ERM_Presentation_SuretyCredit_111413

2013

WWW.DIRECTSURETY.COM

CONSTRUCTION ENTERPRISE
RISK MANAGEMENT

01. DEFINITIONS
In business terms . . .
R

I
S
K


A Risk Factor is something
that can cause harm. It is a
poor business condition or
practice that can negatively
impact a company.

CHARACTERISTICS OF RISK FACTORS
Vary by industry and importance . . .

FOOD


CONSTRUCTION

CHARACTERISTICS OF RISK FACTORS
Applicable by type of contractor . . .


02. DEFINITIONS
Again, in business terms . . .
R

I
S
K


Risk is the likelihood of
harm. The likelihood that
profitability and shareholder
value will be negatively
impacted.

ENTERPRISE RISK MANAGEMENT (ERM)

WHAT IS IT?

ERM is a business
management
process . . .


01. ERM
Is not a project, but a process
that develops within an
organization, driven and
supported by senior
management
02. ERM
Becomes part of the
operational culture of the
organization with process
owners and drivers

03. ERM
Is not an off-the-shelf
product that works for
everyone


ERM begins with the development of a risk strategy
that is linked to and supportive of the overall
business imperatives of the corporation.

ERM SPEAK
TO THE TECHNICIAN
• A holistic risk management
process
• An integrated risk management
process
TO THE LAYMAN

• A way of managing my
business


ERM: WHAT KIND OF RISK IS ADDRESSED?
Quantitative Risk
Data

Actuarial
Analysis

+

= Risk Profile
The Complete

Qualitative Risk
Data

Observational
Analysis

RISK ASSOCIATED WITH CONDITIONS AND PRACTICES

ERM

WHAT’S ITS PURPOSE?


To raise profitability by
controlling business risk.


How is profitability maximized?

BY

BY


Removing business
conditions and practices
that negatively impact
profitability
Installing business
conditions and practices
that positively impact
profitability

HISTORY OF ERM DEVELOPMENT
1960s

1970s

Hazard Risk
Management

Hazard Risk and
Financial Risk
Management


1980s

Hazard Risk
Management,
Financial Risk
Management,
Operational Risk
Management

1990s - Present

Management of
Hazard Risk,
Financial Risk,
Operational Risk,
Strategic Risk

TRADITIONAL RISK MANAGEMENT

1


4


RISK MANAGEMENT THINKING HAS EVOLVED
•
•
•

•

Analysis in silos

•

Inspect, detect,
react

•

Correlation among
risks not
understood

•

Continuous,
systematic process
with integration

Risks not owned

•

OLD THINKING

Limited to certain
areas

Risk culture
created throughout
the enterprise

No strategy

•

Risk strategy linked
to business strategy

Responsibilities
clearly defined

•

Anticipate,
manage, optimize,
monitor

•

Quantified, aggregated, studied for
interrelationships

•


•

Risk is a key
consideration for
financial decision
making

NEW THINKING

INDUSTRIES THAT HAVE ADOPTED ERM
Newcomers:
Construction &
Mining

65% of Public Firms

Financial
Services

Energy
Sector

Health
Care

Source: Excellence in Risk Management VI, Marsh | RIMS

Transportation

Education

ERM IMPLEMENTATION DRIVERS

Public Companies

01

COMPLIANCE

02

TRANSPARENCY

04

TECHNOLOGY

Public and Private
Companies
03

COMPETITION


SUPPORTING ORGANIZATIONS OF THE
ERM FRAMEWORK
COSO:
PRMIA:

Committee of Sponsoring
Organizations
Professional Risk Manager’s
International Association

IRMI:

International Risk
Management Institute

CAS:

Casualty Actuarial Society

ERM-II:


Enterprise Risk Management
International Institute

BENEFITS OF CONTROLLING
STRATEGIC RISKS
ENSURES SOUND DECISION
MAKING

How: By adjusting
managerial business
approach and
policies


OPERATIONAL RISKS
IMPROVES OPERATIONAL
EFFICIENCIES

How: By installing
more cost effective
and accurate
internal systems


FINANCIAL RISKS
MAINTAINS AVAILABILITY
OF CREDIT & MANAGES
COST OF FUNDS

How: By improving
outside relationships
and considering all
“what if” scenarios


HAZARD RISKS
REDUCES THE
CONSEQUENCES OF
UNCONTROLLABLE LOSSES

How: By
increasing safety
and obtaining
adequate coverage
for potential losses


THE ERM PROCESS
01. RISK FACTOR IDENTIFICATION

02. RISK ANALYSIS

Analyze presence of risk

Identify all potential risk
exposures

03. RISK RESPONSE
05. RISK MONITORING

Observe the completed
implementation and
report the results

04. RISK CONTROL

Implement a solution to
reduce or transfer the risk


Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals

IDENTIFYING RISK FACTORS

01

UNCONTROLLED RISK

02

UNDER PERFORMANCE

04

MAXIMUM PERFORMANCE

VS.

