SlideShare a Scribd company logo

Enterprise Risk Management, A Value-Added Proposition

Paul Wallis
Paul Wallis
1 of 8
Download to read offline
Policy and Management Briefs Issue 03 / November 13, 2015 amcto.com / @amcto_policy PAUL WALLIS paul.wallis@vaughan.ca Enterprise Risk Management: A Value-Added Proposition 1 Enterprise Risk Management: A Value-Added Proposition The municipal sector faces complex challenges as it strives to provide top quality services with ever shrinking budgets. This puts a significant strain on service delivery and existing business processes. Rationalization is needed but how can it be achieved in an environment that demands effectiveness and efficiency yet often times has to operate in bureaucratic, high risk averse manner? The purpose of this policy brief is explore how an integrated risk management approach or Enterprise Risk Management [ERM] can provide a balance in managing these sometimes conflicting expectations. A simple yet effective ERM approach can be a value added proposition for the municipal sector. This policy brief will discuss the nature of risk, the value proposition, ERM preparedness including success factors, and the risk events municipalities typically face. The Nature of Risk Risk can generally be defined as an uncertain event or condition that, if it occurs, has an effect on at least one objective. For example, if you have an objective to travel to particular destination, you may face a multitude of risks from not packing enough clothes to not making it to your destination safely. We all face risk every day. Our personal choices around how we live our lives are largely governed by risk. The type of car we drive, what we eat and drink, our lifestyle choices, how we travel and even aspects of our general behavior are either consciously or unconsciously controlled by our attitude towards risk. We mentally calculate the probability and impact of something happening. Some The municipal sector faces complex challenges as it strives to provide top quality services with ever shrinking budgets...A simple yet effective ERM approach can be a value added proposition.
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 2amcto.com / @amcto_policy people will not fly because they have assessed there is a reasonable probability they will meet an undesirable fate. Municipalities are faced with similar decisions in the way they operate and deliver services and operate. Decisions around strategy, service levels, operating processes, policies and procedures, and taxation are made with respect to managing taxpayer’s money within the confines of citizen expectations and the preservation of a positive public reputation. The objective for a municipality is to proactively manage risk and not let risk manage the municipality. What is Enterprise Risk Management? There are many definitions for ERM. However, most definitions recognize that ERM is: • a continuous process, part of the organization’s fabric; • linked to organizational business objectives; • strategically focused; • dependent on how much risk an organization is willing to take [risk appetite]; • designed to manage risk, not eliminate it. Although usually associated with managing potential negative consequences, an effective ERM process can also identify potential opportunities. Enterprise risk management expands the process to include not just risks associated with accidental losses or what is commonly known as insurable risk, but also strategic, financial, strategic, operational, and other risks. ERM provides opportunities for municipalities to achieve a holistic view of potential events that could affect the achievement of municipalities’ objectives. As a result, municipalities can gain a better understanding of the business process and risk mitigation strategies needed to support critical business objectives. ABOUT THE AUTHOR Paul Wallis is the Director and Head of Internal Audit at the City of Vaughan, a position he has held since 2012. Prior to joining the City, Paul spent three years at the Region of Peel as the Director and Head of Internal Audit, and in a number of similar positions for the Government of Ontario. As a strong supporter of international audit education and professional development, Paul is an instructor for the Institute of Internal Auditors and has done presentations in Canada, the United States, the Caribbean, South America and Africa. Paul is a Chartered Professional Accountant (CPA, CMA), a certified member of the Institute of Internal Auditors (CIA) and a certified member of the Information Systems Audit and Control Association (CISA) and holds a certification in Risk Management Assurance (CRMA).
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 3amcto.com / @amcto_policy ERM Preparedness and Success Factors All municipalities manage various aspects of risk. Insurance represents a well-known source of risk management. In addition, a number of internal business processes are designed to manage risk. For example, a municipality’s policies, internal controls, management reporting and financial management practices support the municipality’s view towards risk. Public pressure and the municipality’s reputation also guide the attitude or view towards risk. Unfortunately, and because of the desire to achieve quick benefits, organizations sometimes jump right in and try to implement ERM quickly. This often leads to corporate, top down approaches that result in excessive costs and minimal benefit. Municipalities already working under tight budgets cannot afford a bureaucratic approach that delivers little value. Another common problem is to view risk in isolation without considering business or strategic objectives or organizational culture. To increase the likelihood of a successful ERM implementation, the following five factors should be considered. Understand the Municipality’s Culture Public sector organizations are generally risk averse and municipalities are