Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Governance in Enterprise Risk Management
Presented by Michael Lawrence
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Governance in Enterprise Risk Management
Presented by Michael Lawrence
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
This presentation focuses on the principles and practicalities of establishing a working risk appetite statement supported by risk limits and tolerances.
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
A good risk appetite implementation process leverages existing practices, represents the aggregate view of risk across all lines of business and risk categories, and creates a dynamic structure that allows for internal and external changes in risk. Learn more about the 10 aspects of a robust and evolving risk appetite framework in this excerpt from the Credit Risk Management Audio Conference Series.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
This presentation focuses on the principles and practicalities of establishing a working risk appetite statement supported by risk limits and tolerances.
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS - Firm-wide Risk Control & Methodology) voor het Zanders Risicomanagement Seminar 1 november 2012
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
In this presentation, Norman Marks and Richard Anderson discuss two related topics. The first is the relationship between the strategies set by the organization, its governance, and risks to its objectives. Their conversation addresses:
• How does a senior executive or board member gauge the effect of risk on corporate objectives?
• Is it enough to review a list of top risks at every board meeting?
• How does the board know whether risk management is adding value?
• How do you measure success?
• Where do reward and opportunity factor in?
The second topic is one that is heavily debated among practitioners, whether the concepts of risk appetite and tolerance can be applied effectively in practice. Areas they cover include:
• What is risk appetite? What is risk tolerance?
• Is it a useful concept or an overly complicated piece of mumbo jumbo?
• How can you help the board and top management set desired levels of risk and also help decision-makers take the right level of the right risks?
• Does it make sense to be “risk averse”?
A good risk appetite implementation process leverages existing practices, represents the aggregate view of risk across all lines of business and risk categories, and creates a dynamic structure that allows for internal and external changes in risk. Learn more about the 10 aspects of a robust and evolving risk appetite framework in this excerpt from the Credit Risk Management Audio Conference Series.
Occupational health and safety risk leverages the uncertain of the consequence based on probability of occurrence. There are several essential parts including risk pre-appraisal and appraisal, risk communication, risk assessment, and finally risk management. Understanding each component helps push the management agenda forward toward improving human performance, profitability and prosperity. This agenda can be sustainable over time if there's a vertical up and down relationship in the commitment, development, implementation, and enforcement of established policy, written program, and standard operating procedures. A platform with GRI metrics can be used to evaluate outcomes based on strategic goals.
Cathy Hauslein - Susser Holdings, Speaker at the marcus evans CFO Summit Fall 2011 in Las Vegas, NV, delivered her presentation entitled Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appetite
1. Learn about the evolving role of the chief risk officer (CRO) both before and during the current global economic crisis.
2. Develop an understanding of the complementary aspects of the CRO and chief audit executive (CAE) roles, as well as the potential conflicts to avoid.
3. Discover strategies and critical success factors for an effective CRO and CAE partnership.
3. Rethinking enterprise
risk management (ERM)
Today’s business leaders understand the importance of risk management
– but they still struggle to identify strategies to make it more effective
and efficient. Do you know if your risk management practices provide a
competitive advantage, given the size and complexity of your organization?
Do you know if your ERM framework is aligned with leading standards? As
a member of the board or the executive management team, what comfort
level do you have around your organization’s risk management activities?
Will your risk management program pass muster during regulators’ and
rating agencies’ examinations? Have you done a risk health check to both
understand your current ERM capabilities and consider next steps in the
risk intelligence journey? Asking questions like these, and finding effective
answers, is critical to developing the “right” risk management capabilities.
1
4. ERM in a risk intelligent enterprise
Risk Intelligence (RI), Deloitte’s risk management philosophy, focuses on maintaining
the right balance between risk and reward. Simply put, organizations create value
by taking risks and lose value by failing to manage them. Before considering risk
intelligence, however, it is important to understand what enterprise risk management,
or ERM, is all about. ERM is the development of a strategic, systematic and illustrative
risk management capability across an organization. It includes exercising effective risk
governance, establishing customized risk management infrastructure and implementing
robust risk management processes. ERM helps organizations achieve strategies and
objectives for both value preservation and value creation. Deloitte calls organizations
with this advanced risk management capability risk intelligent enterprises.
