing ERM
    • 37. <ul><li>Event Identification </li></ul><ul><ul><li>Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channelled back to management’s strategy or objective-setting process </li></ul></ul>Steps in Implementing ERM
    • 38. <ul><li>Risk Assessment </li></ul><ul><ul><li>Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and residual basis </li></ul></ul>Steps in Implementing ERM
    • 39. <ul><li>Risk Response </li></ul><ul><ul><li>Management selects risk responses – avoiding, accepting, reducing or sharing – developing sets of actions to align risks with the entity’s risk tolerance and risk appetite </li></ul></ul>Steps in Implementing ERM
    • 40. <ul><li>Control Activities </li></ul><ul><ul><li>These are policies and procedures that are developed to ensure the risk responses are carried out. These activities occur throughout the entity, at all levels and in all functions. They include approvals, authorisations, verification, reconciliation, review of performance, performance indicators and segregation of duties. </li></ul></ul>Steps in Implementing ERM
    • 41. <ul><li>Information and Communication </li></ul><ul><ul><li>Relevant information is identified, captured and communication in a form and timeframe that enable people to carry out their responsibilities, flowing down, across and up the entity </li></ul></ul>Steps in Implementing ERM
    • 42. <ul><li>Monitoring </li></ul><ul><ul><li>The entirety of ERM is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations or both </li></ul></ul>Steps in Implementing ERM
    • 43. How a Risk Profile Matrix Works Likelihood of Occurrence of Risk Low High Low High Potential Impact of Risk <ul><li>Key Focus Area </li></ul><ul><li>Ensure actions are in place to mitigate the risk </li></ul><ul><li>Develop plans to allow a quicker recovery </li></ul><ul><li>Monitor progress of action plans </li></ul><ul><li>Monitor to ensure that </li></ul><ul><li>risk profile does not increase and that cost of mitigation is not excessive </li></ul>X X X X X X X X X X X X X X X X X <ul><li>Monitor changes to risks and evaluate implications </li></ul>Steps in Implementing ERM
    • 44. <ul><li>Case Study I </li></ul><ul><ul><li>Strategic objective: Increase rate of research commercialisation </li></ul></ul><ul><ul><li>Risk: Research commissioned does not meet the need of industry </li></ul></ul><ul><ul><li>Assessment: High risk ~ no consideration of market demand in research approval </li></ul></ul><ul><ul><li>Response: Reduce risk by changing the process of research approval </li></ul></ul><ul><ul><li>Control: Head of business development included in research approval committee </li></ul></ul><ul><ul><li>Communication: Change of process communicated to all relevant parties, including potential customers </li></ul></ul><ul><ul><li>Monitoring: Nature and number of research and commercialised research monitored quarterly by the Board </li></ul></ul>Steps in Implementing ERM
    • 45. <ul><li>Case Study II </li></ul><ul><ul><li>Strategic objective: Increase in market share of new product by increasing sales on credit </li></ul></ul><ul><ul><li>Risk: Increase in bad debts </li></ul></ul><ul><ul><li>Assessment: High risk ~ no data on consumer behaviour in view of new market </li></ul></ul><ul><ul><li>Response: Reduce risk by enhancing credit evaluation process * </li></ul></ul><ul><ul><li>Control: Only potential customer with income exceeding RM 2,000 will be given credit </li></ul></ul><ul><ul><li>Communication: Salesperson are required to inform potential customers of the conditions </li></ul></ul><ul><ul><li>Monitoring: Debts exceeding 30 days are reviewed by Head of Credit </li></ul></ul><ul><ul><li>* An entity with higher risk appetite may accept this risk </li></ul></ul>Steps in Implementing ERM
    • 46. <ul><li>Implementing ERM – it is an evolution, not revolution! For example: </li></ul>Steps in Implementing ERM Phase 1 Assessing the current state Phase 2 Developing the ERM Framework Phase 3 Implementing ERM <ul><li>Risk identification </li></ul><ul><li>Risk assessment </li></ul><ul><li>Risk management </li></ul><ul><li>capabilities </li></ul><ul><li>Infrastructure </li></ul><ul><li>Risks policies and </li></ul><ul><li>procedures </li></ul><ul><li>Technology </li></ul><ul><li>Communication and </li></ul><ul><li>reporting </li></ul><ul><li>Integrate ERM into </li></ul><ul><li>existing risk management </li></ul><ul><li>process </li></ul><ul><li>Integrate risk management </li></ul><ul><li>into strategic planning, </li></ul><ul><li>budgeting, performance </li></ul><ul><li>measurement etc </li></ul><ul><li>Integrate risk management into </li></ul><ul><li>entity’s culture </li></ul><ul><li>ERM software integration </li></ul>