no exception. Processes and controls are usually developed to minimize risk as much as possible. Although their intent is to minimize financial loss and negative public reputation, these processes and controls don’t always meet their objectives. Municipalities need to understand their culture and assess their appetite or attitude towards risks. Sometimes controls and processes are so focused on risk that they have the opposite effect of creating inefficiency and bureaucracy. A hierarchal municipality with strong central management, layers of approval process and multi-layered controls is not necessarily the best way to manage risk. When a municipality is excessively risk averse, it becomes more reactive then proactive. Trust and innovation are stifled thus diminishing the value proposition. Municipalities are better served if they have the right processes and controls to manage the right risks. The right risks evolve from a better understanding of the culture. Obtain Commitment from Council and Senior Management High level support is vital in increasing the possibility of a successful ERM initiative. Senior management and Council set the “tone from the top” This involves communicating the benefits of ERM and allocating the resources to increase the likelihood of success. In addition, senior management and Council need to monitor the ERM process to determine if it is providing value and meeting organizational objectives. Public sector organizations are ususally risk averse and municipalities are no exception.
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 4amcto.com / @amcto_policy An effective change management process builds organizational awareness, desire, knowledge, and ability. Link Risks to Strategic/ Business Objectives Implementing an effective ERM process is difficult, if not impossible, if it is not linked to the municipality’s strategic, program and project objectives. A precursor to a well-planned ERM strategy is well defined and measurable strategic objectives. Operational processes and controls should be based on well-defined and measurable risk assessed strategic goals and objectives. Keep the Process Simple Existing ERM frameworks provide good guidance, but overly strict adherence can be a problem. Frameworks can complicate an ERM initiative especially when a municipality tries to retrofit its needs into the framework. A municipality needs to tailor its risk management strategy based on the critical risks identified. Value is achieved when the key risks linked to strategy are identified, assessed and mitigated. Internal processes and controls linked to the strategic risk profile support a value added operational framework. Risks need to be prioritized and the number kept small and manageable. Recognize that Risk Management is a Form of Change Management Municipalities that introduce risk management as an overall organizational initiative cannot succeed without paying attention to change management. An effective change management process builds organizational awareness, desire, knowledge, and ability. Risk management, as a process, has to undergo the same journey. Organizational buy-in is vital to success in a public sector environment. Risk management works well in a supportive, transparent, non- autocratic environment. There has to be a willingness to talk about risk, and have meaningful, constructive conversations. The Value Proposition ERM, if not managed effectively, can be an expensive, time consuming experience. It is because of this that a well thought out plan needs to be developed before a municipality engage in an ERM process. ERM is an organizational initiative and, as such, needs to include all staff at all levels. Value is achieved when an ERM process can deliver relevant and timely information to Council and the municipality’s senior management team. Effective ERM is present when it is developed by teams that include risk management professionals and business unit managers with a deep understanding of the service strategies and operations subject to potential risks.
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 5amcto.com / @amcto_policy Undermanaging risk can also be costly but, more importantly, undermine citizen trust and the municipality’s reputation. Ideally, an ERM strategy should be developed in concert with the strategic and business plans for each individual business unit and incorporate acceptable risk levels based on the risk appetite or attitude of the municipality. This means there must be an acceptable balance between acceptable risk and cost. Successful risk management, therefore, is a combination of and a balance among three key components; risk, cost and value. Over managing risk requires more business process and mitigation strategies. That can be cost ineffective and stifle innovation. Undermanaging risk can also be costly but, more importantly, undermine citizen trust and the municipality’s reputation. The following questions should be considered when trying to determine the proper balance. Risk • Does the municipality understand the risks it faces? • Does the municipality have an understanding of the key risks? • Has the municipality defined its risk appetite or attitude towards risk? • Does the municipality accept the right level of risk? • Does the municipality know if the risks are being properly managed? • Does the municipality have a risk management process in place? • Does the municipality have an effective risk reporting process in place to support senior management and Council? Cost • Is the municipality focused on the risks that matter? • Does the municipality have duplication overlapping risk functions? • Does the municipality leverage automated processes to manage risk? • Does the municipality have an overall risk mitigation strategy that focuses on minimizing costs? Value • Does the municipality align risks to strategic/business/service strategies and objectives? • Does the municipality offer the services that best optimate risk versus funding? • As a result of risk assessment, does the municipality benefit from process improvement?
