This document summarizes the key findings of a survey conducted by Harvard Business Review Analytic Services on leadership in risk management at European companies. The main points are:
1) Responsibility for risk management is increasingly concentrated at the top levels, with either the CRO, CEO/CFO, or board having direct responsibility at many companies.
2) Companies are emphasizing strong board engagement and regular communication with the C-suite on risk exposures. However, communication between the C-suite and CRO needs improvement at some companies.
3) While risk management is aligning with company strategies, companies are making less progress integrating it into strategic projects like mergers. Adopting risk-based incentives is also slow
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
Julia Graham
Technical Director and Deputy CEO, Airmic
Immediate Past President and Board Member, FERMA
The Fourth Revolution Managing risk in a changing worldAre you a tenant or an owner?
5th April 2016
Moscow
The presentation is from Mr. Mark Victor , Director, Deloitte Consulting, South Africa, from the just concluded African Round Table & Conference on Corporate Sustainability and Responsibility (AR-CSR™), which held in Tinapa Business Resort, Calabar, Cross River State between 20 to 21 June, 2013. Organised by ThistlePraxis Consulting Limited
When setting the risk appetite, does your firm:
1.Balance the risks with the mitigation costs
2.Balance the risks with the mitigation costs AND the client focus
3.None of the above
Impact of Changing World Politics in Managing RiskPECB
The webinar discussed how the Trump administration will manage risks during their governance and how it will have impact in the US as well as throughout the world. The likely changes that will occur during his administration and how these changes will affect the management of risk internationally are also mentioned.
Main points covered:
• Unique Risk Characteristics of Trump Administration
• International Aspect of Managing Risk
• Essential Steps to Managing Risk
• Current Approaches to Risk Management
• Involving Your Personnel Instead of Outsiders
• Foreseeing and Identifying Risk Prior to Impact
• Ranking Risk for Countermeasure Effectiveness
• Attaining Managed Risk!
Presenter:
Dr. Vernon Grose is the Chairman of Omega Systems Group and the author of the best-seller– “MANAGING RISK: Systematic Loss Prevention for Executives”, along with three other books, and over 60 professional papers. He has been an executive in 3 major US corporations and was appointed by President Ronald Reagan as a Member of the National Transportation Safety Board. His expertise has been solicited for over 500 TV interviews internationally involving aviation crashes and disasters. Appointed to the NASA Advisory Board for Apollo spacecraft missions, he has had the opportunity to meet 10 of the 12 men who walked on the Moon. Dr. Grose has taught graduate-level university courses in the US, Canada, Germany, Spain, and Mexico related to managing risk.
Link of the recorded session published on YouTube: https://youtu.be/6naMwZqpQL0
What are the key components of holistic risk management? This report, sponsored by SAP, investigates the organisational measures companies must take to address the totality of the risks they face. Read more>> http://bit.ly/1LsYvUx
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...Marc Ronez
This presentation highlights 5 directions to explore to improve your ERM Strategy and practices in your organization in order to nurture an ERM system and culture that creates Value.
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryFindWhitePapers
The Economist Intelligence Unit examines the lessons learned from the current financial crisis, and proposes ten practical lessons that could help to address perceived weaknesses in risk identification, assessment and management.
Julia Graham
Technical Director and Deputy CEO, Airmic
Immediate Past President and Board Member, FERMA
The Fourth Revolution Managing risk in a changing worldAre you a tenant or an owner?
5th April 2016
Moscow
The presentation is from Mr. Mark Victor , Director, Deloitte Consulting, South Africa, from the just concluded African Round Table & Conference on Corporate Sustainability and Responsibility (AR-CSR™), which held in Tinapa Business Resort, Calabar, Cross River State between 20 to 21 June, 2013. Organised by ThistlePraxis Consulting Limited
When setting the risk appetite, does your firm:
1.Balance the risks with the mitigation costs
2.Balance the risks with the mitigation costs AND the client focus
3.None of the above
Impact of Changing World Politics in Managing RiskPECB
The webinar discussed how the Trump administration will manage risks during their governance and how it will have impact in the US as well as throughout the world. The likely changes that will occur during his administration and how these changes will affect the management of risk internationally are also mentioned.
Main points covered:
• Unique Risk Characteristics of Trump Administration
• International Aspect of Managing Risk
• Essential Steps to Managing Risk
• Current Approaches to Risk Management
• Involving Your Personnel Instead of Outsiders
• Foreseeing and Identifying Risk Prior to Impact
• Ranking Risk for Countermeasure Effectiveness
• Attaining Managed Risk!
Presenter:
Dr. Vernon Grose is the Chairman of Omega Systems Group and the author of the best-seller– “MANAGING RISK: Systematic Loss Prevention for Executives”, along with three other books, and over 60 professional papers. He has been an executive in 3 major US corporations and was appointed by President Ronald Reagan as a Member of the National Transportation Safety Board. His expertise has been solicited for over 500 TV interviews internationally involving aviation crashes and disasters. Appointed to the NASA Advisory Board for Apollo spacecraft missions, he has had the opportunity to meet 10 of the 12 men who walked on the Moon. Dr. Grose has taught graduate-level university courses in the US, Canada, Germany, Spain, and Mexico related to managing risk.
Link of the recorded session published on YouTube: https://youtu.be/6naMwZqpQL0
What are the key components of holistic risk management? This report, sponsored by SAP, investigates the organisational measures companies must take to address the totality of the risks they face. Read more>> http://bit.ly/1LsYvUx
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...Marc Ronez
This presentation highlights 5 directions to explore to improve your ERM Strategy and practices in your organization in order to nurture an ERM system and culture that creates Value.
