The document discusses the state of risk sensing capabilities in large organizations based on a survey conducted with 155 executives. Key findings include:
- Most companies report having risk sensing capabilities, but they are more focused on financial, compliance, and operational risks rather than strategic risks.
- About two-thirds of executives agree their organizations have the right people to analyze risk sensing data, but one-third are less certain.
- The risks executives view as most important are shifting, and external perspectives on risks may warrant further consideration.
The document provides an overview of effective risk sensing practices and characteristics for organizations to develop robust risk sensing programs that identify emerging risks.
We asked a panel of risk management professionals how strategic risk stacks up at their organizations. Here are the results. To find out more about Wdesk for Enterprise Risk Management, go to https://www.workiva.com/products/enterprise-risk-management.
We asked a panel of risk management professionals how strategic risk stacks up at their organizations. Here are the results. To find out more about Wdesk for Enterprise Risk Management, go to https://www.workiva.com/products/enterprise-risk-management.
Enterprise risk management is an underutilized management practice that allows community-based financial institutions to become more efficient, smarter, and better able to compete in an increasingly complex environment.
WolfPAC Solutions Group Director Michael Cohn creates a strong case on why community-based financial institutions should implement an enterprise risk management program to reduce costs and successfully achieve business goals in an increasingly competitive and regulated environment.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Quant Labs, the research division of Quant Foundry has developed an operational risk model that supports the COO to pin point areas of process weaknesses. The model continuously learns the business operating model and enables the COO to target investment under different strategic scenarios.
The State of Enterprise Resilience - Resilience Survey 2015Julian R
A survey of how companies monitor and analyse the risk landscape, organisational risk governance, and the gap between theoretical understanding and practical application.
Risk management is a strategic security activity and is a cornerstone of security governance. The management of risk not only requires that we effectively measure it but also understand what effect vulnerability has on the level of risk. Both risk and vulnerability constantly change and not only in response to threats but also business initiatives. Does your organization have a mature risk and vulnerability identification, measurement and management process? The discussion will identify how risk responds to changes in vulnerability and how we might maximize our risk management activities to enhance the resilience of the organization and its assets.
Presentation by: Philip Banks, P. Eng., CPP, Director, The Banks Group
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
Formal policies and processes for enterprise risk management (ERM) are common among large corporations, such as those in finance and healthcare. However, most technology-focused companies consider ERM an obstacle to innovation. When properly implemented and maintained, an enterprise risk management program can lessen risk, accelerate strategic development, drive innovation and bolster bottom-line growth.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
It has become increasingly important for companies to
use sophisticated analytics as the basis for risk-financing
decisions. Marsh Global Analytics (MGA) helps our
clients make these decisions, using award-winning tools,
cutting-edge technology, and quantitative risk
management expertise developed over decades of
experience. MGA Risk Economics provides clients with
risk-financing optimization (RFO), which allows
companies to structure insurance programs in the most
economically efficient manner, while also meeting the
risk-tolerance goals of the organization as a whole.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
DISUSSION-1
RE: Chapter 15: Embedding ERM into Strategic Planning at the City of Edmonton
COLLAPSE
Top of Form
The two strategic processes
The two strategic processes which are tightly connected to ERM in the current scenario of Edmonton City ERM implementation are:
Results based budgeting and Performance measurement.
Results based budgeting (RBB):
ERM helps organizations to allocate the resources based on the requirement for completing the tasks and to produce the desired output. The RBB assists to determine the funding allocation requirements which are mandatory to fulfill the strategic objectives of organization. This budget formulation is performed based on predefined objectives such as priority, resource availability and expected results etc. here the expected results represents the desired outputs which organization expects to meet its strategic goals. In simple words the Results-based budgeting is about emphasizing performance and accountability.
Performance measurement:
The continuous performance measurement helps organizations to drive the progress in risk mitigation and it provides insights where additional attention is required. The Key performance indicators (KPIs) can be used to measure the effectiveness of risk management activities. The Performance measurement in ERM sends the list of desired outcomes to RBB and receives list of prioritized programs and costs to ensure ERM works at its full potential (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Two criteria’s must be balanced in a successful ERM model
The two criteria are model power and user-friendliness. The powerful model can provide large amount of information and lets the organization to compare the results and risks, effectiveness’ of current program and impact of future initiatives. The user friendliness program helps to easily add information, add new features and easy to understand by the user with simple steps. The user friendliness also includes if needed some unnecessary steps could also be removed without losing model robustness (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Thank you
References
Fraser, J., Simkins, B. J., & Narvaez, K. (2015). Implementing enterprise risk management: Case studies and best practices. Hoboken: Wiley.
Bottom of Form
DISCUSSION-2
1. What the other strategic processes are closely tied to ERM?
The strategic processes may have success strategy which is linked to the command of risk and organization understanding. The selection of strategy is an exercise of high-stakes. Approx. 80% of the underperformer may against the industry who have lost their wat over the prior 10 years because of blunder who are strategic and the business and strategy magazine. It may blame on failure on operations errors and the external event or compliance fault.
2. What are three kinds of risks are identified within the city of Edmonton?
There may be three risks which may involve avoidance or risk termination, tolerance or acceptance of ...
Enterprise risk management is an underutilized management practice that allows community-based financial institutions to become more efficient, smarter, and better able to compete in an increasingly complex environment.