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 6amcto.com / @amcto_policy Getting a good understand of risks that could have the greatest impact on a municipality can be a daunting task. • Does the municipality take the right risks to provide better value to its customers (clients/citizens)? Risk Events Getting a good understanding of risks that could have the greatest impact on a municipality can be a daunting task. It is easy to get carried away and develop a long list of risks; a list that could easily become unmanageable. One effective way of getting to the priority risks is to identify those events that could have the most impact on a municipality meeting its objectives. In 2011 and again in 2014, Zurich Municipal, a risk management organization and Ipsos MORI, a market research firm conducted a survey on the risks facing local government in United Kingdom. Based on research with local government leaders, the general public, national stakeholders and risk experts, six risk themes were identified. • Financial Sustainability – this can affect the emerging long-term funding gap and budget shortfall. • The Downside of Short-Term Decision Making – which can lead to greater financial and infrastructure costs as well as a loss of community cohesion. • The Growing Risk of Reputational Damage – this can undercut trust in municipalities and impose additional reactionary costs. • A Multi-faceted Workforce Planning Challenge – where risks of workforce downsizing coupled with growth and its consequences are compounded by a “productivity gap” and the need to align future organizational skills and talent. • Increase in Supply Chain and Partnership Arrangement [Outsourcing] – the increase in third party service delivery arrangements, the complexity of vendor relationships and compliance with procurement legislation. • Rising Continuity and Resilience Challenges – against a backdrop of a risk landscape increasingly threatening all municipalities with potentially severe and unforeseen major incidents. This could include the effects of climate change or pandemics. However, with more reliance on information technology, resiliency could be challenged by data integrity/loss, privacy and systems redundancy.
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 7amcto.com / @amcto_policy Properly implemented, ERM can provide strategic and operational opportunities by focusing activities on what is important to a municipality. Although these themes are specific to the United Kingdom, the risks identified can easily be related to the local government environment in Canada and Ontario. Municipalities can view their potential risks within the context of these themes. Not all themes may be relevant and there quite likely could be others. The value of ERM is to get ahead of the key risks by building processes and controls that can help mitigate the consequence of such events. Examples of questions that can be asked are: • What will our municipality look like five years from now; ten years from now? • What risks can serious impact our municipality from meeting its strategic and business objectives? • What will or what should our risk profile look like as business transformation evolves to meet a changing environment? • How much risk, both in terms of service innovation and downside threat, will our municipality be willing to take? How will this be operationalized in our day to day processes? Summary A clear understanding of a municipality’s culture, strategic or business objectives coupled with identification of potential risk events sets the stage for developing a value added ERM approach. Properly implemented, ERM can provide strategic and operational opportunities by focusing activities on what is important to a municipality. Specifically, ERM provides value through: 1. Improved Performance – By proactively managing risk, ERM can reduce loses and identify opportunities for strategic exploitation. This could be particularly useful when establishing service standards. 2. Improved Processes – In designing processes and risk mitigation strategies based on an ERM strategy, there are opportunities to streamline processes and reduce bureaucracy. 3. Improved Workplace Environment – Effective ERM can lead to fewer episodes of crises or reactionary management which can erode productivity and potentially affect staff well-being.
Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 8 To achieve value, however, it is essential to balance the cost of ERM to a municipality’s appetite or attitude towards risk. Over managing risk increases bureaucracy and cost, undermanaging risk not only increases reactionary costs but also erodes public trust and municipality’s reputation. About AMCTO Policy and Management Briefs AMCTO’s Policy and Management Briefs are designed to fill a gap in the discussion of local government in Ontario, by fostering dialoguing and promoting rigorous analysis of important topics facing municipalities across the province. About AMCTO With approximately 2,200 members working in municipalities across Ontario, AMCTO is Canada’s largest voluntary association of local government professionals, and the leading professional development organization for municipal administrative staff. Our mission is to provide management and leadership service to municipal professionals through continuous learning opportunities, member support, and legislative advocacy. FOR MORE INFORMATION, PLEASE CONTACT: Rick Johal Director, Member and Sector Relations rjohal@amcto.com 905.602.4294 x232 Eric Muller Coordinator, Legislative Services emuller@amcto.com 905.602.4294 x234 AMCTO Association of Municipal Managers, Clerks and Treasurers of Ontario 2680 Skymark Avenue, Suite 610 Mississauga, Ontario L4W 5L6 Tel: 905.602.4294 Fax: 905.602.4295 Web: www.amcto.com Twitter: @amcto_policy