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryFindWhitePapers
The Economist Intelligence Unit examines the lessons learned from the current financial crisis, and proposes ten practical lessons that could help to address perceived weaknesses in risk identification, assessment and management.
There is overwhelming consensus from financial services executives that the current risk environment has become significantly more complex, dynamic, and difficult to navigate. This is evidenced by the performance and growth challenges firms face today - caused in part by failures to adequately manage risk from across financial products, operations, and business units.
With this turbulence has come a much greater interest in understanding and managing risk holistically and ensuring Risk Management is truly enterprise-wide, part of the organization's DNA, and much more performance-based.
In this presentation, IDC Financial Insights and Guidon Performance Solutions join to discuss principles and the roadmap for building mature and effective Enterprise Risk Management (ERM) that leads to competitive advantages.
By viewing you will gain perspective on:
- Setting a shared vision for risk management
- Linking Enterprise Risk Management to the culture
- Ensuring performance - efficiency and effectiveness
- Enabling the risk management process with technology
Need to know more about private equity and hedge funds? Then you have come to the right place with this quick overview presentation. This is based on my book: "Figuring Out Wall Street". A part of a continuing series of on the financial services industry. We provide training, custom developed to your needs. Contact us to discuss your needs and get a quote.
The Management of Uncertainty
•It has long been recognized that one of the most important competitive factors for any organization to master is the management of uncertainty.
•Uncertainty is the major intangible factor contributing towards the risk of failure in every process, at every level, in every type of business.
•Managing business uncertainty may involve introducing, developing and implementing strategic enterprise management frameworks for –
–Corporate Foresight and Business Strategy
–Business Planning and Forecasting
–Business Transformation
–Enterprise Architecture
–Enterprise Risk Management
–Enterprise Performance Management
–Enterprise Governance, Reporting and ControlsEAEA
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
This presentation slides is intended for the training-workshop lead as well as the participants.
Developed based on ISO 31000:2009 – Principles and Guidelines on Implementation, ISO/IEC 31010:2009 – Risk Assessment Techniques, ISO Guide 73:2009 – Vocabulary.
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIGFERMA
Our webinar illustrates how risk managers can support their boards in expressing the risk appetite of the organisation and provide input in the ‘annual report’ process. The EU system will be compared to the US approach.
- role of the risk manager as a strategic advisor when it comes to respond to Board questions on transparency requirements (risk reporting, reputation…)
- role of the risk manager about the quality of the reported data about risks, their identification, collection and assessment
A strong disclosure regime that promotes real transparency is a pivotal feature of market-based monitoring of companies and is central to shareholders’ ability to exercise their shareholder rights on an informed basis.
Over the past years, transparency has largely been the leitmotiv for regulators to require additional disclosures that goes beyond the financial and operating results of the company.
Risk Manager, a career central to corporate strategy
The job of Risk Manager is becoming increasingly cross-disciplinary and digital in response to a fast-changing economic and regulatory environment.
44% of respondents can contact the CEO directly
56% of respondents believe their role is increasingly recognised internally
53% of respondents think that the risk manager is becoming the risk conductor by consolidating risk information to give a clear and comprehensive view to the senior management
FERMA European Risk and Insurance Report (ERIR) 2016FERMA
FERMA's 2016 European Risk and Insurance Report (ERIR) is gathering the views of more than 600 European risk managers at a time of major changes in Europe.
The findings of this report, combined with FERMA’s mission and strategy, will shape our activities over the next two years.
One of the priorities that our members see for FERMA is to strengthen the professional standing of risk managers in Europe, and FERMA’s professional certification programme rimap® will be an important contribution to achieving that objective.
FERMA’s 2016 European Risk and Insurance Report is a source of valuable information and topics for further discussion to build the profession.
Since the onset of the global financial crisis in 2008, businesses around the world have faced a barrage of new risk-related challenges.
The macroeconomic environment of recent years, marked by the global financial crisis, fiscal uncertainty in the US and sovereign debt problems in Europe, has also helped to make companies more riskaverse, leading them to swap bold investment decisions for more cautious behaviour and cash hoarding. The tide is turning, however, with most expecting 2014 to mark a return to growth...
FERMA contribution to the French Presidency agendaFERMA
FERMA thought paper highlights the links between its work and the priorities of the French Presidency in three key areas :
Economic recovery (systemic risks and risk transfer, including captives)
Digital issues (cyber risks and cyber insurance)
Ecological transition (sustainability and insurability)
For each of these categories, FERMA presents the challenges faced by European businesses, explains how risk management contributes to the ambitions of the French Presidency and asks European policymakers for specific measures during this period.
Articles published as sponsored content in the Risk & Compliance Journal from The Wall Street Journal from August 2017 to August 2018. https://deloi.tt/2CMG6lI
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
The new guidance is based on IRM’s professional standards and is aimed at organisations of all types seeking to recruit a Chief Risk Officer (CRO), perhaps their first, or to make other senior risk appointments.
Similar to Leadership and Risk Management report (20)
The role of risk management in corporate resilienceFERMA
The report presents the views of risk and insurance professionals and senior executives about a post-pandemic view of resilience management in their organisations across sectors globally in the summer of 2021.
