Direct Surety’s roots are in the construction industry. Through the use of technology, Direct Surety underwriters show contractors exactly how their bonding limits are determined. Working with a proprietary risk analysis system and Enterprise Risk Management (ERM) methodology, Direct Surety determines operational strengths and weaknesses, and then suggests strategic improvement options to help contractors raise profitability, earn more credit and obtain better pricing.
Direct Surety is the only company that enables contractors to:
• Go direct to the decision maker to establish surety credit
• See exactly how credit limits are determined
• Obtain a clear plan to improve credit limits and lower price
• Work under a signed non-disclosure agreement
• Establish a backup line of surety credit
• Switch from a broker when ready
Direct Surety – Surety bonds for the Digital Age. Push your limits.
2. 01. DEFINITIONS
In business terms . . .
R
I
S
K
WWW.DIRECTSURETY.COM
A Risk Factor is something
that can cause harm. It is a
poor business condition or
practice that can negatively
impact a company.
3. CHARACTERISTICS OF RISK FACTORS
Vary by industry and importance . . .
FOOD
WWW.DIRECTSURETY.COM
CONSTRUCTION
5. 02. DEFINITIONS
Again, in business terms . . .
R
I
S
K
WWW.DIRECTSURETY.COM
Risk is the likelihood of
harm. The likelihood that
profitability and shareholder
value will be negatively
impacted.
6. ENTERPRISE RISK MANAGEMENT (ERM)
WHAT IS IT?
ERM is a business
management
process . . .
WWW.DIRECTSURETY.COM
7. ENTERPRISE RISK MANAGEMENT (ERM)
01. ERM
Is not a project, but a process
that develops within an
organization, driven and
supported by senior
management
02. ERM
Becomes part of the
operational culture of the
organization with process
owners and drivers
03. ERM
Is not an off-the-shelf
product that works for
everyone
WWW.DIRECTSURETY.COM
ERM begins with the development of a risk strategy
that is linked to and supportive of the overall
business imperatives of the corporation.
8. ERM SPEAK
TO THE TECHNICIAN
• A holistic risk management
process
• An integrated risk management
process
TO THE LAYMAN
• A way of managing my
business
WWW.DIRECTSURETY.COM
9. ERM: WHAT KIND OF RISK IS ADDRESSED?
Quantitative Risk
Data
Actuarial
Analysis
+
= Risk Profile
The Complete
Qualitative Risk
Data
Observational
Analysis
RISK ASSOCIATED WITH CONDITIONS AND PRACTICES
WWW.DIRECTSURETY.COM
12. ENTERPRISE RISK MANAGEMENT (ERM)
How is profitability maximized?
BY
BY
WWW.DIRECTSURETY.COM
Removing business
conditions and practices
that negatively impact
profitability
Installing business
conditions and practices
that positively impact
profitability
13. HISTORY OF ERM DEVELOPMENT
1960s
1970s
Hazard Risk
Management
Hazard Risk and
Financial Risk
Management
WWW.DIRECTSURETY.COM
1980s
Hazard Risk
Management,
Financial Risk
Management,
Operational Risk
Management
1990s - Present
Management of
Hazard Risk,
Financial Risk,
Operational Risk,
Strategic Risk
16. RISK MANAGEMENT THINKING HAS EVOLVED
•
•
•
•
Analysis in silos
•
Inspect, detect,
react
•
Correlation among
risks not
understood
•
Continuous,
systematic process
with integration
Risks not owned
•
OLD THINKING
Limited to certain
areas
Risk culture
created throughout
the enterprise
No strategy
•
Risk strategy linked
to business strategy
Responsibilities
clearly defined
•
Anticipate,
manage, optimize,
monitor
•
Quantified, aggregated, studied for
interrelationships
•
WWW.DIRECTSURETY.COM
•
Risk is a key
consideration for
financial decision
making
NEW THINKING
17. INDUSTRIES THAT HAVE ADOPTED ERM
Newcomers:
Construction &
Mining
65% of Public Firms
Financial
Services
Energy
Sector
Health
Care