Recommended

Position Paper - FINAL v1.0
Position Paper - FINAL v1.0Position Paper - FINAL v1.0
Position Paper - FINAL v1.0Kevin Fryatt
 
Analyzing and managing reputational risk
Analyzing and managing reputational riskAnalyzing and managing reputational risk
Analyzing and managing reputational riskDawn Simpson
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 
Enterprise Risk Management Workbook Series
Enterprise Risk Management Workbook SeriesEnterprise Risk Management Workbook Series
Enterprise Risk Management Workbook SeriesColleen Beck-Domanico
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Sustained profits with TCOR
Sustained profits with TCORSustained profits with TCOR
Sustained profits with TCORBrad Gaboury
 
Ff&f lafayette september 18, 2012 a
Ff&f lafayette september 18, 2012 aFf&f lafayette september 18, 2012 a
Ff&f lafayette september 18, 2012 aMiriam Robeson
 
Info sec 2011 julen c mohanty
Info sec 2011 julen c mohantyInfo sec 2011 julen c mohanty
Info sec 2011 julen c mohantyJulen Mohanty
 

Recommended

Position Paper - FINAL v1.0
Position Paper - FINAL v1.0Position Paper - FINAL v1.0
Position Paper - FINAL v1.0Kevin Fryatt
 
Analyzing and managing reputational risk
Analyzing and managing reputational riskAnalyzing and managing reputational risk
Analyzing and managing reputational riskDawn Simpson
 
Managing Reputational Risk
Managing Reputational RiskManaging Reputational Risk
Managing Reputational RiskEneni Oduwole
 
Enterprise Risk Management Workbook Series
Enterprise Risk Management Workbook SeriesEnterprise Risk Management Workbook Series
Enterprise Risk Management Workbook SeriesColleen Beck-Domanico
 
The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014The risk of risks: Reputation risk and resiliency Sept. 2014
The risk of risks: Reputation risk and resiliency Sept. 2014Linda Locke Reputation Strategist
 
Sustained profits with TCOR
Sustained profits with TCORSustained profits with TCOR
Sustained profits with TCORBrad Gaboury
 
Ff&f lafayette september 18, 2012 a
Ff&f lafayette september 18, 2012 aFf&f lafayette september 18, 2012 a
Ff&f lafayette september 18, 2012 aMiriam Robeson
 
Info sec 2011 julen c mohanty
Info sec 2011 julen c mohantyInfo sec 2011 julen c mohanty
Info sec 2011 julen c mohantyJulen Mohanty
 
Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk managementYusef Hamayel
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 chungarisk
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02Mike Wilkinson
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationAlexander Larsen
 
Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation RiskSteve Leigh
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213krammohan
 
Risk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your DecisionsRisk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your Decisionsdtsiolis
 
From Risk to ERM
From Risk to ERMFrom Risk to ERM
From Risk to ERMMichel Rochette
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyAddison Group
 
De juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankersDe juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankersneiracar
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontierMichel Rochette
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_inglesfanny valencia
 
Epic Factor
Epic FactorEpic Factor
Epic FactorPaul Wallis
 
Presentacion fanny 3
Presentacion fanny 3Presentacion fanny 3
Presentacion fanny 3fanny valencia
 
Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.Игорь Хайдакин
 
Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.Игорь Хайдакин
 
Exposicion fanny 2
Exposicion fanny 2Exposicion fanny 2
Exposicion fanny 2fanny valencia
 
Организация работы сервисных подразделений
Организация работы сервисных подразделенийОрганизация работы сервисных подразделений
Организация работы сервисных подразделенийИгорь Хайдакин
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_inglesfanny valencia
 

More Related Content

What's hot

Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueDavid Graham
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk managementYusef Hamayel
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 chungarisk
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02Mike Wilkinson
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationAlexander Larsen
 
Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation RiskSteve Leigh
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213krammohan
 
Risk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your DecisionsRisk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your Decisionsdtsiolis
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyAddison Group
 
De juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankersDe juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankersneiracar
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Hajar Mouatassim Lahmini
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontierMichel Rochette
 

What's hot (14)

Fraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and valueFraud, bribery and corruption: Protecting reputation and value
Fraud, bribery and corruption: Protecting reputation and value
 
Financial risk management
Financial risk managementFinancial risk management
Financial risk management
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19
 
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
WTW-EU-16-PUB-1735 Risk Culture Perspectives_V02
 
Enterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample PresentationEnterprise Risk Management & Fraud Sample Presentation
Enterprise Risk Management & Fraud Sample Presentation
 
Understanding and Managing Reputation Risk
Understanding and Managing Reputation RiskUnderstanding and Managing Reputation Risk
Understanding and Managing Reputation Risk
 
Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213Reputational risk in banks nibm lecture 220213
Reputational risk in banks nibm lecture 220213
 
Risk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your DecisionsRisk Culture. At The Heart Of Your Decisions
Risk Culture. At The Heart Of Your Decisions
 
From Risk to ERM
From Risk to ERMFrom Risk to ERM
From Risk to ERM
 
Best practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin MoneyBest practice in reputation management in a causal framework by Dr Kevin Money
Best practice in reputation management in a causal framework by Dr Kevin Money
 
De juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankersDe juan --from-good_to_bad_bankers
De juan --from-good_to_bad_bankers
 
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
Proposal for an Implementation Methodology of Key Risk Indicators System: Cas...
 