Webinar: the role of risk management in corporate resilience FERMA
FERMA and McKinsey will present the findings of our survey into resilience and risk management. The objective is to give risk and insurance professionals a richer understanding of resilience in a strategic and practical way. Two leading risk managers will discuss the results of our survey and will reflect more broadly on the link between risk and resilience. By the end of the webinar, you will be well versed in resilience from an enterprise risk management perspective.
People, Planet & Performance: sustainability guide for risk and insurance man...FERMA
On 31 March, FERMA releases the first guide specifically for European risk managers on sustainability risks.
People, planet, performance – The contribution of Enterprise Risk Management to Sustainability provides practical guidance on incorporating sustainability goals into enterprise-wide risk management.
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...FERMA
Philips Global Resilience Platform: Breaking down silo approach of departments by collaborating in multidomain platform making our company more resilient
Argo Group: entry for emerging risk initiative of the year Award 2020FERMA
Adam Seager, Chief Risk Officer of Argo Group demonstrates the context, challenges and solutions he put in place for Agor Group during the time of crisis like the Covid19 pandemic.
George Ong, Chief Risk Officer, Northern Ireland WaterFERMA
Nominations for the Public Sector Risk Manager of the Year for the European Risk Management Awards 2020.
George Ong is the Chief Risk Officer for Northern Ireland Water (NIW), a Government Owned Company (GoCo). George joined the business in 2006 with a clear remit of implementing a risk and insurance management system given that the ‘Government Protection’ was to be removed from 1st April 2007. Since then George has worked to adapt, enhance and embed risk management arrangements within NIW, developed partnerships with businesses, communities and institutions to improve resilience for the Company and the community. #euroriskawards
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...FERMA
FERMA's joint webinar with RIMS on 1 December provided insights into the way risk managers have experienced and dealt with the global pandemic and its consequences.
FERMA and RIMS teamed up to bring you content from both sides of the Atlantic Ocean. The webinar began with a presentation of the results from FERMA’s COVID-19 survey, and then took a Transatlantic view on commonalities and differences.
Speakers:
Athina Pehrman, Group Risk Manager at Electrolux Professional Group, a sustainability leader in the appliance industry
Melanie Steiner, Board Member, US Ecology, Inc. a leading provider of environmental services to commercial and government entities. Former CRO
Typhaine Beaupérin, CEO of FERMA, moderator.
European Risk managers have helped maintain the continuity of their organisations during the pandemic crisis. They have participated in task forces and crisis units, promoted communication, supported new working practices, pursued insurance recoveries where possible and begun work on recovery, according to a survey published by the Federation of European Risk Management Associations (FERMA): https://www.ferma.eu/publication/covid-19-ferma-survey-shows-risk-managers-contributions-to-response-and-resilience/
GDPR & corporate Governance, Evaluation after 2 years implementationFERMA
FERMA’s live joint webinar with ECIIA on Monday 28 September gathered more than 300 participants
The objective of this joint webinar was to take stock of where we stand after 2 years of GDPR implementation and the practical consequences on businesses. For this, FERMA and ECIIA (European Confederation of Institutes of Internal Auditing) invited the following speakers:
- Olivier Micol, Head of Data Protection Unit at the European Commission, Directorate-General for Justice. He highlighted key elements of the recent GDPR evaluation report of the European Commission, shared the latest data and feedback from companies and civil society. He also gave an overview of future planned initiatives.
- Jérôme Avot, Group Risk Officer and Data Protection Officer at Faurecia, a global leader in automotive technology.”The GDPR served as a common thread from the start to the end of the project. We feel we have turned what might have been perceived as a constraint into an opportunity. “
- Ralf Herold, Senior Vice President, Corporate Audit BASF, a leading chemical company. He is an expert in GDPR as Germany was a pioneer in this piece of legislation.
Jérôme Avot and Ralf Herold shared their experience as a Risk Manager and DPO and as an Internal Auditor by exchanging on the changes that the GDPR involved within their companies.
https://www.ferma.eu/webinar-replay-gdpr-corporate-governance-evaluation-after-2-years-implementation/
The European risk manager report 2020: webinar presentationFERMA
This 2020 edition is the opportunity to deepen four challenges that the Risk Manager is facing today:
his growing role in digital transformation
his contribution to sustainability
tougher insurance market conditions
education and skills evolution
The objective of this report is to launch the discussion on the new challenges posed by the European transition to climate neutrality and digital leadership for Risk Managers. How are the roles and responsibilities of European Risk Managers evolving in the face of this new reality? Are Risk Managers equipped to support their organizations in achieving this double transformation?
Our live webinar was scheduled on Monday 29 June 2020: risk managers from different backgrounds shared their experiences on the below themes and reacted to the results of the survey, in particular before and after the Covid-19 crisis.
The speakers were:
Adriana Cavaliere : Corporate Risk Manager at Skeyes, Belgium
Oliver Wild: Group Chief Risk, Insurance and Internal Control Coordination Officer at Veolia, France
Charlotte Hedemark: Chairman of the 2020 FERMA Survey Committee and Board Member of FERMA
Françoise Bergé: PwC Partner
FERMA European Risk Manager Report 2020: full set of results FERMA
This 2020 edition is the opportunity to deepen four challenges that the Risk Manager is facing today:
his growing role in digital transformation
his contribution to sustainability
tougher insurance market conditions
education and skills evolution
The objective of this report is to launch the discussion on the new challenges posed by the European transition to climate neutrality and digital leadership for Risk Managers. How are the roles and responsibilities of European Risk Managers evolving in the face of this new reality? Are Risk Managers equipped to support their organizations in achieving this double transformation?
