Moving away from a "silo" approach to organizational risk management.

1. How can an Enterprise Risk Management (ERM),
programme enable organizations achieve
strategic objectives more effectively?
Dr P S Sahota

2. Presentation structure
• Global risk profile
• Managing risk is a challenge
• Managing risks: systems rather than silos
• ERM: achieving organizational objectives
• Concluding remarks

3. Global Risk Profile
Operational Risk Financial Risk HR Risk
• Contract Performance • Currency • Benefits
• Trademark Erosion • Credit • Key Management Loss
• Customer Satisfaction • Debt Covenants • Stock Ownership Program
• Accrual Accuracy • Succession Planning
Environment Risk Technology Risk Strategic Risk
• Terrorism • Infrastructure Failure • Competition
• War • Security • R&D Resource
• Political Stability • Consistent Strategy • Missed Market
• Regulatory- Local/ Nat’l • Obsolescence • Reputation
• Public Relations • New Market Entrant
• Natural environment • Major Customer (s) Loss
• Supply chains
Adapted from Strenk
lecture , Locton

4. Managing risk is clearly a challenge
Scope of
Operations
Country 1
Country 2
Risk Country 3
Source Country 4
Operational Risks
Financial Risks
Environmental Risks
Strategic Risk etc
Risk
Risk Financing
Risk Mitigation
Risk Qualification
Assessment
Risk
Management
Processes

5. Risk Management: systems rather
than silos
A Silo Approach An Enterprise Approach
Financial
Financial Risk
Risk Environment
Environment Risk
Risk
Strategic
Strategic
Risk
Risk
Enterprise Risk
Management
Operation
Operation Risk HR
Risk HR Risk
Risk
Technology
Technology Risk
Risk
Enterprise Risk Management: A rigorous approach to identifying, assessing and addressing risks from
all sources that threaten the achievement of an organizations strategic, operational and financial
objectives and/or represent an opportunity or competitive advantage.” Jerry Miccolis, Tillinghast-Towers
Perrin

6. ERM: ACHIEVING STRATEGIC
OBJECTIVES
What ERM is going to do How you can do it
 Identify an internal “champion” of the
 Risk culture is created throughout
ERM project. This “champion” needs to be
the enterprise a senior executive within the organization
 Risk strategy is linked to business  Identify processes to manage serious
threats to growth and return while
strategy
identifying risks that represent
opportunities
 Risk management becomes a
 Understand appetite to risk
continuous, systematic process
 Establishes a robust, yet scalable,
integrated within the enterprise’s process for risk identification and
processes assessment (AAR, CoP, CoI, learning by
doing)

7. ERM: ACHIEVING STRATEGIC
OBJECTIVES
What ERM is going to do How you can do it
 Quantifying , aggregating and
 The organization can anticipate,
studying risk for interrelationships
manage, optimize and monitor risk
 Risk management responsibilities  Identifying who owns” those risks
within the company “ and make
become clearly defined
everyone understand their role in
managing risk
 Identify alternative methods  Establishing a framework and
of organizing and managing process that allows for a balancing of
exposures on a collective basis. risk control activities within business
processes

8. ERM: ACHIEVING STRATEGIC
OBJECTIVES
What ERM is going to do How you can do it
 Develop a framework to evaluate risk
 Risk becomes a key consideration
on a portfolio basis
for financial decision making  Develop a robust ERM
methodology that can identify, assess and
manage risks more cost-effectively
 Improved intelligence for  Develop “drill down” processes for
investment decisions. putting information into the hands of
senior management so they can focus the
organization’s ability to achieve its
strategic objectives.
 Improve investors confidence  Improve the quality of the
(investors, scrutinize risk management of enterprise-wide risk
management policies/procedures) stewardship

9. ERM: ACHIEVING STRATEGIC
OBJECTIVES (KPMG)
What ERM is going to do How you can do.
 Put in place a risk management
 Risk Governance
structure with clear accountabilities to
support risk management objectives
 Risk Assessment  Carry out frequent risk assessments in
line with normal management reporting
and including analysis
 Risk Quantification and  Carry out quantification of operational
Aggregation risk; advanced quantification of selected
risks
 Carry out extensive reporting to the
 Risk Monitoring and Reporting board and audit committee on current risk
levels and future risk issues
 Put in place risk-adjusted performance,
 Risk and Control Optimization
evaluation, and capital allocation strategies

10. Concluding Remarks
• Effective ERM will improve the ability of organizations to learn and
remain competitive within an uncertain environment. This will improve the
performance of its brands and generate excellent returns from its
business
• The ability of organizations to “learn”, means that knowledge will
utilised on problems and opportunities as they emerge and is generated
through an ongoing evaluation of how these responses impact the
organisation and its operating environment. This will assist in achieving
its objective of putting its market scale and knowledge to good use
• Organisational learning, as part of an effective ERM programme will
play an important part in ensuring that new knowledge of current and
potential risks continues to be replenished and updated to enable efficient
responses to changes in its environment. This will strengthen the
organisation

11. Concluding Remarks
• ERM is not a project, but a process that develops within an
organization, driven and supported by senior management
• ERM becomes part of the operational culture of the organization with
process owners and drivers, “enterprise-wide”
• “Enterprise-wide” means “across the whole organization”, and includes
the removal of traditional, functional, divisional, departmental, or cultural
barriers
• There is not an off-the-shelf ERM product that works for everyone.
.