The risk intelligent enterprise understands that calculated risk-taking is essential to
value creation. It does not strive to eliminate risk or even necessarily to minimize it –
which marks a critical departure from the traditional view of risk as something to avoid.
The risk intelligent enterprise seeks instead to manage risk exposures so that it incurs
just enough of the right kinds of risk – no more, no less – to effectively pursue
its strategic goals.
The risk intelligent enterprise
understands that calculated risk-taking
is essential to value creation
2
5. To keep risk exposures and business strategy aligned, a risk intelligent enterprise must
coordinate across the following three levels of risk management:
Risk intelligent enterprise
Risk
governance
Tone at the top
Stakeholder Strategy &
Risk appetite
expectations performance
Risk management enablers
Framework & Culture & Information &
Policies methodology capabilities reporting Technology
Risk management processes
Risk Risk Risk Risk Escalation &
identification measurement assessment response monitoring
Integration with the business
• Risk governance is led by the board of directors and includes setting the tone
at the top, aligning stakeholder expectations, approving the risk appetite and
integrating risk management with strategy and performance goals.
• Risk management enablers are put in place by executive management and
include the development of policies, frameworks and methodologies, culture and
capabilities, information, reporting and supporting technology.
• Risk management processes are led by the business units and functions and
include the identification, measurement, assessment, escalation and monitoring
of specific risks, as well as risk response.
3
6. Why understand your ERM capabilities?
Most organizations already have a multitude of ERM practices and processes to address
risks in particular organizational areas – functional risks, business unit-specific risks,
compliance risks and so on. While this may address targeted risks effectively, the lack
of a mature ERM capability can expose risk management gaps and redundancies, and
prevent sufficient insight into key risk interdependencies.
Organizations typically exhibit varying levels of ERM maturity. To assess this level
for individual organizations, Deloitte has developed the ERM maturity model and
the ERM diagnostic which are consistent with concepts embodied in the ISO 31000
International Standard on risk management.
The maturity model helps organizations understand their current RI situation and
identify steps they can take to improve it. As organizations progress along the
maturity curve, their risk management activities become steadily more integrated and
coordinated. Risk becomes a strategic concern, embedded into leadership’s planning
processes and the organization’s day-to-day business activities.
Thanks to this functionality, the maturity model can help you answer the
following questions:
• How capably can the organization manage its risk profile right now?
• How capable does it need to be?
• How can it achieve its desired state? By when?
• How can it leverage existing ERM practices?
4
7. How the ERM diagnostic can help
The results of the ERM diagnostic can help you:
• Determine your organization’s current risk management capabilities in the context
of relevant leading risk management practices
• Identify and define target risk management capability levels over time
• Identify key risk and opportunity areas where improved risk management practices
can provide competitive benefits
• Clarify and prioritize specific project and change management plans
• Understand the relative alignment between key stakeholders’ assessments of the
organization’s risk management capabilities
• Facilitate more specific conversations with boards, executives and risk owners
Summary of comparison of an organization’s current and desired maturity levels with representative attributes by maturity level
Desired state
Stakeholder value
Interim state
Current state
Initial
Stages of ERM capability maturity
Initial Fragmented Comprehensive Integrated Strategic
• Ad hoc/chaotic • Risk is defined differently • Risk universe is identified • Risk management • Risk discussion is
• Enterprise takes at different levels and in • Common risk activities coordinated embedded in strategic
minimal risks into different parts of the assessment/response across business areas planning, capital/resource
consideration for organization approach developed and • Risk analysis tools allocation, product
determining the • Risk is managed in silos adopted developed and development, vendor
vulnerability to risks • Limited focus on the • Organization-wide risk communicated selection, etc.