Webinar: Why risk managers should look at Artificial Intelligence now?FERMA
Risk Managers can be key actors in highlighting to the organisation leadership the opportunities and challenges of AI technologies
On 19 May, the objective of this webinar was to discuss:
How AI can be implemented into the risk management practices?
Which opportunities is AI creating for better risk management?
What are the highlights of the European Commission’s risk-based approach to Artificial Intelligence?
Speakers were:
Philippe Cotelle, Head of Insurance Risk Management at Airbus Defence and Space and FERMA Board member, will highlight the key findings from FERMA’s report on “AI applied to Risk Management”.
Irina Orssich and Eric Badiqué are both working for the European Commission as Team leader and Adviser for Artificial Intelligence in the Unit for Technologies and Systems for Digitising Industry. They will present the Commission’s White Paper on AI and the other EU initiatives which aim at strengthening the EU legal framework regarding AI applications, especially in the field of privacy.
GDPR & corporate governance: the role of risk management and internal audit o...FERMA
The webinar discussed the full results and recommendations of a joint project between FERMA and the European Confederation of Institutes of Internal Auditing (ECIIA), to assess how the EU General Data Protection Regulation (GDPR) impacted our professions, one year after its enforcement. This webinar helped to know:
- To which extent the risk manager and the internal auditor are involved in the GDPR corporate implementation
- How GDPR has affected the interactions between risk management, internal audit and Data Protection Officer (DPO)
- What are the best practices and recommendations to embed personal data protection in the risk and audit governance of your organisation
After one year of GDPR implementation, FERMA and ECIIA sent in May a common basis of five questions to their risk and internal audit members.
The objectives were to:
- Evaluate the roles of the risk management and internal audit functions regarding the GDPR and personal data related risks
- Provide a unique insight into the implementation of the GDPR by companies to the European policymakers
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...FERMA
This paper is a collaboration between FERMA and the European Confederation of Internal Audit Institutes ECIIA and focuses on the impacts of the GDPR on corporate governance practices in the year following its implementation. Most specifically, it looks at the roles played by internal audit departments and risk management functions.
Ferma report: Artificial Intelligence applied to Risk Management FERMA
FERMA brought together a group of experts from within and beyond the risk management community to develop the first thought paper about AI applied to risk management.
Their aim was to perform an initial assessment of the potential value of AI to improve enterprise risk management (ERM), and second, to understand how risk managers can be key actors in highlighting to the organisation leadership the opportunities and challenges of AI technologies.
The working group expects that corporate risk management will benefit from AI in several areas. “From its ability to process large amounts of data to the automation of certain risk management repetitive and burdensome steps, AI could allow risk managers to respond faster to new and emerging exposures. By acting in real time and with some predictive capabilities, risk management could reach a new level in supporting better decision making for senior management.”
This paper aims to guide risk managers on applying AI from a basic understanding to developing their own strategy on the implementation of AI. It includes an action guide and a template for risk managers to develop their own AI risk management roadmap.
Webinar: how risk management can contribute to sustainable growth?FERMA
This webinar will help risk management and sustainability practitioners apply enterprise risk management (ERM) concepts and processes to environmental, social and governance-related risks (ESG)
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA
The recommendation for a cyber risk governance model came in a report published 29 June 2018 by the Federation of European Risk Management Associations (FERMA) and the European Confederation of Institutes of Internal Auditing (ECIIA).
FERMA and ECIIA presented their report at a high-level event at the European Parliament with representatives of the EU institutions, the World Economic Forum, risk and audit practitioners from European businesses, and other European stakeholders.
The report, At the junction of corporate governance and cybersecurity, aims primarily at supporting European organisations in meeting their obligations under the EU General Data Protection Regulation and Network Information Security Directive. Recent cyber attacks, however, increased concerns on what the risk experts see as a wider lack of focus on risk governance in cyber security.
More information here:
https://www.ferma.eu/ferma-webinar-junction-corporate-governance-and-cyber-security?type=events
What will you learn from this presentation?
- Compare and assess your own governance of cyber risks against the proposed cyber risk governance model
- Know where you stand in the evolutionary journey towards cyber resilience: reactive, proactive, predictive...
- Define the key stakeholders for cyber security and conditions for success
- Find mechanisms that help leadership determine effective and efficient resource allocation
- Plan for the next move to improve your cyber risk governance
Ferma PwC European Risk Manager Report_ full set results 2018FERMA
Risk Manager, a career central to corporate strategy
The job of Risk Manager is becoming increasingly cross-disciplinary and digital in response to a fast-changing economic and regulatory environment.
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
In the Adani-Hindenburg case, what is SEBI investigating.pptxAdani case
Adani SEBI investigation revealed that the latter had sought information from five foreign jurisdictions concerning the holdings of the firm’s foreign portfolio investors (FPIs) in relation to the alleged violations of the MPS Regulations. Nevertheless, the economic interest of the twelve FPIs based in tax haven jurisdictions still needs to be determined. The Adani Group firms classed these FPIs as public shareholders. According to Hindenburg, FPIs were used to get around regulatory standards.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
VAT Registration Outlined In UAE: Benefits and Requirements
Leadership and Risk Management report
1. A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES
Leadership in
Risk Management
Sponsored by
2. ABOUT ZURICH INSURANCE GROUP
Zurich Insurance Group (Zurich) is a leading multi-line insurance provider with a global
network of subsidiaries and offices in Europe, North America, Latin America, Asia-Pacific,
the Middle East, and other markets. It offers a wide range of general insurance and life
insurance products and services for individuals, small businesses, mid-sized and large
companies, and multinational corporations. Zurich employs about 60,000 people serving
customers in more than 170 countries. Founded in 1872, the group is headquartered in
Zurich, Switzerland.
