Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Getting the risk basics right, 30th November 2016

Presentation given by Peter Ralph held on 30th November 2016

  • Be the first to comment

Getting the risk basics right, 30th November 2016

  1. 1. Trusted to deliver excellence © 2016 Rolls-Royce plc The information in this document is the property of Rolls-Royce plc and may not be copied or communicated to a third party, or used for any purpose other than that for which it is supplied without the express written consent of Rolls-Royce plc. This information is given in good faith based upon the latest information available to Rolls-Royce plc, no warranty or representation is given concerning such information, which must not be taken as establishing any contractual or other commitment binding upon Rolls-Royce plc or any of its subsidiary or associated companies. Peter Ralph APM – 24th Nov 2016
  2. 2. Who Are Rolls-Royce
  3. 3. Latest (2015) Financial Highlights
  4. 4. Vision: ‘Better Power for a Changing World’
  5. 5. Our Businesses
  6. 6. We Don’t Make These Anymore
  7. 7. What is a Risk The OED defines risk as: • A situation involving exposure to danger, The possibility that something unpleasant or unwelcome will happen, A person or thing regarded as a threat or likely source of danger, A possibility of harm or damage against which something is insured, A person or thing regarded as likely to turn out well or badly in a particular context or respect, The possibility of financial loss.
  8. 8. What is a Risk ISO 31000 defines a risk as: The “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected Uncertainty Negative Effect Positive Effect possibility exposure to danger unpleasant or unwelcome threat or likely source of danger possibility of harm or damage as likely badly well possibility loss
  9. 9. What is Risk Management “Risk management involves understanding, analysing and addressing risk to make sure organisations achieve their objectives.” “Enterprise risk management (ERM) is an integrated and joined up approach to managing risk across an organisation and its extended networks.” • Risk Management is: • NOT risk avoidance • About Taking RATIONAL risks • Applicable to OPPORTUNITIES & THREATS A Perspective on Risk Management
  10. 10. Do We Need Risk Management? We live in an uncertain world !!
  11. 11. Brexit, Mark Carney & Risk Management “Discharging the Bank’s responsibilities for these public goods demands rigorous analysis, objective judgement, and effective transparency. We will not shirk from these obligations.” “The Bank and its independent policy committees will continue to provide analytically based, clear-eyed assessments of the economic and financial outlooks. And we will outline the risks to these forecasts so that we and others can prepare to manage them” Mark Carney, Governor of the Bank of England, 24th June 2016
  12. 12. 1971 Rolls-Royce Declared Bankrupt 2010 Rolls-Royce Qantas A380 Engine Explosion 2013 Formal Bribery Investigation at Rolls-Royce News Source: Screen 16 Do We Need Risk Management?
  13. 13. 1971 Rolls-Royce Declared Bankrupt 2010 Rolls-Royce Qantas A380 Engine Explosion 2013 Formal Bribery Investigation at Rolls-Royce News Source: Do We Need Risk Management?
  14. 14. 1971 Rolls-Royce Declared Bankrupt 2010 Rolls-Royce Qantas A380 Engine Explosion 2013 Formal Bribery Investigation at Rolls-Royce News Source: Do We Need Risk Management?
  15. 15. Do We Need Risk Management? 15 What is it worth? Answer: ~ £5.6bn
  16. 16. How Does it Benefit a Business • Improved Decision Making • Improved Performance “Companies in the top 20 percent of risk maturity generated 3 times more earnings (EBITDA) as those in the bottom 20 percent.” (Ernst and Young 2011 Global Report) • Improved Understanding and Control • Reduced Errors (Hard to quantify)
  17. 17. How Does it Deliver a Project Benefit • Better control of the project • Managed spend • Managed timelines • A plan to deal with the ‘unexpected’ when it happens • Increased success rates • Better linkage to other activities in the business
