Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Maximising Business Value Through Enterprise Risk Management


Published on

This slide deck is one that I presented in Sydney in 2010. It highlights the link between governance, risk and compliance and how GRC is used to identify and maximise business value.

  • Be the first to comment

  • Be the first to like this

Maximising Business Value Through Enterprise Risk Management

  1. 1. Maximising Business Value Through ERM
  2. 2. 1. Enterprise Risk Management 2. Risk Governance 3. Policy Compliance 4. Capital Budgeting What am I on about … ?
  3. 3. What is Enterprise Risk Management? <ul><li>Best way to manage uncertainty to minimise loss / threat </li></ul><ul><li>Needs to be holistic , no silos </li></ul><ul><li>Aligned with business objectives </li></ul>
  4. 4. Impact: Business Assessment Likelihood: Technical Assessment Risks need to be identified in a consistent manner. Ensure that you have Both technical and business input on the assessment. H M M L L Negligible H M M L L Minor H H H M L Moderate VH H H M M Major VH VH H H M Severe Almost Certain Likely Possible Unlikely Rare
  5. 5. Business Owner What are you doing about the risk? What is the result? Create a place to store the risks and ensure you capture the appropriate information that will help you manage those risks When do we check it?
  6. 6. What is Risk Governance? <ul><li>Guiding coalition that will drive your risk strategy </li></ul><ul><li>Decision making framework for ownership and treatment of risk </li></ul>
  7. 7. Risk governance provides a way of streamlining the decision making processes related to risk ownership and treatment. Who gets to make the decisions?
  8. 8. Where does compliance fit in? <ul><li>External Compliance - PCI-DSS; SOX; Privacy Act </li></ul><ul><li>Internal Compliance – Capital ratios; Security Policy </li></ul><ul><li>All compliance requirements should be internalised and managed in accordance with your ERM framework . </li></ul>
  9. 9. Policy exemptions should be assessed on risk and managed through your ERM Framework. Risk Assessment Governance
  10. 10. What do we do about the finance decision? <ul><li>Return on Investment (ROI) and Payback Period are only financial ratios </li></ul><ul><li>Net Present Value (NPV) takes time and risk into account </li></ul><ul><li>Capital budgeting analysis using NPV requires us to identify cashflows over the life of the project. </li></ul><ul><li>Use ERM framework to identify indirect cashflows </li></ul>
  11. 11. Negative NPV: Project Declined!! By incorporating indirect cashflows we can improve NPV NPV Calculation without using ERM @ Discount Rate of 9% NPV Calculation using ERM @ Discount Rate of 9% Positive NPV: Project Approved!!! Indirect cashflows
  12. 12. In Summary… <ul><li>ERM is all about managing uncertainty </li></ul><ul><li>Governance helps to identify decision makers and streamline decision making processes </li></ul><ul><li>All compliance requirements should be internalised and managed through a risk based approach </li></ul>
  13. 13. In Summary… <ul><li>Through identification of non-compliance instances we can identify indirect cashflows associated with new projects. </li></ul><ul><li>Use NPV to incorporate those indirect cashflows into the capital budgeting process. </li></ul><ul><li>By aligning compliance obligations to business initiatives we can maximise the business value through ERM. </li></ul>
  14. 14. Questions …. ? LEAD THE CHANGE…