LEARN MORE: www.zurichcorporateforum.com
ABOUT FERMA
The Federation of European Risk Management Associations (FERMA) brings together
22 national risk management associations in 20 European countries. FERMA has 4,500
individual members representing a wide range of business sectors, from major industrial
and commercial companies to financial institutions and local government bodies. These
members play a crucial role for their organizations with respect to the management and
treatment of complex risks and insurance issues.
ABOUT PRIMO
The Public Risk Management Organisation (PRIMO) was established with the aim of
advancing the knowledge about and use of risk management within the local governmental
sector and the public sector at large in Europe. To achieve this purpose PRIMO Europe will
provide a comprehensive Web library with risk management information, newsletters,
education, and conferences.
PRIMO’s long-term aim is to establish risk management as a natural and integral part of
good public governance. It comprises a pan-European umbrella organization of independent
PRIMO national chapters and other organizations within the public sector from sixteen
European countries, covering 16,000 managers.
3. Leadership in
Risk Management
Executive Summary
THE C-SUITE IS taking a stronger role in leading the risk management effort at major primarily European
companies, underscoring the higher priority risk has assumed in the wake of several years of financial
SURVEY HIIGHLIGHTS
and economic turmoil. Congruently, companies are underscoring the need for strong board involvement
to facilitate decision-making regarding strategic and enterprise-wide risks and to encourage acceptance
of a culture of risk management further down in the organization. Companies are struggling, however, to
create a wider role for the risk function as a participant in strategic planning and transformational initiatives. And European executives express concern about the robustness of their risk management processes
and channels of communication.
Vast changes in how business is done, sparked by the technology revolution and globalization, are meanwhile raising concerns about company and brand risk. These and other challenges are prompting companies to devote more resources to defining their risk appetite and to tracking, measuring, and analyzing
48%
of companies said their
chief risk officer plays a
role in communicating an
affirmative risk culture.
risk through such tools as “heat maps,” key risk indicator scorecards, scenario analysis, and loss forecasting. The challenge, however, some executives said, is still to make sure that risk is “owned” at appropriate
levels of the organization and that risks are communicated efficiently, such that top management and the
board can make timely, fact-based decisions about how to address them.
According to a recent Harvard Business Review Analytic Services survey of European companies, sponsored by Zurich, the Federation of European Risk Management Associations (FERMA), and the Public Risk
Management Organisation (PRIMO):
■■C-suite supervision of risk management is intensifying. The survey indicates that, at 35% of organiza-
tions, either a CRO or a risk manager has direct responsibility for risk management. At 27%, either the
CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%.
■■The
majority of companies have education and review processes in place that keep the board and the
20%
of respondents’
organizations describe
the risk function as a tool
for making more effective
strategic decisions and
investments.
C-suite informed about their risk exposures. Key risks are communicated to the C-suite regularly at
70% of organizations.
■■Only
17% of respondents described communication between the C-suite and the CRO as being com-
prehensive or nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee—despite the crucial role the risk committee plays in making sure risk data are
discussed thoroughly and passed on to the board.
■■Companies aspire to forge closer links between risk management and strategic planning. Roughly half said
their risk management process is closely or very closely aligned with their overall strategy and budget.
■■Companies are making less progress at bringing the risk function’s resources to bear on transformative
business projects such as mergers, however. Only 20% described the risk function as a tool for making
40%
of companies have yet
to set up a broad-based
cross-functional
risk committee.
more effective strategic decisions and investments.
■■Companies have been slow to adopt risk-based incentives as part of compensation. Only 12% said they
align risk management with executive pay.
LEADERSHIP IN RISK MANAGEMENT | 1
4. ■■Brand
and reputation risk are also rising concerns, cited by nearly two-thirds of companies as an area
requiring top management-level attention.
■■Some
executives and other experts single out lack of risk management talent as an important area of
risk, particularly when the company is entering a new geographic or product market.
■■Processes
to define risk appetite are now in place at nearly half of companies. Systemic risk manage-
ment tools and analytics that enable them to track and analyze risk, and can then inform risk committee discussions, are in more common use.
Introduction: Leadership at the Top Levels
Buffeted by global competition, the shocks of the 2007-08 financial crash, and its recession-wracked
aftermath, European companies are prioritizing risk management as never before. Increasingly, top management and the board are setting direction and taking tighter control of risk management, integrating
with overall company strategy, and inculcating it deeper into the corporate culture. At the same time,
they are intensifying their focus on such areas as reputation and IT risk and are acquiring new tools for
forecasting and mitigating threats.
Reflecting this new prioritization of risk, executives at major companies and leading thinkers on risk management emphasize the board’s and the C-suite’s pivotal role in providing continued leadership and direction. “It’s important that the C-suite be talking as much about risk management as it does about profit,
growth, and customers because they are interdependent. The point is that you can’t optimize profit if you
do not manage—leverage or mitigate—exposures as appropriate,” said Linda Conrad, Director of Strategic
Business Risk at Zurich, at a May 2013 Harvard Business Review webinar.