  18. 18. Rolls-Royce ERM Framework 18 HierarchyProcess Plan Identify Assess Treat Review Close Risk management culture Risk organisation and training Tools Supporting technology Risk appetite Templates and guides Effectiveness measures & KRIs Principal risks Key risks Business/Function risks Sub-Business / Major Projects Group risk register Risk policy Group RMP Assurance 1) Board 2) Board committees 3) ELT risk committee 4) Business / Functions 5) Sub-Business / Major Projects Governance & Committees Incident reporting Deep dives
  19. 19. Rolls-Royce Risk Management Process Process Plan Identify Assess Treat Review Close
  20. 20. If we Fail to Plan then we Plan to Fail! Plan early and upfront, review regularly to remain fit for purpose Success Factors: • Tone from the Top • Governance and Infrastructure (e.g. Group Risk Policy, Stated Appetite, Consistent Approach to Measuring Impact, etc.) • Integrated Risk Management Planning • Organisational Risk Culture -“Risk Management is something that we do here.”
  21. 21. Principal Risks (Owned by ELT Member): Tone from the Top: Risk Structure Key Risks (ELT -1): These material risks arise in the business or functions stemming directly from the realisation of a principal risk and made up of specific risks. (Circa 40-50 risks) Specific Risks: These are the detail risks that are present everywhere in the business. Each of these can be related to a principal risk. There are circa 5,000 of these risks and they are growing everyday Talent&Capability ProductFailure Compliance ITVulnerability Market&Financial Shock PoliticalRisk MajorProgramme Delivery Business Continuity Competitive Position Source Rolls-Royce Website Principal Risks
  22. 22. • Bow-Tie Technique Applied to Enterprise Risk • Benefits: • Breaks down the risk into a range of threats and consequences. • Engages a wider audience • Enhancing the connection to Assessment and Treatment Identifying Risk: Bow Tie Technique Consequences Threats Risk Event
  23. 23. A Consistent Approach to Assessment • Apply one Risk Matrix across the Organisation • Develop a set of impact variables and probabilities that the entire organisation can agree on (RR use Financial, Safety, Compliance and Reputation) • Ensure Significant Risks get the Right Assessment. • Don’t waste time / resources modelling low impact risks, but understand the full extent of significant risks • Have clarity on appetite, escalation and priority • A well designed risk scoring scheme help to set appetite and determine organisation priorities
  24. 24. Sample Risk Matrix - Impacts with Appetite VH 9 14 19 24 29 H 7 12 17 22 27 M 5 10 15 20 25 L 3 8 13 18 23 VL 1 6 11 16 21 Finance VL L M H VH VH 9 14 19 24 29 H 7 12 17 22 27 M 5 10 15 20 25 L 3 8 13 18 23 VL 1 6 11 16 21 Safety VL L M H VH VH 9 14 19 24 29 H 7 12 17 22 27 M 5 10 15 20 25 L 3 8 13 18 23 VL 1 6 11 16 21 Comp VL L M H VH VH 9 14 19 24 29 H 7 12 17 22 27 M 5 10 15 20 25 L 3 8 13 18 23 VL 1 6 11 16 21 Rep VL L M H VH
  25. 25. Actively Treat Risk • Ensure that Risks are Treated!! • Create actions that are SMART, monitor progress and ensure risk is reduced or controlled • Ensure high quality controls are in place, effective and regularly tested • Avoid ‘Bike Shedding’ Admiral Nelson prior to disobeying orders to thren destroy the Danish fleet
  26. 26. • Map Controls against Threats and Consequences • Benefits: • Visualise controls over threats. • Recognise weaknesses • Evaluate the quality of controls against threats to inform risk assessment Utilise the Bow Tie Technique
  27. 27. Embed Review Activity • Ensure it is frequent • Frequency is often dictated by pace of project, but less than quarterly is infrequent • Ensure it is has senior support • Review chair must have authority to act or escalate • Ensure focused is on the process and deliverables • Review by exception, focus on treatment with periodic identification • Ensure it does not feel ‘stale’ • Maintain currency and ‘deep dive’ into areas to ensure engagement is maintained
  28. 28. Summary & Words of Caution • Risk Management is a Enduring Activity • Plan, Plan and Plan some more! • Ensure Risk Management Improves the Positon • A Risk System isn’t the answer • Risk Management is evolving
  29. 29. Thank you for your attention! Peter Ralph – Enterprise Risk Manager