Source: Excellence in Risk Management VI, Marsh | RIMS
WWW.DIRECTSURETY.COM
Transportation
Education
18. ERM IMPLEMENTATION DRIVERS
Public Companies
01
COMPLIANCE
02
TRANSPARENCY
04
TECHNOLOGY
Public and Private
Companies
03
COMPETITION
WWW.DIRECTSURETY.COM
19. SUPPORTING ORGANIZATIONS OF THE
ERM FRAMEWORK
COSO:
PRMIA:
Committee of Sponsoring
Organizations
Professional Risk Manager’s
International Association
IRMI:
International Risk
Management Institute
CAS:
Casualty Actuarial Society
ERM-II:
WWW.DIRECTSURETY.COM
Enterprise Risk Management
International Institute
20. BENEFITS OF CONTROLLING
STRATEGIC RISKS
ENSURES SOUND DECISION
MAKING
How: By adjusting
managerial business
approach and
policies
WWW.DIRECTSURETY.COM
21. BENEFITS OF CONTROLLING
OPERATIONAL RISKS
IMPROVES OPERATIONAL
EFFICIENCIES
How: By installing
more cost effective
and accurate
internal systems
WWW.DIRECTSURETY.COM
22. BENEFITS OF CONTROLLING
FINANCIAL RISKS
MAINTAINS AVAILABILITY
OF CREDIT & MANAGES
COST OF FUNDS
How: By improving
outside relationships
and considering all
“what if” scenarios
WWW.DIRECTSURETY.COM
23. BENEFITS OF CONTROLLING
HAZARD RISKS
REDUCES THE
CONSEQUENCES OF
UNCONTROLLABLE LOSSES
How: By
increasing safety
and obtaining
adequate coverage
for potential losses
WWW.DIRECTSURETY.COM
24. THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION
02. RISK ANALYSIS
Analyze presence of risk
Identify all potential risk
exposures
03. RISK RESPONSE
05. RISK MONITORING
Observe the completed
implementation and
report the results
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
WWW.DIRECTSURETY.COM
Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals
25. THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION
02. RISK ANALYSIS
Analyze presence of risk
Identify all potential risk
exposures
03. RISK RESPONSE
05. RISK MONITORING
Observe the completed
implementation and
report the results
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
WWW.DIRECTSURETY.COM
Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals
27. CATEGORIZING RISKS MAKES IT SIMPLE
Business
Approach
Credit
Status
Bid Process
Sales
Methodology
WWW.DIRECTSURETY.COM
Information
Transfer
Construction
Management
Accounting
Procedures
Insurance
Coverage
Safety
Practices
29. THE ERM PROCESS
02. RISK ANALYSIS
Analyze presence of risk:
01. RISK FACTOR IDENTIFICATION
•
•
•
•
Identify all potential risk
exposures
Assess the level of risk
Quantify the results
Report the findings
Recommend action
03. RISK RESPONSE
05. RISK MONITORING
Observe the
completed
implementation and
report the results
WWW.DIRECTSURETY.COM
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals
30. RISK ANALYSIS IS THE KEY
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
WWW.DIRECTSURETY.COM
31. RISK ASSESSOR IS THE KEY
HOLDER
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
WWW.DIRECTSURETY.COM
32. KEYHOLDER’S
RESPONSIBILITY
PURPOSE: ASSESS THE PROBABILITY OF HARM
HOW:
1) Develop an understanding of the in-place
Risk Controls associated with a specific
Risk Factor
2) Determine the likelihood (probability)
that the status of the existing risk
controls will cause harm
WWW.DIRECTSURETY.COM
33. MAKING THE RISK ASSESSMENT
+
Choices:
Option A – Use Best Judgment
Invites subjectivity and threatens accuracy
WWW.DIRECTSURETY.COM
34. MAKING THE RISK ASSESSMENT
+
Choices:
Option B – Use a Measurement Guide
Removes subjectivity and promotes accuracy
WWW.DIRECTSURETY.COM
35. WHAT SCALE SHOULD BE USED?
1) MANY LEVELS
• Lower probability of a match
2) A FEW LEVELS
• Higher probability of a match
WWW.DIRECTSURETY.COM
37. HOW IS A GOOD ASSESSMENT PERFORMED?
Simple
01.
Meet the Right
People
WWW.DIRECTSURETY.COM
02.
Ask the Right
Questions
03.