Figure 1
Responsibility for Risk Management
QUESTION: WITHIN YOUR ORGANIZATION, WHO HAS DIRECT RESPONSIBILITY FOR RISK MANAGEMENT?
18%
Risk manager
17%
Chief risk officer
CFO/treasurer
14%
The board
14%
13%
CEO
7%
Leadership of individual business units
Internal auditor
2%
General counsel
2%
Compliance officer
Other
Total exceeds 100% due to rounding.
2
| A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
1%
14%
75%
5. Three-quarters (75%) of respondents cited the risk function
as a channel through which the C-suite gathers information,
intelligence, and advice on risk.
A recent survey by Harvard Business Review Analytic Services found that direct supervision of risk management is becoming concentrated at the top levels of organizations—either with a chief risk officer (CRO)
or in the C-suite or by the board itself. At 35% of organizations, either a CRO or a risk manager has direct
responsibility for risk management. At 27% of organizations, either the CEO or the CFO/treasurer has
direct responsibility, while the board itself is responsible at 14%. Figure 1
Conrad outlined a three-step process, emphasizing the role of top-level executives, that Zurich uses to
advise on risk management:
■■Securing an executive sponsor—possibly the CEO—together with “ongoing monitoring” by the board.
■■Defining
the scope of risk management and the organization’s risk appetite, prioritizing risks, and
communicating these “down into the organization.”
■■“Assessing
and reassessing” the company’s risk profile, prioritizing the biggest risks, and identifying
triggers that prompt measures to manage risks and assign accountability.
To make a structure like Zurich’s work, European companies are particularly emphasizing strong board
engagement. “You need the support of the board. If you don’t have the support of the board, it will not
work,” said Johan Willaert, Corporate Risk Manager at Agfa-Gevaert NV.
The majority of companies in the survey have education and review processes in place that keep the
board and the C-suite regularly informed about their risk exposures. Key risks are communicated to the
C-suite regularly at 70% of organizations. At more than half (59%) of organizations, the board reviews risk
management policies and procedures annually, and at almost three out of four (72%), it reviews top risk
exposures and treatment actions at least biannually. More than half (56%) of organizations have increased
the resources they devote to risk-related education and training over the past three years, at least for the
CRO level and higher.
Communication Makes Process Work
Making these processes work requires the risk function to serve as a conduit for information flowing
between the board, the C-suite, and the rest of the organization. Almost half (48%) of survey respondents
said the chief risk officer plays a role in communicating an affirmative “risk culture”—more even than the
board (44%) or the C-suite (34%). Three-quarters (75%) of respondents cited the risk function as a channel
through which the C-suite gathers information, intelligence, and advice on risk—more than any other.
Figure 2
Process does not always translate into embedded knowledge and awareness, however. Only 17% of survey respondents described communication between the C-suite and the CRO as being comprehensive or
nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee. This, Willaert said, despite the crucial role that the risk committee—which must be independent
and derive its authority from the board to be effective—plays a role in making sure all relevant levels
of management discuss the company’s risk profile thoroughly and pass on information that enables the
board to make fact-based decisions.
LEADERSHIP IN RISK MANAGEMENT | 3
6. Figure 2
Involvement in Communicating an Affirmative Risk Culture
QUESTION: WITHIN YOUR ORGANIZATION, WHO IS INVOLVED IN DEVELOPING AND COMMUNICATING
AN AFFIRMATIVE “RISK CULTURE”?
48%
Chief risk officer
44%
Board
34%
C-suite
26%
Other
No person or group is proactively promoting
a positive risk culture
6%
75%
Sometimes the process itself breaks down. “As an academic, it often surprises me that, even today, board
members and CEOs are not on the same page and are not having that conversation” about risk as an element of corporate strategy, said Paul Walker, Zurich Chair in Enterprise Risk Management at St. John’s
University. Sometimes the information that board members receive is less than the unadorned truth.
“Last year, I was speaking on this subject,” he said, “and someone at a very large organization came up to
me and said, ‘We clean it up before it gets to the board—we cleanse it, we sanitize it, we delete things.’”
The good news, Walker said, is that board members themselves are asking questions.
“Board members have said to me, ‘We’ve got to get better in doing that,’” said Walker. “Some of the complaints I get from boards are that they don’t get strategy risk information on a timely basis. So they can’t
really help the executive team make the right decision, because they feel rushed in some of these situations. Or they see ERM leaders who talk about ERM, but they don’t seem to think broadly enough and
they don’t do deep dives, and they don’t connect the dots. Or I’ve heard board members say to me, ‘You
say you’re doing ERM, but from our perspective, it looks a lot like silo risk management.’ So they want
organizations to try to connect the dots a little bit more, because there’s a lot of value in doing that.”
Giving Risk Management a Role in Strategic Planning
While many companies still need to get better at communicating about risk and reporting to the board,
risk management is assuming a broader and more strategic role at some. Almost two-thirds of survey
respondents (63%) said they are concerned or extremely concerned about strategic risks—the threat that
some element of their business strategy may be creating new threats.
For some organizations, this translates into closer collaboration between the risk function and strategic planning. Just over half (52%) of respondents said their organization’s risk management process is
closely or very closely aligned with its overall strategy and budget. More than one in four (27%) said that
risk management should help the company leverage upside growth opportunities along with mitigating
downside exposures. And 41% said the risk function has a seat during strategy setting, project launches,
investment, and other business decisions, while 42% said it has a seat occasionally.