WolfPAC Solutions Group Director Michael Cohn creates a strong case on why community-based financial institutions should implement an enterprise risk management program to reduce costs and successfully achieve business goals in an increasingly competitive and regulated environment.
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
Video & Presentation: http://www.proformative.com/events/strategic-risk-management-cfo-getting-risk-management-right
Enterprise Risk Management should be simple. Unfortunately, companies are responding to regulators and business imperatives to improve their risk management practices, all the while aligning with business strategy and performance as well as capital allocation. Leading practitioners are seeking insight and value from risk management and are using risk management to focus audit and compliance activities. In fact independent research commissioned by SAP and others suggests many successful ERM initiatives still make little use of the increasingly sophisticated technology available. This session will summarize recent research by SAP and others on the state of ERM and will provide simple, practical strategies for how Finance can drive risk management practices that build success and add value.
Speakers:
Bob Tizio, GRC Officer-Americas, SAP America Inc.
Bruce McCuaig, Director, Solution Marketing for Governance Risk & Compliance, SAP
Presentation delivered at CFO Dimensions 2013 - http://www.cfodimensions.com
Track: Finance Technology | Session: 5
A practical approach to defining indicators within an integrated ERM Framework
Workshop Overview
Many organisations have made considerable progress in the area of enterprise and operational risk management since the financial crisis in 2007/2008. However events over the last few years have demonstrated, and continue to demonstrate the need to make improvements in organisational risk management capabilities and tools.
One area of weakness and, particular challenge for many organisations is around indictors, specifically developing and managing with Key Risk indicators (KRIs). KRIs have a vital role to play in monitoring and managing risk exposure within any organisation, and should be developed and deployed in the context of a wider indicator suite which includes Key Performance Indicators (KPIs) and Key Control Indicators (KCIs).
Workshop Objective
This interactive workshop provided attendees with a deep understanding of developing and managing with Key Risk Indicators. We started by providing an overarching management framework which integrated strategy execution and risk management. We then moved on to clarify the role of KRIs, alongside KPIs and KCIs.
Using a combination of presentations and practical examples, we were able to:
Learn how to define robust suite of indicators, including the different between Leading and Lagging, and Financial and Non-Financial indicators
Understand how to use a well-structured risk definition to guide the definition of KRIs
Understand the relationship between risk appetite and KRIs, and however Risk Appetite should influence the definition of KRIs
Understand the role KRIs play in scenario analysis
Understand the role of KRIs in the risk assessment process
Understand the role of KRIs within the risk, regulatory and management reporting
Who Attended:
CROs, Directors, General Managers, Senior Management and Managers of: Operations, Operational Risk Management, Enterprise Risk Management, Internal Audit, Compliance, Operational Risk, Strategy and Performance.
Please contact andrew.smart@stratexsystems.com for more details about the presentation or to have a talk about our software solutions.
Quant Labs, the research division of Quant Foundry has developed an operational risk model that supports the COO to pin point areas of process weaknesses. The model continuously learns the business operating model and enables the COO to target investment under different strategic scenarios.
The State of Enterprise Resilience - Resilience Survey 2015Julian R
A survey of how companies monitor and analyse the risk landscape, organisational risk governance, and the gap between theoretical understanding and practical application.
Risk management is a strategic security activity and is a cornerstone of security governance. The management of risk not only requires that we effectively measure it but also understand what effect vulnerability has on the level of risk. Both risk and vulnerability constantly change and not only in response to threats but also business initiatives. Does your organization have a mature risk and vulnerability identification, measurement and management process? The discussion will identify how risk responds to changes in vulnerability and how we might maximize our risk management activities to enhance the resilience of the organization and its assets.
Presentation by: Philip Banks, P. Eng., CPP, Director, The Banks Group
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
Formal policies and processes for enterprise risk management (ERM) are common among large corporations, such as those in finance and healthcare. However, most technology-focused companies consider ERM an obstacle to innovation. When properly implemented and maintained, an enterprise risk management program can lessen risk, accelerate strategic development, drive innovation and bolster bottom-line growth.
On average organizations spend $10M+ responding to third-party security breaches each year. Third-Party Risk Management (TPRM) is the process of analyzing and controlling risks presented to your organization by outsourcing to third-party service providers (TPSP). TPSP relationships can introduce strategic, financial, operational, regulatory, and reputational risks.
For example, some TPSPs are involved in the storage, processing, and/or transmission of cardholder data (CHD), while others are involved in securing cardholder data, or securing the cardholder data environment (CDE).
Digital relationships with third-party providers increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they had experienced a data breach caused by one of their third-party providers (up 12% since 2016).
Learn more about:
• TPSP lifecycle,
• The effects of due diligence,
• The five critical control objectives, and
• How to build an effective risk assessment questionnaire.
To learn more, visit: https://bit.ly/3vQ4DjC
IFAC Senior Technical Manager Vincent Tophoff presentation during the Institute of Chartered Accountants of Pakistan's CFO Conference 2013, CFO: Meeting Future Challenges! Mr. Tophoff discusses current trends and thinking in risk management and best practices.