Operational risk: the new frontier
Operational risk: the new frontierOperational risk: the new frontier
Operational risk: the new frontier
 

Viewers also liked

Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_inglesfanny valencia
 
Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.Игорь Хайдакин
 
Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.Игорь Хайдакин
 
Организация работы сервисных подразделений
Организация работы сервисных подразделенийОрганизация работы сервисных подразделений
Организация работы сервисных подразделенийИгорь Хайдакин
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_inglesfanny valencia
 
Presentaciòn fanny i can.
Presentaciòn fanny i can.Presentaciòn fanny i can.
Presentaciòn fanny i can.fanny valencia
 
Les dossiers du pirate n°6 janvier-mars 2016
Les dossiers du pirate n°6 janvier-mars 2016Les dossiers du pirate n°6 janvier-mars 2016
Les dossiers du pirate n°6 janvier-mars 2016boubacar fall
 
Value for Money IT 3 final
Value for Money IT 3 finalValue for Money IT 3 final
Value for Money IT 3 finalPaul Wallis
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_inglesfanny valencia
 
Presentaciòn fanny i can.
Presentaciòn fanny i can.Presentaciòn fanny i can.
Presentaciòn fanny i can.fanny valencia
 
Sociedad del conocimiento
Sociedad del conocimientoSociedad del conocimiento
Sociedad del conocimientocristian
 

Viewers also liked (19)

Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_ingles
 
Epic Factor
Epic FactorEpic Factor
Epic Factor
 
Presentacion fanny 3
Presentacion fanny 3Presentacion fanny 3
Presentacion fanny 3
 
Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.Базовый курс для продавцов на рынке b2b.
Базовый курс для продавцов на рынке b2b.
 
Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.Новое мышление в продажах для инновационных b2b компаний.
Новое мышление в продажах для инновационных b2b компаний.
 
Exposicion fanny 2
Exposicion fanny 2Exposicion fanny 2
Exposicion fanny 2
 
Организация работы сервисных подразделений
Организация работы сервисных подразделенийОрганизация работы сервисных подразделений
Организация работы сервисных подразделений
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_ingles
 
Presentaciòn fanny i can.
Presentaciòn fanny i can.Presentaciòn fanny i can.
Presentaciòn fanny i can.
 
Les dossiers du pirate n°6 janvier-mars 2016
Les dossiers du pirate n°6 janvier-mars 2016Les dossiers du pirate n°6 janvier-mars 2016
Les dossiers du pirate n°6 janvier-mars 2016
 
Infographic
InfographicInfographic
Infographic
 
¡Feliz navidad!
¡Feliz navidad!¡Feliz navidad!
¡Feliz navidad!
 
Larutan asam basa
Larutan asam basaLarutan asam basa
Larutan asam basa
 
Ikatan kimia
Ikatan kimia Ikatan kimia
Ikatan kimia
 
Value for Money IT 3 final
Value for Money IT 3 finalValue for Money IT 3 final
Value for Money IT 3 final
 
Fanny trabajo de_ingles
Fanny trabajo de_inglesFanny trabajo de_ingles
Fanny trabajo de_ingles
 
Epic Factor
Epic FactorEpic Factor
Epic Factor
 
Presentaciòn fanny i can.
Presentaciòn fanny i can.Presentaciòn fanny i can.
Presentaciòn fanny i can.
 
Sociedad del conocimiento
Sociedad del conocimientoSociedad del conocimiento
Sociedad del conocimiento
 

Similar to Enterprise Risk Management, A Value-Added Proposition

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxrusselldayna
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docxGenevieveGo3
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsDavid X Martin
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Amrut Joshi
 
5 Keys to an Effective Ethics and Compliance Program
5 Keys to an Effective Ethics and Compliance Program5 Keys to an Effective Ethics and Compliance Program
5 Keys to an Effective Ethics and Compliance ProgramCase IQ
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Tim Leech
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-KrecickiDaniel Paula
 
The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...Albert Vilariño
 
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...PMI Indonesia Chapter
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakYashavanth Nayak
 
Executive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarExecutive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarFERMA
 

Similar to Enterprise Risk Management, A Value-Added Proposition (20)

DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxDISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docx
 
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxERM Evolving From Risk Assessment to Strategic RiskManageme.docx
ERM Evolving From Risk Assessment to Strategic RiskManageme.docx
 
My report_donald.docx
My report_donald.docxMy report_donald.docx
My report_donald.docx
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
New Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-ProfitsNew Risk Management Paradigm for Not-For-Profits
New Risk Management Paradigm for Not-For-Profits
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
 
Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0Thoughts on Direction of Ops Risk Management -V4 0
Thoughts on Direction of Ops Risk Management -V4 0
 
CRO Insight
CRO InsightCRO Insight
CRO Insight
 
5 Keys to an Effective Ethics and Compliance Program
5 Keys to an Effective Ethics and Compliance Program5 Keys to an Effective Ethics and Compliance Program
5 Keys to an Effective Ethics and Compliance Program
 
Risk management
Risk managementRisk management
Risk management
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
Chapter 8-Risk Management.pptx
Chapter 8-Risk Management.pptxChapter 8-Risk Management.pptx
Chapter 8-Risk Management.pptx
 
Descriptor MetisGRC
Descriptor MetisGRCDescriptor MetisGRC
Descriptor MetisGRC
 
Montana-Paula-Krecicki
Montana-Paula-KrecickiMontana-Paula-Krecicki
Montana-Paula-Krecicki
 
The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...
 