That still leaves the bulk of companies yet to be convinced that risk management has a place in strategic planning. “We are still not at that point, but we have progressed,” said Willaert. The CRO plays the pivotal role
4
| A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
7. in making the case, said Conrad: “You have to have a vocal CRO to let senior management know that there
are tools and techniques used in traditional and enterprise risk management that can benefit the strategic
decision-making process.”
Several survey respondents said that the risk function takes part regularly in strategy review meetings.
Several also said that the risk manager or CRO is brought in whenever a major business investment is considered, including to perform an impact analysis or assessment. Yet only 20% described the risk function
as a tool for making more effective strategic decisions and investments, and only 17% described it as a
business tool to help drive profitability by facilitating achievement of objectives. Figure 3
To bring a more active role to the risk function, the CRO must dispel a common image as “a person who
says no to ideas,” said Walker, and must demonstrate the value of the metrics and other tools at their
disposal, often to skeptical officials. Walker cited a recent conversation with a chief strategy officer whose
“biggest criticism of ERM was, ‘I need something that’s actionable. You tell me what the risk is, but how
do I act upon that?’ So we’ve got to be ready for those difficult questions and have the solutions as well.”
Top-level support is crucial, Walker said. The CRO must have “some credibility and some respect and
trust from the C-suite and from the board.” It’s also important “to really understand the business model
and how the company creates value, makes money, or, if it’s a nonprofit, how it achieves its nonprofit
objectives.” The CRO is often “not just someone who’s done ERM his or her whole life,” adds Conrad. “It’s
someone who’s been in the business as well and who knows what’s required to be successful.”
Creating a Risk Management Culture
Creating an internal culture that promotes risk management can be equally challenging. One gauge of
progress, said Willaert, is whether successful risk management is regarded within the company merely as
a nonnegative, or as “a positive thing, an added value.” Communication is key, he said, and needs to be
encouraged in three directions: top-down, bottom-up, and from the audit committee to the board.
Figure 3
Corporate Culture’s View on Risk Management
QUESTION: WHICH OF THE FOLLOWING BEST DESCRIBES YOUR CORPORATE CULTURE’S
VIEW ON RISK MANAGEMENT?
58%
A process to proactively encourage risk identification,
control, and strategic response
Enterprise risk management (ERM)
40%
Corporate governance
39%
Mitigating downside exposures and leveraging
upside growth opportunities
A tool for making more effective strategic decisions
and investments
27%
20%
The audit function
17%
A business tool to help drive profitability by
facilitating achievement of objectives
17%
A matter to be addressed by purchasing insurance
17%
LEADERSHIP IN RISK MANAGEMENT | 5
8. Only 12% of respondents said their organization aligns risk
management with executive pay.
“The top-down part communicates the company’s goals and tools—how we will do it, why we do it—so
that everybody knows not only that risk management is supported by the board but also that it is an
added value for the group,” said Willaert. Bottom-up communication encourages business and functional
leaders to “own” risk, understanding that if they raise an issue within their purview, their action will be
seen “not as a reason to blame them but rather as an effort to improve and protect the balance sheet of the
company.” The third circuit ensures that risks detected by the audit committee are brought to the board
for discussion and possible action.
Communication and reporting standards emerged as a significant focus of concern in the survey. More
than one-third of respondents expressed concern that proactive communication, potentially preventing
or lessening the impact of a crisis, does not take place in a timely manner during daily operations. More
than one in four (27%) expressed concern about the impact of both overrides and work-arounds to existing risk management policies and procedures and of a “good news culture” that prevents management
from receiving and absorbing counterintuitive, non-consensus information or views on risk (29%).
If the process of communication, monitoring, and reporting of risk at every level is the “stick” of risk culture,
the “carrot,” Conrad said, is incentives—“tying risk to hitting your targets for that year. There’s obviously a
motivation for each person who likes to keep getting a paycheck or a bonus.” Organizations have been slow to
adopt risk-based incentives as part of compensation. Only 12% of respondents said their organization aligns
risk management with executive pay. Of those that do, some said their company had established compensation assessment periods sufficiently long to ensure that sustainable shareholder value is being created, while
others said their organization adds clawback provisions to bonuses in case of underperformance.
Incentives work best when the organization can attract and retain staff with risk management capabilities. However, risk accountability is everyone’s responsibility, so it’s essential to provide risk training
across business and functional areas, Conrad said. That hands a strong role to human resources.
“HR sometimes is one of the biggest risks,” said Walker. “One of the things I hear from boards, after we
identify our risks—especially the big ones—is, ‘Do we have the talent in place to help manage that risk?’ If
they are going into a new country or a new product, or competing in an area where they haven’t competed
before, do they have the right executive-level talent to manage that risk? And that’s, I think, a critical
question going forward.”
“We also have a lot of awareness activities that are driven by HR. One week will be business continuity
management, or internal audit week. And so this awareness keeps risk front and foremost on people’s
minds, whether through communication or learning development.” HR can also play a part in communicating and educating about risk. “Often,” said Conrad, “the learning development function is in HR. For
example, at Zurich we make available different courses about risk on our intranet.”
Focusing on Reputation and IT Risk
“Risk to the corporate or brand reputation is likely to become a larger concern for companies—a concern
that will have to be addressed directly by senior management,” Conrad said. “Trust in CEOs is at record
6
| A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
9. low levels,” she noted. “Pursuing an enterprise-wide risk management agenda is one way that top executives can counteract this image problem,” she argued—“being careful to lead risk management all the way
down, from their level into the ranks of the company.”