It has become increasingly important for companies to
use sophisticated analytics as the basis for risk-financing
decisions. Marsh Global Analytics (MGA) helps our
clients make these decisions, using award-winning tools,
cutting-edge technology, and quantitative risk
management expertise developed over decades of
experience. MGA Risk Economics provides clients with
risk-financing optimization (RFO), which allows
companies to structure insurance programs in the most
economically efficient manner, while also meeting the
risk-tolerance goals of the organization as a whole.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
DISUSSION-1RE Chapter 15 Embedding ERM into Strategic Planning.docxmadlynplamondon
DISUSSION-1
RE: Chapter 15: Embedding ERM into Strategic Planning at the City of Edmonton
COLLAPSE
Top of Form
The two strategic processes
The two strategic processes which are tightly connected to ERM in the current scenario of Edmonton City ERM implementation are:
Results based budgeting and Performance measurement.
Results based budgeting (RBB):
ERM helps organizations to allocate the resources based on the requirement for completing the tasks and to produce the desired output. The RBB assists to determine the funding allocation requirements which are mandatory to fulfill the strategic objectives of organization. This budget formulation is performed based on predefined objectives such as priority, resource availability and expected results etc. here the expected results represents the desired outputs which organization expects to meet its strategic goals. In simple words the Results-based budgeting is about emphasizing performance and accountability.
Performance measurement:
The continuous performance measurement helps organizations to drive the progress in risk mitigation and it provides insights where additional attention is required. The Key performance indicators (KPIs) can be used to measure the effectiveness of risk management activities. The Performance measurement in ERM sends the list of desired outcomes to RBB and receives list of prioritized programs and costs to ensure ERM works at its full potential (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Two criteria’s must be balanced in a successful ERM model
The two criteria are model power and user-friendliness. The powerful model can provide large amount of information and lets the organization to compare the results and risks, effectiveness’ of current program and impact of future initiatives. The user friendliness program helps to easily add information, add new features and easy to understand by the user with simple steps. The user friendliness also includes if needed some unnecessary steps could also be removed without losing model robustness (Fraser, J., Simkins, B. J., & Narvaez, K., 2015).
Thank you
References
Fraser, J., Simkins, B. J., & Narvaez, K. (2015). Implementing enterprise risk management: Case studies and best practices. Hoboken: Wiley.
Bottom of Form
DISCUSSION-2
1. What the other strategic processes are closely tied to ERM?
The strategic processes may have success strategy which is linked to the command of risk and organization understanding. The selection of strategy is an exercise of high-stakes. Approx. 80% of the underperformer may against the industry who have lost their wat over the prior 10 years because of blunder who are strategic and the business and strategy magazine. It may blame on failure on operations errors and the external event or compliance fault.
2. What are three kinds of risks are identified within the city of Edmonton?
There may be three risks which may involve avoidance or risk termination, tolerance or acceptance of ...
ERM Evolving From Risk Assessment to Strategic RiskManageme.docxrusselldayna
ERM: Evolving From Risk Assessment to Strategic Risk
Management
hfma.org/Content.aspx
Changes in the healthcare system are bringing new risks, which hospitals and
health systems need to manage effectively to remain competitive.
The U.S. healthcare ecosystem represents a $5 trillion market and is projected to grow to a
$5.5 trillion market by 2025. The exponential growth comes from several thematic drivers,
including the shift from volume to value and the rise of the consumer, both of which are turning
the industry on its head as new payment models and greater expansion of consumer options
are being introduced to the marketplace. Other drivers include evolving mobile strategies, new
entrants, an aging population, and continued uncertainty in political and regulatory
environments. With medical device cybersecurity vulnerabilities being reported at record
levels, it is evident that new risks are constantly threatening the quality of patient care and
providers’ long-term prosperity.
As the healthcare market expands and evolves, the inherent risks also are increasing, as
shown in the sidebar.
Moving Beyond Risk Identification
Traditionally, the healthcare industry has exceled in risk identification and assessment. The
industry has been less proficient at prioritizing and managing risk, however, and it has a vital
need to tackle these areas. To do so, healthcare providers must invest more in building
enterprise risk management (ERM) capabilities.
As a defensive strategy, a focus on avoiding risk may seem to hold promise, but no hospital or
health system can avoid risk entirely. By giving an organization insight into how to take the
right risks at the right time, an effective ERM program can help the organization more
successfully execute its strategic imperatives.
Getting Beyond Basic Effectiveness
Despite the growing importance of programs today, and the raised awareness of their
importance, many healthcare providers have been slow to adopt a more sophisticated
approach. As shown in the exhibit below, the current state for most providers falls between
“basic” and “evolving” maturities for ERM programs.
Levels of ERM Maturity
a
b
1/5
http://www.hfma.org/Content.aspx?id=60137
Organizations classified as basic recognize the implications of risk to
achieving the organization’s objectives and are just beginning to have
important discussions on the topics of risk. Often defined as hazards
and considered only in the context of their adverse consequences, risks
managed at a basic maturity levels are identified on an annual basis; risk mitigation and
controls are seldom factored in, and reporting is seldom, most often biannually at best.
Organizations at basic maturity also may have disparate risk management processes that
aren’t managed in a coordinated method (e.g., compliance, IT/cyber security, operations, and
legal/insurance) and that exist outside normal management processes or cadences. Moreover,
the internal ERM risk assessment is s.