    • 47. <ul><li>Key Success Factors </li></ul><ul><ul><li>Commitment from the leadership </li></ul></ul><ul><ul><li>Consensus of the vision for the future </li></ul></ul><ul><ul><li>Well defined and communicated plan </li></ul></ul><ul><ul><li>Realistic goals and timeframe </li></ul></ul><ul><ul><li>Quick early wins to gain support and confidence </li></ul></ul><ul><ul><li>Integration with key process: Strategic Planning, Investment, Performance appraisal </li></ul></ul>Steps in Implementing ERM
    • 48. <ul><li>Pitfalls </li></ul><ul><ul><li>Implementing ERM without strategic plan </li></ul></ul><ul><ul><li>Lack of visible, active support, from CEO </li></ul></ul><ul><ul><li>Implementing ERM as a part time job </li></ul></ul><ul><ul><li>Treating ERM as a project rather than a long term journey </li></ul></ul><ul><ul><li>Lack of integration with strategic planning, budgeting etc </li></ul></ul><ul><ul><li>Failing to realise the need for change management </li></ul></ul><ul><ul><li>Lack of leadership and passion </li></ul></ul>Steps in Implementing ERM
    • 49. The Role Play in Making ERM Works <ul><li>Board </li></ul><ul><ul><li>Provides important oversight of ERM by: </li></ul></ul><ul><ul><ul><li>Knowing the extent to which management has established effective ERM </li></ul></ul></ul><ul><ul><ul><li>Being aware of and concurring with the entity’s risk appetite </li></ul></ul></ul><ul><ul><ul><li>Reviewing the entity’s portfolio view of risk and considering it against the entity’s appetite </li></ul></ul></ul><ul><ul><ul><li>Being appraised of the most significant risks and whether management is responding appropriately </li></ul></ul></ul>
    • 50. The Role Play in Making ERM Works <ul><li>Management </li></ul><ul><ul><li>The management is directly responsible for all activities of ERM and the CEO has the ultimate responsibility for the ERM </li></ul></ul><ul><ul><li>The CEO’s responsibilities include seeing that all components of ERM are in place through: </li></ul></ul><ul><ul><ul><li>Providing leadership and direction to senior managers </li></ul></ul></ul><ul><ul><ul><li>Meeting periodically with senior managers responsible for functional areas to review how they manage risks </li></ul></ul></ul>
    • 51. The Role Play in Making ERM Works <ul><li>Management </li></ul><ul><ul><li>Senior managers is responsible for risks related to their units’ objectives, converts strategy into actions and guide application of ERM components within their spheres of responsibility </li></ul></ul><ul><ul><li>Specific ERM procedures are assigned to managers of specific processes, functions or departments. They also make recommendations on related control activities and provide feedback to the top management </li></ul></ul>
    • 52. The Role Play in Making ERM Works <ul><li>Other key players </li></ul><ul><ul><li>Risk officer , if created, works with managers in establishing ERM in their areas of responsibilities </li></ul></ul><ul><ul><li>Financial executives are critical in managing the finance and controllership functions which cut across the entity. Important in the reporting function as well as linking budget to strategy </li></ul></ul><ul><ul><li>Internal auditors play key role in evaluating the effectiveness and provide recommendation for the improvement of ERM of the entity </li></ul></ul>
    • 53. Key Points <ul><li>Risk is the possibility that an event will occur that and adversely affect the achievement of objectives of an organisation. </li></ul><ul><li>ERM is a structured way of managing the portfolio of risks across the organisation guided by its risk appetite. </li></ul><ul><li>Implementation of ERM could be done in phases depending on the readiness of the organisation, which normally already has some form of risk management process. </li></ul><ul><li>Everybody in the organisation is important in ERM, leadership by the CEO with the oversight of the Board is key in the success of the implementation of ERM </li></ul>
    • 54. Thank You

    ×