“Top management also needs to take a direct hand in controlling major enterprise exposure such as the
closely related area of IT risk,” Conrad said. “Today, you know that every person in the organization has,
potentially, a laptop or access to the Internet,” she noted. “So every employee needs to be made aware
that he or she has a role to play in managing risk that could impact the company’s overall reputation.
Obviously, this is exacerbated by media coverage and social media. Leadership has a role in driving that
accountability and that understanding that each person has a role to play. Hopefully, that minimizes
work-arounds by people avoiding risk management—because it’s seen as a positive contribution to the
company’s profits.”
Indeed, survey responses suggest strongly that brand, reputation, and related risks are becoming more
significant concerns. A full 42% of respondents cited brand/reputation risk as an area of concern, while
slightly less than half (44%) mentioned IT/data privacy and technology (40%), underscoring organizations’ concerns about their exposure both to cyber risks and to potentially damaging communication on
the Internet and social media. Figure 4
Figure 4
Level of Concern Over Areas of Risk
QUESTION: PLEASE RATE YOUR LEVEL OF CONCERN ABOUT EACH OF THE FOLLOWING AREAS OF RISK.
Percentage indicating some level of concern by rating 7, 8, 9 or 10, where 10=extremely concerned
63%
Strategic
55%
Financial
IT/data privacy
44%
Legal and regulatory compliance
44%
Brand/reputation
42%
Market/competitive
42%
Technology
41%
37%
Systemic
35%
Political/geopolitical
33%
Workforce
Natural disasters
Terrorism/violence
20%
10%
LEADERSHIP IN RISK MANAGEMENT | 7
10. Forecasting and Mitigating Risk
“One of the advantages of creating a risk committee,” said Willaert, is that “it’s much easier to have
extended discussions in respect to risk appetite, risk tolerance. Then you can come with a proposal to the
board, and it’s much easier to make decisions on the basis of the complete facts.”
At nearly half (47%) of companies, the C-suite has developed a process for determining the organization’s
risk appetite, and, of these, over half (59%) say this is clearly communicated to all levels of the organization.
Systemic risk management tools and analytics that enable companies to track and analyze risk and then
inform risk committee discussions are becoming more commonplace. More than half (56%) of survey
respondents said their organization has increased its use of analytics for risk management in the past
three years. Among the tools most often cited are risk “heat maps” (41%), key risk indicator scorecards
(36%), maps to identify risks inherent in the organization’s strategy (30%), scenario analysis and war-gaming (25%), loss forecasting (25%), and loss simulation (24%).
At Zurich, for example, a heat map is created each month, circulated to the business and functional owners of risk, and then reported up to senior management once a month and to the board once a quarter.
But while “models should drive decision-making, they should not make up our minds for us,” Conrad
cautioned, “so we use these tools to inform our decisions rather than to actually draw a line in the sand.”
Walker, too, warned against overreliance on data tools. “A common mistake I see is that people generate
a risk map or a risk profile or a risk register, and then they go back and categorize certain things as strategic risks as opposed to financial or IT risks. That doesn’t really mean that you’ve identified strategic
risk. Labeling some of the risk you’ve identified as strategic is not the same as doing serious strategic risk
identification.”
What’s most important, said Conrad, is that appropriate metrics are set at the appropriate level of the
organization: “KPIs are set depending on what objective we’re trying to meet. They may be set by the
executive level if they’re longer term, or they may be set at the individual business or product level. Each
group will have different types of KPIs, depending on what they’re measuring. This is where you start to
dig a little bit deeper in assigning those key risk indicators that can drive your success or failure.”
ZURICH CASE STUDY
Over the past five years, Zurich’s operational risk capital efficiency has improved through a strengthening of its
ERM process, which includes the introduction of an operational risk management framework. This framework
provides Zurich with risk management tools to specifically identify, assess, manage, and quantify operational
risks. Through this framework and the wider ERM process, Zurich increases its ability to achieve efficiency and
effectiveness gains. This allows Zurich to better focus on optimizing company resources and in turn decide what
opportunities to fund.
For example, one business unit experienced a reduction of 21.7% in operational risk-based capital consumption
when Zurich moved from an asset-based approach to its current, risk-based approach for operational risk
quantification. The business unit management then identified areas of high-risk exposure, performed a deeper
assessment, and developed measures to mitigate the exposures. As a result, in the following year the unit
experienced an additional reduction of 28.9% in operational risk capital consumption. The operational risk
capital not consumed was then available to fund profitable growth for Zurich.
8
| A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
11. WHO PARTICIPATED IN THE SURVEY
All but three of the 217 respondents to the survey (98%)
work for organizations based in Europe. Over half—53%—of
respondents said they are involved in decision-making regarding
risk management for their organization, while another 22% are
responsible for making decisions regarding the entire range
of risk management within their organization. Sixty percent of
respondents are either CROs or risk managers—by far the largest
category in the survey. Twelve percent are top corporate officials:
board members, owners/partners, CEOs or other chief executives,
CFOs, treasurers, and comptrollers. Seventy percent work for
companies employing 1,000 or more people, and 34% work for
companies employing more than 10,000 people.
12. FOR MORE INFORMATION ON
HARVARD BUSINESS REVIEW ANALYTIC SERVICES:
hbr.org/hbr-analytic-services