SymEx 2015 - Turning Risks Into Results, A Wider Perspective to Understand P...PMI Indonesia Chapter
From Enron and WorldCom to the more recent financial crisis, events of the last decade have fundamentally shifted how organizations think about risk. Companies around the world have made substantial investments in personnel, processes and technology to help mitigate and control business risk. Historically, these risk investments have focused primarily on financial controls and regulatory compliance. However, these investments have often not addressed more strategic business risk areas. As a result, senior executives may not perceive risk management as strategic to the enterprise. Senior executives also may not have sufficient confidence in their ability to identify and address the risks that could impact the financial performance − or even the viability — of their organization. A strategic question presents itself: “Do organizations with more mature risk management practices outperform their peers financially?” Our research and experience tend to suggest “yes!”
In this presentation, Isnaeni Achdiat will also discuss how leading organization with higher maturity in managing risks, gets better return. We will also present the new paradigm of dealing with risks, either it is good or bad risks. We will introduce the concept of "risk that matters" in an organization and discuss approach to mitigate. Furthermore, we will present the linkage between strategic and project risks and how a good risk culture can impact the success of organization managing their risks. By analyzing the relationship between the strategic and project risks, the project professionals can better understand the setting priorities the boards make, and thus can anticipate allocation of resources at the optimum level, for the benefit of the enterprise. Managing project risks, without understanding context and background of the initial strategic decision, will not allow the project professionals to understand why top management put on-hold the project, or keep it running at the right speed.
Discussion- 11. How does efficient frontier analysis (EFA) dif.docxmadlynplamondon
Discussion- 1
1. How does efficient frontier analysis (EFA) differ from other forms of complex risk assessment techniques?
The issue of the selection of the risk management methods to support investment decision-making is one of the key issues discussed in the management of portfolios. The factor contributing to the development and dissemination of the risk management methods is the fact that the development of this theory, the risk of portfolios of financial institutions began to measure widely using the Markowitz portfolio selection model. Currently, this problem has been solved, since his designation used linear programming. It cannot be missed with these two facts. The indication of such a relationship, as well as its characteristics are the main purpose of the publication, in which there was not only used the study literature. The efficient frontier can be defined as the image of a set of portfolios that provide the maximum return for each level of risk or minimal risk for any level of return. In addition, this measure brings important details in the development area of portfolios’ management of financial instruments, on the grounds that it considers the possibility of the investor’s bankruptcy and may be regarded as a dynamic measurement of the risk (Bali T.G).
2. What limitations might an analyst encounter with EFA?
The financial equivalent of racing cars if They're one of the most touted, yet most misunderstood and misused, tools in the field of financial planning. Understanding the nature of an efficient frontier model and the assumptions on which it relies. As with a sophisticated racing car, a powerful tool in the wrong hands can be a very dangerous thing. For example, it's logical to believe that stocks will outperform bonds in the future. Efficient frontier models rely on historical data and relationships to generate the "perfect" portfolio. In my experience, many investors who use efficient frontier models are unaware of their pitfalls. These models are being marketed as solutions to the problem of portfolio construction, but they come without instructions.
3. How can efficient frontier analysis results be communicated and utilized with nonmathematical decision maker?
Communication is not a crank to be turned mindlessly, but a decision problem of its own. As we will see, there are many alternatives to consider. The analyst’s choices constitute the design of a communication plan. In ideal cases, the client is infinitely patient, unshakably invested in the problem, fully committed to finding the highest quality solutions, flexible about the process, and unwavering in confidence in the analyst’s work. In such cases, tight outlines or rambling jumbles may lead to the same outcome. Good quantitative analysis alone does not usually produce good decisions, because rarely does the analyst control all the resources required to decide and act. Decision makers and other players who influence the decision must assimilate the results of th ...
2. ...will continue to disrupt ways of doing business, as well as entire industries. In
response, organizations have been developing risk sensing capabilities of various
types in various ways. How organizations define, design, and deploy those capabilities
will largely determine the success and sustainability of their risk sensing programs.
To gauge the current state of risk sensing, Deloitte, in a survey conducted with Forbes
Insights, asked C-level executives in large organizations about their companies’ risk
sensing capabilities. This document, directed to senior executives, presents a
definition of risk sensing, key results of the survey, and an approach to developing and
enhancing risk sensing capabilities.
Economic
upheaval
Market
evolution
Regulatory
demands
Technological
change
Why present an approach to risk sensing?
This survey revealed that most executives state that their organizations have risk sensing
capabilities. However, the survey also indicates—in keeping with Deloitte’s experience—that
these capabilities often miss key elements, lack technical depth and analytical sophistication,
reside in narrow technical units, fail to focus broadly enough, or otherwise leave the
organization open to the very risks that risk sensing should be detecting and monitoring.
Moreover, sensing emerging strategic risks can position an organization not only to avoid and
mitigate risks but also to generate risk-powered performance. The latter creates value from risk
by moving early to address nascent market movements and customer needs, harness benefits
from emerging technologies, and block competitors’ efforts to gain first-mover advantage.
Contents
Define and design
Risk sensing now
What to do?
An evolving capability
3
5
10
13
3. A robust risk sensing capability encompasses the following characteristics:
Strategic focus
Most major organizations monitor
financial, operational, regulatory,
reputational, and other risks specific
to the business. Risk sensing should
incorporate these risks to the extent
that they help inform strategic
decision making. Significant
additional opportunities to expand
value come from identifying and
monitoring strategic risks—those that
could undermine strategic objectives,
negate management’s assumptions,
or exceed the organizations’ risk
appetite.