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...
 
Enterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G NayakEnterprise risk management-Yashvanth G Nayak
Enterprise risk management-Yashvanth G Nayak
 
Deloitte_Risk Sensing
Deloitte_Risk SensingDeloitte_Risk Sensing
Deloitte_Risk Sensing
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Executive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarExecutive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management Webinar
 

Enterprise Risk Management, A Value-Added Proposition

  • 1. Policy and Management Briefs Issue 03 / November 13, 2015 amcto.com / @amcto_policy PAUL WALLIS paul.wallis@vaughan.ca Enterprise Risk Management: A Value-Added Proposition 1 Enterprise Risk Management: A Value-Added Proposition The municipal sector faces complex challenges as it strives to provide top quality services with ever shrinking budgets. This puts a significant strain on service delivery and existing business processes. Rationalization is needed but how can it be achieved in an environment that demands effectiveness and efficiency yet often times has to operate in bureaucratic, high risk averse manner? The purpose of this policy brief is explore how an integrated risk management approach or Enterprise Risk Management [ERM] can provide a balance in managing these sometimes conflicting expectations. A simple yet effective ERM approach can be a value added proposition for the municipal sector. This policy brief will discuss the nature of risk, the value proposition, ERM preparedness including success factors, and the risk events municipalities typically face. The Nature of Risk Risk can generally be defined as an uncertain event or condition that, if it occurs, has an effect on at least one objective. For example, if you have an objective to travel to particular destination, you may face a multitude of risks from not packing enough clothes to not making it to your destination safely. We all face risk every day. Our personal choices around how we live our lives are largely governed by risk. The type of car we drive, what we eat and drink, our lifestyle choices, how we travel and even aspects of our general behavior are either consciously or unconsciously controlled by our attitude towards risk. We mentally calculate the probability and impact of something happening. Some The municipal sector faces complex challenges as it strives to provide top quality services with ever shrinking budgets...A simple yet effective ERM approach can be a value added proposition.
  • 2. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 2amcto.com / @amcto_policy people will not fly because they have assessed there is a reasonable probability they will meet an undesirable fate. Municipalities are faced with similar decisions in the way they operate and deliver services and operate. Decisions around strategy, service levels, operating processes, policies and procedures, and taxation are made with respect to managing taxpayer’s money within the confines of citizen expectations and the preservation of a positive public reputation. The objective for a municipality is to proactively manage risk and not let risk manage the municipality. What is Enterprise Risk Management? There are many definitions for ERM. However, most definitions recognize that ERM is: • a continuous process, part of the organization’s fabric; • linked to organizational business objectives; • strategically focused; • dependent on how much risk an organization is willing to take [risk appetite]; • designed to manage risk, not eliminate it. Although usually associated with managing potential negative consequences, an effective ERM process can also identify potential opportunities. Enterprise risk management expands the process to include not just risks associated with accidental losses or what is commonly known as insurable risk, but also strategic, financial, strategic, operational, and other risks. ERM provides opportunities for municipalities to achieve a holistic view of potential events that could affect the achievement of municipalities’ objectives. As a result, municipalities can gain a better understanding of the business process and risk mitigation strategies needed to support critical business objectives. ABOUT THE AUTHOR Paul Wallis is the Director and Head of Internal Audit at the City of Vaughan, a position he has held since 2012. Prior to joining the City, Paul spent three years at the Region of Peel as the Director and Head of Internal Audit, and in a number of similar positions for the Government of Ontario. As a strong supporter of international audit education and professional development, Paul is an instructor for the Institute of Internal Auditors and has done presentations in Canada, the United States, the Caribbean, South America and Africa. Paul is a Chartered Professional Accountant (CPA, CMA), a certified member of the Institute of Internal Auditors (CIA) and a certified member of the Information Systems Audit and Control Association (CISA) and holds a certification in Risk Management Assurance (CRMA).
  • 3. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 3amcto.com / @amcto_policy ERM Preparedness and Success Factors All municipalities manage various aspects of risk. Insurance represents a well-known source of risk management. In addition, a number of internal business processes are designed to manage risk. For example, a municipality’s policies, internal controls, management reporting and financial management practices support the municipality’s view towards risk. Public pressure and the municipality’s reputation also guide the attitude or view towards risk. Unfortunately, and because of the desire to achieve quick benefits, organizations sometimes jump right in and try to implement ERM quickly. This often leads to corporate, top down approaches that result in excessive costs and minimal benefit. Municipalities already working under tight budgets cannot afford a bureaucratic approach that delivers little value. Another common problem is to view risk in isolation without considering business or strategic objectives