03

CONTROLLED RISK


CATEGORIZING RISKS MAKES IT SIMPLE

Business
Approach

Credit
Status

Bid Process

Sales
Methodology


Information
Transfer

Construction
Management

Accounting
Procedures

Insurance
Coverage

Safety
Practices

THE ERM PROCESS
02. RISK ANALYSIS

Analyze presence of risk:

•
•
•
•

exposures

Assess the level of risk
Quantify the results
Report the findings
Recommend action

03. RISK RESPONSE
05. RISK MONITORING

Observe the
completed
implementation and
report the results


04. RISK CONTROL


Develop an action plan,
plus determine what
risks to control and
assign responsible
individuals

RISK ANALYSIS IS THE KEY
PURPOSE: ANALYZE PRESENCE OF RISK

HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings

4) Recommend action


RISK ASSESSOR IS THE KEY
HOLDER
PURPOSE: ANALYZE PRESENCE OF RISK

HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings

4) Recommend action


KEYHOLDER’S
RESPONSIBILITY
PURPOSE: ASSESS THE PROBABILITY OF HARM

HOW:
1) Develop an understanding of the in-place
Risk Controls associated with a specific
Risk Factor
2) Determine the likelihood (probability)
that the status of the existing risk
controls will cause harm


MAKING THE RISK ASSESSMENT

+

Choices:
Option A – Use Best Judgment

Invites subjectivity and threatens accuracy

MAKING THE RISK ASSESSMENT

+

Choices:
Option B – Use a Measurement Guide

Removes subjectivity and promotes accuracy

WHAT SCALE SHOULD BE USED?
1) MANY LEVELS
• Lower probability of a match

2) A FEW LEVELS

• Higher probability of a match


DETERMINING CONTROLS PRESENT
ASK QUESTIONS


LOOK AT EVIDENCE

VERIFY FUNCTIONALITY

HOW IS A GOOD ASSESSMENT PERFORMED?

Simple

01.
Meet the Right
People


02.
Ask the Right
Questions

03.
Collect Pertinent
Evidence

TYPES OF ASSESSMENT
1) IN-HOUSE PERSONNEL

2) OUTSIDE INDEPENDENT


QUANTIFYING THE RESULTS
Severity of Impact x Likelihood of Harm
(Consequence x Risk)
= Risk Score
A Measure of Risk
Exposure


REPORTING THE
FINDINGS
Typical Report Contents:
Overview of Risk Analysis
Performed
Summary of Risk Factors
Reviewed
Explanation of Risk
Assessment Technique

Results of the Risk Assessment
• Risk Map
• Scoring Summary
High Risk Categories,
Conditions & Practices

RECOMMEND CONTROLS

CONTROLS NECESSARY TO
MITIGATE RISK

Practices:
• Change or install policies
• Implement new procedures
• Improve existing procedures
Conditions:
• Change the environment
• Revise decision making

THE ERM PROCESS

02. RISK ANALYSIS

Analyze presence of risk

exposures

03. RISK RESPONSE

Develop an action plan:
determine what risks
to control and assign
responsible individuals

05. RISK MONITORING

Observe the completed
implementation and
report the results

04. RISK CONTROL



RISK PRIORITIZATION MAP
High

Severity

Control Now
Control Soon
Control

Low

High

Likelihood

RESPONDING TO RISK – OPTIONS
Possible responses to risk
Options available:
• Accept = monitor
• Avoid = eliminate (get out of the
situation)
• Reduce = institute controls
• Transfer = move risk elsewhere
(e.g., insurance)


RESPONDING TO RISK PRIORITIES
KEY QUESTIONS

1) What risks will the organization not
accept? (e.g., fraud, errors, quality
comprises)
2) What risks will the organization take on
as new initiatives? (e.g., new types of
work, geographies or difficulties)
3) What risks will the organization accept
for competing objectives? (e.g., light on
working capital, exhausted resources)

RESPONDING TO RISK – APPETITE
Risk appetite: The amount of risk – on a broad level –
an entity is willing to accept in pursuit of value.

Projected Earnings at Risk
versus
Financial Gains to be Realized


RESPONDING TO RISK – EVALUATE OPTIONS
Evaluate options in relation to risk appetite.
1.

Consider the degree to which a response
will reduce likelihood of harm

2.

Examine cost versus benefit of potential
risk responses

3.

Select response based on evaluation

4.

Fully understand residual risk
(unmitigated risk)


Implementing Risk Controls
Implementation is driven by ERM policies and procedures
that help ensure that the risk responses are carried out
Occurs throughout the
organization
Occurs at all levels in
all functions

Typically assignable to risk owners, not risk managers

STEPS TO SUCCESSFUL
IMPLEMENTATION
•
•
•
•
•
•


Identify objectives
Assign responsibilities
Set deadlines
Track progress
Complete installation
Test the control

TRACKING AND VERIFYING CONTROLS
TRACKING TO BE DONE:
• Track the performance of new or
improved controls

VERIFICATIONS TO OBTAIN:
• Verify that the controls remain
intact and functional


ERM

FINAL RESULT


ERM IMPROVEMENT CYCLE


IMPLEMENTATION – NO FREE LUNCH
TIME


RESOURCES

COMMITMENT

IMPLEMENTATION – ROI
A simple calculation
Cost of Labor for
Running ERM
vs
Savings from
Avoidance, Transfer,
or Mitigation of Risk


ERM IMPLEMENTATION – HOW TO
A path to success . . .
1) Embrace risk awareness
2) Assign a risk management leader
3) Install a risk-minded culture
4) Grow to understand your own risk exposures

5) Begin the search for risk factors
6) Learn how to effectively assess risk
7) Perform a complete risk analysis
8) Establish a routine risk assessment schedule

9) Set ERM in motion


ERM

THANK YOU FOR
YOUR TIME


ERM_Presentation_SuretyCredit_111413

More Related Content

What's hot

Viewers also liked

Similar to ERM_Presentation_SuretyCredit_111413

Recently uploaded

ERM_Presentation_SuretyCredit_111413