Listening posts
Listening posts and observable
indicators enable tracking of trends
and emerging disruptors. An example
would be monitoring emerging
technology trends that could disrupt
the industry or changes in customer
sentiment expressed in statements
about the company and its products
and services. Listening posts can also
be established to monitor employee
sentiment to assist the organization
in shaping its culture and its ability to
retain talent.
C-suite engagement
Senior executives possess the
influence, resources, and
organization-wide view to ensure that
risk sensing does not become siloed,
narrowly focused, or overly tactical.
Equally important, senior
management should integrate risk
sensing into the risk governance and
risk management program. That
integration generates actionable
insights related to plans, key metrics,
and thresholds to support decisions
of senior-level executives. It also
ensures that those insights are
communicated to the right senior
stakeholders and result in coordinated
actions.
Metrics and tracking
Objective baseline measures of risk—
strategic risk indicators and
parameters—should be developed so
risks can be tracked against those
measures going forward. Ideally, the
risk sensing program includes
triggers (relative to risk tolerances) for
evaluating, communicating, and
mitigating risks.
Outside-in points of view
Views of external analysts who
understand the organization, its goals,
and the risks it faces provide “another
set of eyes” as well as a necessary
corrective to the inevitable cognitive
biases that can distort the views of
management and other internal
parties.
Combined technological
and human resources
Analyzing and predicting rare and
emerging events has become
increasingly possible with advances
in data analytics and technology. Yet
human analysis completes the job,
enriching these views and providing
valuable, otherwise unavailable
information and insights.
Risk sensing employs human insights
and advanced analytics capabilities to
identify, analyze, and monitor
emerging risks to the organization’s
business model, long-term viability,
and ability to create value. This is
done by identifying and then
monitoring strategic risk indicators of
events, trends, and anomalies in
structured and unstructured data
from internal and external sources
and comparing them with the
organization’s risk tolerance levels
and thresholds. Advanced analytics,
combined with business-driven risk
indicators, provides the ability to
analyze this data in various scenarios
to identify the risks most relevant to
the organization’s business leaders
and decision makers.
Risk sensing aims to detect emerging
risks so that management can
mitigate those risks before they
generate potentially significant
damage or costs or require higher
investments. Companies can also
identify emerging trends and thus
enhance their understanding of the
risk/reward tradeoffs inherent in value
creation and improve their funding
decisions and allocation of resources.
Define and
design
Risk Sensing The (evolving) state of the art 3
4. Not all events result in significant
impact. Understanding which events
pose the greatest risk and opportunity
enables leaders to focus resources on
what matters most. This implies that
the risk sensing program should not
be sequestered in a lab, or relegated
to technical specialists untethered to
the goals of the organization. Rather, it
should be informed by the decision-
making requirements of senior
executives, aligned with risk
management requirements, and
guided by an enterprise-wide view of
risks. Since risks are often interrelated
and can amplify one another, they
should be monitored and addressed in
a coordinated manner.
Define and
design
Risk sensing should also be
integrated into the risk management
and governance program. This calls
for clear communication and
response plans combined with
actionable reports useful to
executives, risk managers, and
business unit heads, which means
that summary reports and
visualization tools such as
dashboards are also an essential
element. A direct line from the
sensing team and CRO to the CEO
and board would be useful,
particularly in the case of emerging
strategic risks.
Risk sensing should focus on key
risks—those that could affect
competitive advantage, market
position, and performance. It should
incorporate mechanisms for
developing an integrated view of
risks and opportunities, and support
economical, practical, productive
responses. It should be developed
with ongoing input from C-suite
executives to ensure that it remains
relevant, timely, and responsive to
their planning and decision-making
needs and to those of the business
units, risk managers, and
compliance function.
Risk Sensing The (evolving) state of the art 4
5. To assess the state of risk
sensing in large organizations,
Forbes Insights, on behalf of
Deloitte Touche Tohmatsu
Limited, conducted a survey of
155 executives from
companies representing every
major industry and geographic
region. The survey, conducted
in May/June, 2015, targeted
companies with revenue of at
least US$1 billion.
The results clearly indicate that
these organizations have been
developing their risk sensing
capabilities, at least as the
respondents and their
companies define them. The
responses reveal that although
most companies in our sample
have deployed risk sensing in
some capacity, the capabilities
vary. Companies also vary in
the risks they monitor, the
people to whom risk sensing
efforts report, and the risks they
view as most important.
Among the most interesting findings are the following:
Companies apply risk sensing,
but less often to strategic risks
Two-thirds believe they
have the right people
The risks of most
concern are shifting
The value of external points of
view merits further discussion
Risk
sensing
now
Risk Sensing The (evolving) state of the art 5
6. Overall, about 80 percent of respondents agree that they use risk sensing tools. However, based upon
the top three “Agree” answers on a scale of 1 to 10 (Figure 1), they apply them most often to financial
risk (70 percent), compliance risk (66 percent), and operational risk (65 percent), and less often to
strategic risk (57 percent). Yet strategic risks tend to be most important to senior executives.