Collect Pertinent
Evidence
39. RISK ANALYSIS IS THE KEY
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
WWW.DIRECTSURETY.COM
40. QUANTIFYING THE RESULTS
Severity of Impact x Likelihood of Harm
(Consequence x Risk)
= Risk Score
A Measure of Risk
Exposure
WWW.DIRECTSURETY.COM
41. RISK ANALYSIS IS THE KEY
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
WWW.DIRECTSURETY.COM
42. REPORTING THE
FINDINGS
Typical Report Contents:
Overview of Risk Analysis
Performed
Summary of Risk Factors
Reviewed
Explanation of Risk
Assessment Technique
Results of the Risk Assessment
• Risk Map
• Scoring Summary
High Risk Categories,
Conditions & Practices
WWW.DIRECTSURETY.COM
43. RISK ANALYSIS IS THE KEY
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
WWW.DIRECTSURETY.COM
44. RECOMMEND CONTROLS
CONTROLS NECESSARY TO
MITIGATE RISK
Practices:
• Change or install policies
• Implement new procedures
• Improve existing procedures
Conditions:
• Change the environment
• Revise decision making
WWW.DIRECTSURETY.COM
45. THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION
02. RISK ANALYSIS
Analyze presence of risk
Identify all potential risk
exposures
03. RISK RESPONSE
Develop an action plan:
determine what risks
to control and assign
responsible individuals
05. RISK MONITORING
Observe the completed
implementation and
report the results
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
WWW.DIRECTSURETY.COM
47. RESPONDING TO RISK – OPTIONS
Possible responses to risk
Options available:
• Accept = monitor
• Avoid = eliminate (get out of the
situation)
• Reduce = institute controls
• Transfer = move risk elsewhere
(e.g., insurance)
WWW.DIRECTSURETY.COM
48. RESPONDING TO RISK PRIORITIES
KEY QUESTIONS
1) What risks will the organization not
accept? (e.g., fraud, errors, quality
comprises)
2) What risks will the organization take on
as new initiatives? (e.g., new types of
work, geographies or difficulties)
3) What risks will the organization accept
for competing objectives? (e.g., light on
working capital, exhausted resources)
WWW.DIRECTSURETY.COM
49. RESPONDING TO RISK – APPETITE
Risk appetite: The amount of risk – on a broad level –
an entity is willing to accept in pursuit of value.
Projected Earnings at Risk
versus
Financial Gains to be Realized
WWW.DIRECTSURETY.COM
50. RESPONDING TO RISK – EVALUATE OPTIONS
Evaluate options in relation to risk appetite.
1.
Consider the degree to which a response
will reduce likelihood of harm
2.
Examine cost versus benefit of potential
risk responses
3.
Select response based on evaluation
4.
Fully understand residual risk
(unmitigated risk)
WWW.DIRECTSURETY.COM
51. THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION
02. RISK ANALYSIS
Analyze presence of risk
Identify all potential risk
exposures
03. RISK RESPONSE
05. RISK MONITORING
Observe the completed
implementation and
report the results
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
WWW.DIRECTSURETY.COM
Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals
52. Implementing Risk Controls
Implementation is driven by ERM policies and procedures
that help ensure that the risk responses are carried out
Occurs throughout the
organization
Occurs at all levels in
all functions
Typically assignable to risk owners, not risk managers
WWW.DIRECTSURETY.COM
54. THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION
02. RISK ANALYSIS
Analyze presence of risk
Identify all potential risk
exposures
03. RISK RESPONSE
05. RISK MONITORING
Observe the completed
implementation and
report the results
04. RISK CONTROL
Implement a solution to
reduce or transfer the risk
WWW.DIRECTSURETY.COM
Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals
55. TRACKING AND VERIFYING CONTROLS
TRACKING TO BE DONE:
• Track the performance of new or
improved controls
VERIFICATIONS TO OBTAIN:
• Verify that the controls remain
intact and functional
WWW.DIRECTSURETY.COM
58. IMPLEMENTATION – NO FREE LUNCH
TIME
WWW.DIRECTSURETY.COM
RESOURCES
COMMITMENT
59. IMPLEMENTATION – ROI
A simple calculation
Cost of Labor for
Running ERM
vs
Savings from
Avoidance, Transfer,
or Mitigation of Risk
WWW.DIRECTSURETY.COM
60. ERM IMPLEMENTATION – HOW TO
A path to success . . .
1) Embrace risk awareness
2) Assign a risk management leader
3) Install a risk-minded culture
4) Grow to understand your own risk exposures
5) Begin the search for risk factors
6) Learn how to effectively assess risk
7) Perform a complete risk analysis
8) Establish a routine risk assessment schedule
9) Set ERM in motion
WWW.DIRECTSURETY.COM