Governance in Enterprise Risk Management
Presented by Michael Lawrence
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
12. Do We Need to Manage Risks?
Click each tab for more information. Click the ‘next’ button to continue.
1971
Rolls-Royce Declared
Bankrupt
2010
Rolls-Royce Qantas A380
Engine Explosion
2013
Formal Bribery Investigation
at Rolls-Royce
News Source: http://www.telegraph.co.uk/
Screen 16
13. Do We Need to Manage Risks?
1971
Rolls-Royce Declared
Bankrupt
2010
Rolls-Royce Qantas A380
Engine Explosion
2013
Formal Bribery Investigation
at Rolls-Royce
14. Do We Need to Manage Risks?
1971
Rolls-Royce Declared
Bankrupt
2010
Rolls-Royce Qantas A380
Engine Explosion
2013
Formal Bribery Investigation
at Rolls-Royce
News Source: http://www.bbc.com/news/business-23076586/
15. Do We Need to Manage Risks?
Click each tab for more information. Click the ‘next’ button to continue.
1971
Rolls-Royce Declared
Bankrupt
2010
Rolls-Royce Qantas A380
Engine Explosion
2013
Formal Bribery Investigation
at Rolls-Royce
News Source: http://www.telegraph.co.uk//
Screen 16
You have now seen various examples on how not managing risks properly resulted in severe losses and even closure of businesses.
We would like to think these things cannot happen at Rolls-Royce. But could they?
36. 36
Rolls-Royce Proprietary Data
Identify Principal Risks (PR)
Impact of PRs on Long Term
Viability
Set Risk Appetite for PRs
Monitor Mitigation & Controls
of PRs
Governance of PRs
Reporting
AssessEffectivenessof
RiskManagementSystem
Risk Management Process
Effectiveness is measured in two steps:
1) Where is risk management being performed?
2) Is it performed to an acceptable standard?
3) What incidents have happened?
37. Enterprise Risk Management Framework 37
Process1 Hierarchy Tools
Plan
Identify
Assess
Treat
Review
Close
Risk management culture
Risk organisation3 and training
Supporting
technology
Risk
appetite2
Templates
and guides
Risk
policy
Group
RMP
Assurance
1) Board
2) Board
committees
3) ELT risk
committee
4) Business /
Functions
5) Sub-Business /
Major Projects
Governance & Committees
Effectiveness
measures & KRIs
1 Risk process is in Rolls-Royce Management System and is integrated with Strategy, Capex, PM and MI&F
2 Appetite expressed using impact categories and Group escalation criteria
3 ERM central, Champions, Co-ordinators & Facilitators
Principal
risks
Key risks
Business/Function
risks
Sub-Business /
Major Projects
Group risk register
Incident
reporting
Deep
dives