* Percentages throughout may not add up to 100% due to rounding
Dedicated program to detect
and monitor compliance risks
31%
10
16%
9
14%
7
19%
8
4%
6
3%
4
0%
2
3%
3
3%
1
Not at all Not at allFull use of risk
sensing tools
Full use of risk
sensing tools
7%
5
Dedicated program to detect
and monitor financial risks
1097 8642 31 5
Dedicated program to detect
and monitor operational risks
Not at all Not at allFull use of risk
sensing tools
Full use of risk
sensing tools
29%
10
15%
9
10%
7
21%
8
7%
6
3%
4
1%
2
3%
3
2%
1
10%
5
Dedicated program to detect
and monitor strategic risks
1097 8642 31 5
18%
20%
15%
19%
7%
3%
2%
3%3%
9%
Companies apply risk sensing, but less often to strategic risks
Figure 1: A look at four specific risks*
Risk
sensing
now
23%
21%
8%
26%
8%
2%0% 3%3%
5%
Risk Sensing The (evolving) state of the art 6
7. While approximately two-thirds of respondents agree (based on the top three “Agree”
responses) that they employ people with the knowledge needed to monitor, analyze, and act
on risk sensing data (Figure 2), about one-third are less certain that they have the right people.
Two-thirds believe they have the right people
Figure 2: Do you have the right
people in risk sensing?
gathering and analysis time and effort
and free resources for more complex
analysis and higher value added
activities.
In practice, some companies that
have the right people may not always
equip them with the right tools. Those
tools include not only data scanning
and sensing, but measurement,
analytical, and visualization tools—the
latter being essential to applications
of risk sensing and analysis of big
data and strategic risks. Many
companies focus on visualizations,
dashboards, and analyses of historic
trends in internal data, but few use
pattern analysis, scenario analysis, or
other complex analytics, such as rare
event analysis, and thresholds to
monitor risk over time and trigger
early warning signals.
By definition, rare events occur
infrequently and thus provide few, if
any, observations from which to
extrapolate. Analytical and modeling
techniques that account for low-
probability outliers can provide more
insight into these rare events (see
sidebar).
Looking for Anomalies
True risk sensing—strategic risk identification and monitoring—
encompasses detection of rare events and observations, that is, the
anomalies outside the expected patterns or existing trends.
Here are a few first steps to consider in outlier detection and analysis:
• Embrace data scarcity: Rare events by their nature provide few
observations to detect and analyze. Sophisticated analysis and
modeling can work with low-probability outliers to provide more insight
into developments and events, despite scarce data. Today’s
technologies can compensate for data scarcity and help in monitoring
changes over time.
• Build context: Rather than dismissing outliers as insignificant, consider
each new event or piece of information as providing an opportunity to
refine the organizational vision and recalibrate the context. If an
occurrence is strategically relevant, its rarity does not in itself diminish
its potential significance and impact on the organization.
• Maintain situational awareness: Keeping the 5 W’s (who, what, when,
where, and why) in sight ensures that rare event analyses align with
evolving business goals and realities. Linking anomaly detection to the
organization’s strategy and business context keeps it rooted in risk
management rather than reducing it to forecasting for its own sake.
Consider this: After virtually every major risk event, analysts discover a
few signs, warnings, or data points that presaged the event or something
very similar. Anomaly detection and analysis aims to locate and interpret
these signals before the event occurs.
Not surprisingly, the largest
companies—those with at least
US$5 billion in annual revenue (as
opposed to those in the US$1 billion
to US$5 billion range)—most often
agree, given their deeper talent pool.
Depending on the size of the team in
a respondent’s company, this may
also be an indication that they rely
solely on people, while additional,
broader, and more in-depth analysis
could be done using tools. Such tools
reduce the mundane, initial data-
agree/strongly
agree that they
employ people
with adequate
knowledge to
both monitor
and analyze risk
sensing data
and make it
actionable for
the business.
65%
Risk
sensing
now
Risk Sensing The (evolving) state of the art 7
8. Reputation risk remains among the
top three in all three timeframes in
both the 2013 and 2015 surveys,
while economic trends are no longer
as great a concern in 2015 (as one
would assume well into a U.S.
economic recovery).
In 2015, regulatory risks join
reputation as risks of concern in all
three timeframes. Interestingly, the
pace of innovation stands among the
top three risks in 2015 and (in a tie
with regulatory risk) tops the list in
2018 and reflects, for example, the
technology disruption that has
impacted many sectors.
These findings underscore the fact
that management’s views of risks are
always shifting, although not radically.
That in turn underscores the value of
casting a wide net when defining
risks, because definitions of risk tend
to direct risk sensing efforts. Also
bear in mind that many risks are
interrelated. For example, risks related
to regulation, reputation, brand, and
talent (the ability to attract and retain
The risks of most concern are shifting
Risk
sensing
now
it) have the power to amplify one
another. Moreover, yesterday’s risks
are rarely the same as those of today
or tomorrow, which argues strongly
for forward-looking risk sensing
capabilities.
Thus, risk sensing should support risk
and impact assessment across the
entire relevant time horizon to
address risks that are of immediate,
near-term, and long-term concern, as
the organization defines those
timeframes.
Finally, the above trends may also
indicate an increasing level of
maturity or sophistication of analysis.
Early on, sensing tools tended to be
marketing and brand driven. Over a
longer term, companies tend to focus
more on strategic issues such as
funding, investments, and value
creation. For example, use of
economic models is a sign that a
company is looking outward for data,
such as growth rates, commodity
prices, and the like, but still at a fairly
rudimentary level.
Figure 3-A: Risks of most concern in 2013
Which of the following risk areas have the most impact on your
business strategy (three years ago, today, and three years from now)?