• No formal procedures linkage between risks assessment performed, • Enterprise risk • Early warning system to
for risk assessment • Limited alignment of risk action plans implemented monitoring, measuring, notify the risks above
to strategies in response to high and reporting established threshold to
• Disparate monitoring priority risks • Scenario planning board and management
and reporting functions • Communication of top • Opportunity risks • Linkage to performance
strategic risks to the identified and exploited measures and incentives
senior management team • On-going risk assessment • Risk modeling
processes
5
8. Before gaining the ability to reap these rewards, however, your organization must
determine its risk management capabilities. A good way to begin is by answering
some of the following questions:
Risk governance
• Do the board of directors, board and management committees have charters
that explicitly include their risk management roles and responsibilities?
• Have you clearly defined and communicated your ERM philosophy, vision and risk
management strategy and made it understood throughout the organization?
• Have you defined a framework for clarifying the organization’s attitude to
risk taking?
• Does strategic planning consider risk appetite, risk assessment results and
scenario analyses?
Risk management enablers
• Does a process exist to “operationalize” risk management policies in
communications, training, monitoring and reporting?
• Is a customized risk framework and risk management methodology in place
to support the organization’s objectives and activities, to meet stakeholder
requirements and to facilitate compliance with regulations and standards?
• Are risk management competencies assessed across the organization and training
programs tailored to address needs?
• Do systems exist to integrate risk management activities efficiently?
Risk ownership
• Do risk measurement processes exist to integrate and aggregate data in support
of critical decision-making?
• Have you identified risk interdependencies to better understand the cumulative
effect of interrelated risk exposures?
• Have you developed an integrated first response/recovery plan and tested for all
major risks?
6
9. The Deloitte difference – head and shoulders
above the competition
Deloitte has been rated by leading independent research firms as the leader in
end-to-end risk management services. This external recognition affirms what many
Deloitte clients have experienced and know – that we offer a distinct advantage
as follows:
Deloitte difference Which means
Market leadership Our enterprise risk practice is a market By understanding your challenges
leader with substantial credentials. and needs, we bring you insightful
perspectives combined with practical
recommendations. We help you
successfully implement customized ERM
solutions and benefit from the advanced
thinking of our top professionals.
Industry and We have a strong, dedicated and We leverage our industry
ERM experience highly skilled team of ERM specialists, knowledge, bringing hands-on
with significant, in-depth industry experience and demonstrated
experience. competence to ERM evaluation.
Methodology and tools We have a proven, flexible global We offer innovative approaches and
methodology and toolkit that is toolkits that can improve the efficiency
aligned with industry standards. and effectiveness of your ERM program.
Knowledge sharing/ We combine a collaborative approach We can enhance risk management skills,
knowledge transfer with a commitment to sharing leading knowledge and capabilities to sustain risk
ERM practices. management within your organization.
To learn more, contact your Deloitte
practitioner for the latest analyst rating.
7
10. Contacts
To find out how Deloitte can help service organizations prepare for,
and benefit from, these changes, please contact:
National ERM Leader
Susan Hwang
416-601-6653
suhwang@deloitte.ca
Alberta Manitoba
Steen Skorstengaard David Sachvie
403-503-1351 204-944-3623
sskorstengaard@deloitte.ca dsachvie@deloitte.ca
Atlantic National Capital Region
Rob Carruthers Keith Davis
902-721-5645 613-751-5308
rcarruthers@deloitte.ca keidavis@deloitte.ca
Greater Montreal Area Quebec & Regions
Pierre Gignac Sylvian Metivier
514-393-5251 418-624-5382
pgignac@deloitte.ca smetivier@deloitte.ca
Greater Toronto Area Saskatchewan
Susan Hwang Karen O’Brien
416-601-6653 306-565-5208
suhwang@deloitte.ca kaobrien@deloitte.ca
Greater Vancouver Area South West Ontario
Jeff Erdman Simon O’Keefe
604-640-3254 905-315-6763
jerdman@deloitte.ca sokeefe@deloitte.ca
8