or organizational culture. To increase the likelihood of a successful ERM implementation, the following five factors should be considered. Understand the Municipality’s Culture Public sector organizations are generally risk averse and municipalities are no exception. Processes and controls are usually developed to minimize risk as much as possible. Although their intent is to minimize financial loss and negative public reputation, these processes and controls don’t always meet their objectives. Municipalities need to understand their culture and assess their appetite or attitude towards risks. Sometimes controls and processes are so focused on risk that they have the opposite effect of creating inefficiency and bureaucracy. A hierarchal municipality with strong central management, layers of approval process and multi-layered controls is not necessarily the best way to manage risk. When a municipality is excessively risk averse, it becomes more reactive then proactive. Trust and innovation are stifled thus diminishing the value proposition. Municipalities are better served if they have the right processes and controls to manage the right risks. The right risks evolve from a better understanding of the culture. Obtain Commitment from Council and Senior Management High level support is vital in increasing the possibility of a successful ERM initiative. Senior management and Council set the “tone from the top” This involves communicating the benefits of ERM and allocating the resources to increase the likelihood of success. In addition, senior management and Council need to monitor the ERM process to determine if it is providing value and meeting organizational objectives. Public sector organizations are ususally risk averse and municipalities are no exception.
  • 4. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 4amcto.com / @amcto_policy An effective change management process builds organizational awareness, desire, knowledge, and ability. Link Risks to Strategic/ Business Objectives Implementing an effective ERM process is difficult, if not impossible, if it is not linked to the municipality’s strategic, program and project objectives. A precursor to a well-planned ERM strategy is well defined and measurable strategic objectives. Operational processes and controls should be based on well-defined and measurable risk assessed strategic goals and objectives. Keep the Process Simple Existing ERM frameworks provide good guidance, but overly strict adherence can be a problem. Frameworks can complicate an ERM initiative especially when a municipality tries to retrofit its needs into the framework. A municipality needs to tailor its risk management strategy based on the critical risks identified. Value is achieved when the key risks linked to strategy are identified, assessed and mitigated. Internal processes and controls linked to the strategic risk profile support a value added operational framework. Risks need to be prioritized and the number kept small and manageable. Recognize that Risk Management is a Form of Change Management Municipalities that introduce risk management as an overall organizational initiative cannot succeed without paying attention to change management. An effective change management process builds organizational awareness, desire, knowledge, and ability. Risk management, as a process, has to undergo the same journey. Organizational buy-in is vital to success in a public sector environment. Risk management works well in a supportive, transparent, non- autocratic environment. There has to be a willingness to talk about risk, and have meaningful, constructive conversations. The Value Proposition ERM, if not managed effectively, can be an expensive, time consuming experience. It is because of this that a well thought out plan needs to be developed before a municipality engage in an ERM process. ERM is an organizational initiative and, as such, needs to include all staff at all levels. Value is achieved when an ERM process can deliver relevant and timely information to Council and the municipality’s senior management team. Effective ERM is present when it is developed by teams that include risk management professionals and business unit managers with a deep understanding of the service strategies and operations subject to potential risks.
  • 5. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 5amcto.com / @amcto_policy Undermanaging risk can also be costly but, more importantly, undermine citizen trust and the municipality’s reputation. Ideally, an ERM strategy should be developed in concert with the strategic and business plans for each individual business unit and incorporate acceptable risk levels based on the risk appetite or attitude of the municipality. This means there must be an acceptable balance between acceptable risk and cost. Successful risk management, therefore, is a combination of and a balance among three key components; risk, cost and value. Over managing risk requires more business process and mitigation strategies. That can be cost ineffective and stifle innovation. Undermanaging risk can also be costly but, more importantly, undermine citizen trust and the municipality’s reputation. The following questions should be considered when trying to determine the proper balance. Risk • Does the municipality understand the risks it faces? • Does the municipality have an understanding of the key risks? • Has the municipality defined its risk appetite or attitude towards risk? • Does the municipality accept the right level of risk? • Does the municipality know if the risks are being properly managed? • Does the municipality have a risk management process in place? • Does the municipality have an effective risk reporting process in place to support senior management and Council? Cost • Is the municipality focused on the risks that matter? • Does the municipality have duplication overlapping risk functions? • Does the municipality leverage automated processes to manage risk? • Does the municipality have an overall risk mitigation strategy that focuses on minimizing costs? Value • Does the municipality align risks to strategic/business/service strategies and objectives? • Does the municipality offer the services that best optimate risk versus funding? • As a result of risk assessment, does the municipality benefit from process improvement?