Figure 3-B: Risks of most concern in 2015
44% Brand
41% Reputation
32% Regulatory
2012
30%
25% Talent
24% Reputation
2018
Pace of
innovation/
Regulatory (tie)
35% Regulatory
32% Reputation
29%
2015
Pace of
innovation
41% Brand
28%
26% Reputation
2010
Economic
trends
29%
26%
24%
2016
Economic
trends
Business
model
Reputation/
Competition
(tie)
40% Reputation
32%
27%
2013
Economic
trends/
Competition (tie)
Business
model
* Respondents could choose more than one answer, the top three to five are shown above.
** A similar Deloitte/Forbes Insights survey conducted in 2013 asked respondents to choose the major strategic risks they faced three years prior, at the time of the survey, and three years ahead, as did our 2015 survey.
The more-recent survey shows that perceptions of risks have shifted somewhat. Exploring Strategic Risk: 300 executives around the world say their view of strategic risk is changing, Deloitte, 2013
*
*
**
Risk Sensing The (evolving) state of the art 8
9. A high percentage of respondents
agree that outside parties have more
objectivity about risks than insiders,
but an even higher percentage do not.
A total of 40 percent “Agree” (as
measured by the top three levels of
agreement), yet those in the middle
range (answers 4 through 7) total 51
percent (Figure 4), indicating
uncertainty about the value of
external viewpoints. This finding may
be skewed by respondents who
consider external views as including—
or mainly consisting of—social media
or reviews and ratings on websites. It
may also reflect the focus of current
risk sensing efforts, as external data
is less relevant for near-term and
tactical decision making than for
adjusting the longer-term strategic
focus and direction.
Meanwhile, 10 percent disagree or
disagree completely that an outside
perspective can analyze risks with
greater objectivity, perhaps indicating
the presence of truly strong, and
potentially dangerous, internal
cognitive biases.
The value of external points of view merits further discussion
Thus, a significant element of risk
sensing—external analysts who can
correct for the cognitive biases of
internal analysts and executives—may
be missing in many companies.
Those biases include confidence bias
(overestimating the truth of what we
believe), availability bias
(overweighting the importance of
what we most recently saw, read, or
experienced), confirmation bias
(focusing mainly on information that
fits our existing beliefs), and optimism
bias (thinking that nothing bad will
happen to us)—among others.
An outside-in point of view corrects
for these biases. External observers
can provide agenda-free views on
risks to the organization. An outside-
in view integrates, and adds insight to,
risk sensing results. News reports,
blogs, public filings, social media, and
the like provide fragmented views. An
external, integrated view can provide
greater context to internal data and
analysis and thereby help in
evaluating assumptions and
potentially erroneous data and
conclusions. Additionally, external
data points can be presented to
management, facilitate internal
discussions, and used to test
scenarios designed to gauge
likelihood of outcomes and their
potential impacts.
External points of view can be
particularly useful for weighing risks
related to reputation and the pace of
innovation. Companies can
underestimate risks to reputation by
overweighing positive customer
survey results and dismissing
negative views. As to innovation, a
number of major companies have
erroneously considered new
technologies or products to be
immature or irrelevant only to find
themselves battling new competitors
with disruptive business models
sooner than they ever thought
possible.
Although the board does not engage
in risk sensing, directors do have a
role in ascertaining that risk
management practices are
sufficiently robust and forward
looking. In addition, as risk sensing
capabilities mature, they extend
beyond an operational and tactical
focus to a more strategic focus that
provides more data and insight of
relevance to the board. External
viewpoints would be a component of
a robust risk management program,
and of a robust risk sensing program.
(Indeed, providing external viewpoints
and correcting for management’s
biases is the responsibility of certain
directors.)
Figure 4: The value of an
outside perspective
Outsiders, detached from
management’s agendas and
biases, can analyze risks with
greater objectivity and expertise
than insiders.
Agree/
strongly agree
40%
Slightly agree/
slightly disagree
51%
Disagree/
strongly disagree
10%
Risk
sensing
now
Due to rounding, percentages do not add up to 100%
Risk Sensing The (evolving) state of the art 9
10. A starting point for monitoring strategic risks would be to identify the primary building blocks and strategic objectives of the organization that, if negatively
impacted, would alter the key forces that drive your sector. Those forces can be organized into domains, such as economic, regulatory, customer, technological,
operational, funding, and research and development, and include scientific, engineering, or other advances that could affect basic drivers of value.
Within specific domains there will be ongoing trends and possible events related to the sector or organization. Consider, for example, the following sample issues
and themes within each of these six common domains:
These are only general sample factors within each of these domains. The actual issues and themes (and domains) would be far more specific to the sector and
organization. Also, identifying the forces affecting each domain represents only one step. Domains overlap in ways that must be identified so interactions among
them can be mapped to identified risks and potential opportunities. Additionally, each organization needs to determine the severity and impact that a potential
trend or disruption could have on its business viability and prepare an appropriate response plan.
What
to do?
Economic domain
Regional and national
growth, interest rate
and currency,
environments, sector
developments, input
costs (including labor),
supply and demand
dynamics
Regulatory domain
Legislative
developments,
regulatory agency
priorities, compliance
methods and costs,
case law and litigation
trends
Customer domain
Product and service
preferences, factors
influencing purchase,
evolving customer
journey, competitive
product and pricing
strategies, technology
adoption curve
Operational domain
Supply chain, alternate
suppliers, capacity
issues, production and
delivery challenges,
outsourcing, use of
alliances and channel
partners
Funding domain
Access to and
availability of public
and private sources of
funding to support
growth plans and
strategic objectives,
and ability to generate
adequate returns on
capital
Technology domain
Basic science and RD
trends, knowledge
transfer, technology
commercialization,
academic activity,
patent filings and
citations, technology
acquisitions
Risk Sensing The (evolving) state of the art 10
11. Getting with the program
What
to do?
