1. Enterprise Governance, Risk and Compliance
Athens 12 November 2014
Living and Working in a Riskier World
Julia Graham
President of FERMA
2. Where we are
22 member associations in 20 countries
Over 4300 individual
members who are
responsible for risk
management and/or
insurance in their
organisations
6. World Economic Forum – Global Risk Report 2014
The 10 risks of highest concern to respondents are:
1. Fiscal crises in key economies
2. Structurally high unemployment/underemployment
3. Water crises
4. Severe income disparity
5. Failure of climate change mitigation and adaptation
6. Greater incidence of extreme weather events
7. Global governance failure
8. Food crises
9. Failure of a major financial mechanism/institution
10. Profound political and social instability
Source: World Economic Forum, Global Risks 2014
7. Which of these risks appear on corporate risk maps?
The 10 risks of highest concern to respondents are:
1.Economic slow down / slow recovery
2.Regulatory / legislative changes
3.Increasing competition
4.Damage to reputation / brand
5.Failure to attract or retain top talent
6.Failure to innovate / meet customer needs
7.Business interruption
8.Commodity price risk
9.Cash flow / liquidity risk
10.Political risk / uncertainties
Source: Aon Global Risk Management Survey 2013 / Underrated threats? 2013
8. Which of these risks appear on corporate risk maps?
The 10 risks of highest concern to respondents are:
1.Economic slow down / slow recovery
2.Regulatory / legislative changes
3.Increasing competition
4.Damage to reputation / brand
5.Failure to attract or retain top talent
6.Failure to innovate / meet customer needs
7.Business interruption….?
8.Commodity price risk
9.Cash flow / liquidity risk
10.Political risk / uncertainties
Source: Aon Global Risk Management Survey 2013 / Underrated threats? 2013
9. Directors of Captives – sense check
• Cyber
• Interdependency of risk
• Pandemic / health risk
• Pension scheme funding risk
• Terrorism risk
• Creativity in the insurance industry
• increased focus on risk management spend
• Failure to attract top talent
• Unethical behaviour
• Supply chain?
Source: Aon - Underrated threats? 2013
Cyber no longer
on the horizon
Innovation often
comes from the
producer not the
customer
increased risk complexity
and connectivity adds to the
challenge for risk managers
Travel increased from 683m
to 1bn in a decade – yet
pandemic off the radar …
then came Ebola
11. We live and work in a riskier world
Graphic to be
replaced
Change
Complexity
Connection
Source: World Economic Forum, - Global Risks 2014
12. Global risks are beyond normal Board activities
• Corporate risk maps tend to focus on risk where the company
has some control
• These risks are big and catastrophic
• It is not clear how Boards should tackle these risks
• Do they have the know-how?
• Yet the Board is best placed to manage them
13. Managing Global Risks
• Focus on impacts, outcomes and consequences for your
operations, not the risks themselves
• Check critical dependencies
• Check and reinforce contingency planning and crisis
management capabilities
• Improve your risk radar throughout your extended network
• Focus on agility
14. A broader approach to resilience
Resilience is about
opportunity, adaptation and
evolution as well as managing
disruptions and crises
• Less resilient organisations are
prone to failure
• Organisations are more complex,
impacts materialise faster
• Can’t be expected to address all
risks
• Resilience for many means
focussing on operational issues,
missing the more strategic ones
Source: AIRMIC and others - Roads to Resilience 2014
15. Roads to Resilience
Resilient companies have exceptional risk radar to detect
changes 1 in the external and internal situation
Resilient companies have diversified resources and assets
2 to facilitate alternative approaches and adaptation to change
Resilient companies build strong relationships and
3 networks, both internally and externally
Resilient companies have the ability to respond rapidly and
4 decisively to an emerging crisis
Resilient companies review and adapt based on experience and
5 changing circumstances
Source: PWC 2014
16. Resilience – three key messages
Resilience is about long-term
surviving and thriving
Resilience is generated (and
lost) by who we are, what we
know, what we do and how
we do it
Well understood resilience can
be measured, manipulated
and leveraged
16
Source: PWC 2014
19. The 2014 FERMA Risk Map
Top 10 2014 2012 Mitigation level Satisfaction level
1. Political – Government intervention, legal & regulatory changes
2. Reputation and brand
3. Compliance with regulation and legislation