  • 6. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 6amcto.com / @amcto_policy Getting a good understand of risks that could have the greatest impact on a municipality can be a daunting task. • Does the municipality take the right risks to provide better value to its customers (clients/citizens)? Risk Events Getting a good understanding of risks that could have the greatest impact on a municipality can be a daunting task. It is easy to get carried away and develop a long list of risks; a list that could easily become unmanageable. One effective way of getting to the priority risks is to identify those events that could have the most impact on a municipality meeting its objectives. In 2011 and again in 2014, Zurich Municipal, a risk management organization and Ipsos MORI, a market research firm conducted a survey on the risks facing local government in United Kingdom. Based on research with local government leaders, the general public, national stakeholders and risk experts, six risk themes were identified. • Financial Sustainability – this can affect the emerging long-term funding gap and budget shortfall. • The Downside of Short-Term Decision Making – which can lead to greater financial and infrastructure costs as well as a loss of community cohesion. • The Growing Risk of Reputational Damage – this can undercut trust in municipalities and impose additional reactionary costs. • A Multi-faceted Workforce Planning Challenge – where risks of workforce downsizing coupled with growth and its consequences are compounded by a “productivity gap” and the need to align future organizational skills and talent. • Increase in Supply Chain and Partnership Arrangement [Outsourcing] – the increase in third party service delivery arrangements, the complexity of vendor relationships and compliance with procurement legislation. • Rising Continuity and Resilience Challenges – against a backdrop of a risk landscape increasingly threatening all municipalities with potentially severe and unforeseen major incidents. This could include the effects of climate change or pandemics. However, with more reliance on information technology, resiliency could be challenged by data integrity/loss, privacy and systems redundancy.
  • 7. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 7amcto.com / @amcto_policy Properly implemented, ERM can provide strategic and operational opportunities by focusing activities on what is important to a municipality. Although these themes are specific to the United Kingdom, the risks identified can easily be related to the local government environment in Canada and Ontario. Municipalities can view their potential risks within the context of these themes. Not all themes may be relevant and there quite likely could be others. The value of ERM is to get ahead of the key risks by building processes and controls that can help mitigate the consequence of such events. Examples of questions that can be asked are: • What will our municipality look like five years from now; ten years from now? • What risks can serious impact our municipality from meeting its strategic and business objectives? • What will or what should our risk profile look like as business transformation evolves to meet a changing environment? • How much risk, both in terms of service innovation and downside threat, will our municipality be willing to take? How will this be operationalized in our day to day processes? Summary A clear understanding of a municipality’s culture, strategic or business objectives coupled with identification of potential risk events sets the stage for developing a value added ERM approach. Properly implemented, ERM can provide strategic and operational opportunities by focusing activities on what is important to a municipality. Specifically, ERM provides value through: 1. Improved Performance – By proactively managing risk, ERM can reduce loses and identify opportunities for strategic exploitation. This could be particularly useful when establishing service standards. 2. Improved Processes – In designing processes and risk mitigation strategies based on an ERM strategy, there are opportunities to streamline processes and reduce bureaucracy. 3. Improved Workplace Environment – Effective ERM can lead to fewer episodes of crises or reactionary management which can erode productivity and potentially affect staff well-being.
  • 8. Policy and Management BriefsIssue 03 / October 26, 2015 Enterprise Risk Management: A Value-Added Proposition 8 To achieve value, however, it is essential to balance the cost of ERM to a municipality’s appetite or attitude towards risk. Over managing risk increases bureaucracy and cost, undermanaging risk not only increases reactionary costs but also erodes public trust and municipality’s reputation. About AMCTO Policy and Management Briefs AMCTO’s Policy and Management Briefs are designed to fill a gap in the discussion of local government in Ontario, by fostering dialoguing and promoting rigorous analysis of important topics facing municipalities across the province. About AMCTO With approximately 2,200 members working in municipalities across Ontario, AMCTO is Canada’s largest voluntary association of local government professionals, and the leading professional development organization for municipal administrative staff. Our mission is to provide management and leadership service to municipal professionals through continuous learning opportunities, member support, and legislative advocacy. FOR MORE INFORMATION, PLEASE CONTACT: Rick Johal Director, Member and Sector Relations rjohal@amcto.com 905.602.4294 x232 Eric Muller Coordinator, Legislative Services emuller@amcto.com 905.602.4294 x234 AMCTO Association of Municipal Managers, Clerks and Treasurers of Ontario 2680 Skymark Avenue, Suite 610 Mississauga, Ontario L4W 5L6 Tel: 905.602.4294 Fax: 905.602.4295 Web: www.amcto.com Twitter: @amcto_policy