Developing, launching, and maintaining a risk sensing program requires dedicated resources. Having internal resources that understand the company’s business
and unique risks is key. External resources may also be required, given the need for a technology platform, sophisticated analytics, and outside-in perspectives.
Risk sensing also requires the expertise of data scientists, data engineers, and sector analysts to identify required data and data sources, define optimal workflows,
and develop alerts and formats for dashboards and reports as well as insights and other deliverables.
Here are four steps to consider when framing and implementing a true risk sensing program:
Identify the strategic risks
to be monitored, and the
scope of the effort
Continue monitoring the
data sources and generating
ongoing insights
• Conduct working sessions
with senior leaders and key
stakeholders to identify,
validate, and prioritize
strategic risks
• Agree on the risks and on the
sector factors and potential
industry disruptors to be
monitored
• Identify and define the
strategic risk indicators to be
monitored, the metrics to be
tracked, and the thresholds
that will trigger
communication, escalation,
and countermeasures
• Identify the applications and other
resources, such as human
analysts, best suited to analyzing
the key strategic risks
• Establish the relevant data
extracts and structured and
unstructured data sources
• Outline the workflows required to
analyze the focal risks
• Identify the outputs constituting
the data, analyses, flags, and
insights, and the visualization
methods best suited to
representing them in a
comprehensible form and format
• Designate which stakeholders
receive or have access to which
outputs, and what actions they
are expected to take in terms of
communicating, applying, or
otherwise using the output
• Conduct analysis in keeping with
the established scope to gather
relevant information
• Review information to draft initial
insights on the key strategic risks
• Enrich the data and findings by
connecting them with sector
trends, trends in related industries,
and economic, marketplace,
technology, regulatory, and other
trends
• Launch the initial platform,
combining automated and human
scanning and analytical capabilities
• Review reports with sector
specialists and other relevant
parties
• Develop insights in practical ways and
connect them with the strategic issues
facing the organization and its business
units and functions, taking into account
the severity of the impact of the risks on
the organization
• Incorporate the insights into strategic
and business plans, and into key
decisions such as product development
and discontinuation, IT purchases,
funding plans, and outsourcing and
merger and acquisition decisions
• Work to continually sharpen scanning
and analysis, expand or narrow scope
and frequency, improve dashboards
and reports, and deepen information
and insights
• Review and validate the models
periodically and revise them
accordingly. While in use, models
should be tightly governed and
controlled to allow for consistent
application across the organization
1
Define the elements
required to enable
strategic risk monitoring2
Configure the platform to
enable scanning, analyzing,
and tracking of strategic risks3 4
Risk Sensing The (evolving) state of the art 11
12. In addition, the following experts would be necessary in developing and refining a risk sensing program:
Specialists
Individuals with
expertise in a wide
range of advanced
analytic methods, such
as developers of
process modules
Platform sector analysts
Analysts working with
specialists to develop the
sector analysis based on
an understanding of the
sector and data, and to
define workflows
Dedicated data analysts
Analysts who use the platform,
with guidance from sector
analysts and specialists, to
refine specific reports and
reporting mechanisms
It is the combination of technological capability and human insight that,
when properly focused, gives risk sensing its detection and analytical
powers. The tools and the people who use them are both critical to success.
What
to do?
Risk Sensing The (evolving) state of the art 12
13. An evolving
capability
However it is defined, developed, and deployed, risk sensing has become a
necessary capability for large organizations in most industries. Part-time,
half-hearted, underfunded efforts that lack coordination will not provide a
coherent picture of the risk landscape, let alone methods of detecting,
measuring, and tracking emerging strategic risks.
A strategic approach to risk sensing will do three things:
First, it will focus
primarily on strategic
risks—those that can
undermine
management’s
fundamental
assumptions or the
organization’s ability
to achieve its
strategic goals.
Second, it will elevate
risk sensing from data
mining or media
monitoring to the level
of a true program,
covering relevant risks
to the organization
and integrating risk
sensing with risk
management and risk
governance.
Third, the results will
benefit and be used
by senior executives—
and the businesses
and functions—in
planning and decision
making. If practical
application does not
occur, then the risk
sensing program has
not been properly
designed, developed,
and managed.
Risk sensing must evolve as the
organization and its strategies and
risk environment evolve. Continuous
improvement via periodic
recalibration should be designed into
the capability, as should a feedback
loop from executives, risk managers,
and business units back to the
analysts to ensure that results are of
practical use.
Deloitte’s recent risk sensing survey
and our field experience indicates that
most large organizations have risk
sensing efforts underway, but that
many may have a way to go if those
efforts are to become true risk
sensing programs. More to the point,
the value of these programs will
reflect the extent to which they are
tied to strategic risks and priorities,
supported by senior executives,
integrated with risk governance and
risk management, and comprised of
the right technological and human
resources.
Talk to us
We look forward to hearing
from you and learning what you
think about the ideas presented
in this study. Please contact us
at risk@deloitte.com.
1 2 3
Risk Sensing The (evolving) state of the art 13