4. Competition n.c*
5. Economic n.c*
6. Market strategy, client n.c*
7. Planning and execution of strategy
8. Human resources / key people, social security (labour)
9. Quality (design, safety & liability of products & servides)
10. Debt, cash flow n.c*
*n.c not comparable High Medium Low
20. Embedded activities
• Insurance management and claims
handling and insurable loss prevention
• Development of risk maps
• Assistance to other functional areas in
contract negotiation, project management,
acquisitions and investments
• Design and implementation of risk controls /
prevention
SEMINAR 2014 20
Trend
21. Planned activities
• Development and embedding of business
continuity management
• Alignment and integration of risk management
as part of business strategy
• Development and integration of risk culture
across the organization
SEMINAR 2014 21
Trend
23. Three Lines of Defense
Source: Audit and Risk Committees - News from EU Legislation and Best Practices 2014
24. Risk and Audit Committee responsibilities
1. Review risk management systems
2. CRO or equivalent
3. External audit
4. Relationship and coordination
5. Report annually on the effectiveness and efficiency of
risk management in the organization
6. Review annually the performance and terms of
reference of the Committee in order to determine
whether it is functioning effectively by reference to
best practices
7. Oversee the integrity of the financial reporting process
and financial reports
8. Review the efficiency of internal control and risk
management systems
9. Review and appraise the audit activities:
independence, objectivity and effectiveness of the
audit process
10. Supervise the internal audit function
Audit and Risk Committees
News from EU Legislation
and Best Practices
25. Foundations – our profession
Risk Language and Standards are important
26. Many use COSO ERM and ISO 31000
COSO ISO 31000
Lengthy vs. Short
Focused on ERM vs. General approach to managing risk
One cube vs. Framework and process
Skewed to negative vs. Risk can be positive or negative
Risk already exists vs. Risk tied to achieving objectives
Risk & opportunities vs. Opportunities also source of risk
More sequential process vs. More iterative process
… Concepts not aligned
27. Standards or Frameworks Used
ISO 31000 up 5% from 2011
COSO up 2% from 2011
Source: RIMS 2013 Benchmark Survey - Produced by Advisen
28. ISO 31000 Development
ISO 3100 adopts a management system
Plan - Do - Check - Act
ISO 31000 published in November 2009
Technical Committee and Working Group
ISO Experts for risk management
Responsible for ISO 31000 and its maintenance and further
development
Represents the opinion of countries and cultures
Undertaking a limited revision of ISO 31000 in the short term,
following the principle of continual improvement
Including the human and cultural factors in risk management
Determine in the long run a more fundamental technical revision
This work will take into consideration the global development of risk
management
30. Innovation – our needs
• A frequently used word at cocktail parties
• Innovation is not invention
• We live and work in a riskier world
• Organizations need solutions for the conventional and unconventional
• Are insurers up to the challenge?
• Are brokers up to the challenge?
• Are we up to the challenge?
"It’s about the people you have, how you are
led, and how much you get it"
Steve Jobs
31. • Managing Diversity makes business sense:
– 78% risk managers are over 45 years old
– 73% risk managers are male
• Diversity demands:
– Leadership by Top Management
– Leadership by example
– Action not just words
• Sustainable change not a project
• Diversity is more than gender
– Culture
– Gender
– Age
– Ethnicity
Diversity – our assets
4 permanent staff in Brussels. Close relationship with the European Institutions and major representations of the insurance industry in Brussels.
Be Like A Swan. Stay calm on the surface – keep everything running smoothly and delivering services to the level expected
To do this – you need to paddle like hell underneath
Partner and fee earners may not always see – or recognise – how hard we're working, but I can assure you, they'll soon notice it if we stop paddling fast enough to deliver the services required to keep the business afloat.
So if no one else says thanks for everything you do – on behalf of the firm – thank you!
It’s great to have a good strategy, but it’s nothing if we don’t implement it.
So what happens next? What do we do with the Strategic Framework?
IMPLEMENTATION PROCESSES: business model, legal structure, certification & accreditation processes, administrative structure