SlideShare une entreprise Scribd logo

03 25 franklin

Télécharger en tant que PPT, PDF
P
pranita12singh
BusinessÉconomie & finance
1  sur  85
Enterprise Risk Management: Practical Implementation Barry Franklin Group Managing Director, Americas Aon Global Risk Consulting November 2007
Discussion Topics  Preliminaries  Defining ERM  ERM drivers  Recent survey results  Defining “Risk”  Balancing diverse views - consistent framework  A value-driven approach to ERM  Implementation challenges  Case studies
What is ERM? ERM is the process by which companies identify, measure, manage, and disclose all key risks to increase value to primary stakeholders while satisfying other stakeholders.
What is ERM? Process: • A systematic and sustained business process Measure: • Consistent metrics adopted in an integrated manner across the organization Manage: • Focused on enabling management decision making and enabling exploitation of business opportunities Disclose: • Enabler of meaningful and transparent disclosure to key stakeholders Holistic: • Integrated approach to Financial, Operational, Strategic and Regulatory risks Material risks: • Analyzing & quantifying the organization's significant risks Value: • Balanced perspective on uncertainty, managing threats and capturing opportunities Stakeholders: • Focused on delivering the organization's key stakeholder needs and expectations
Related Risk Management Processes • Enterprise Risk Management (ERM) is often identified with Strategic Risk Management (SRM) or Governance, Risk and Compliance (GRC). Common elements are: • Process applied consistently across company • Driven from the top of the organization • Takes a proactive, forward-looking view • Considers both risks and rewards • Integrates risk management into business process • Assigns clear risk ownership
Driving Forces Behind ERM Enron Corporate WorldCom Disasters Adelphia Banks Mutual Funds Asset Managers Energy Firms Corporations Best Enterprise Regulatory Practices Risk Actions Management S.E.C. Sarbanes-Oxley Basel II Treadway Report, US Industry Turnbull Report, UK Initiatives Dey Report, Canada
Executive Research Key Findings • Most companies are making some progress • Greater board and CEO involvement • More awareness across organizations • Faster adoption outside of North America • Few companies have progressed to “advanced” level • Slower progress than originally expected
Key Drivers Corporate Governance Requirements Understand Hard to Quantify Risks Regulatory Pressures Board Request 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
Key Objectives 2006 • Ensure risk considered in decision making 83% • Avoid surprises 85% • Integrate risk management into corporate processes 70% • Align risk exposures & mitigation 65% • Use risk management as competitive tool 36% Source: The Conference Board
Integration into Business Processes 75.0% Rest of the World 75.0% 53.8% UK/Europe 65.9% 71.2% United States/Canada 39.8% 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
Building the Process Business Risk Inventory Mission Statement Regular Risk Assessment Common Risk Languange 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
Building the Process Root Cause Analysis Individual Risk Ow nership Regulaar Board Reports Tolerances 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
Risk Management Integration Internal Audit Strategic Planning New Product Development Product Pricing 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 2004 2006 Source: The Conference Board
Greatest Benefits Better Informed Decisions Management Consensus Articulate Risk Taking Governance 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
Key Risks - Americas • Damage to reputation • Business interruption • Third party liability • Distribution or supply chain failure • Market environment • Regulatory/legislative changes • Failure to attract or retain staff • Technology failure • Failure of disaster recovery plan • Loss of data Source: 2007 Aon Global Risk Management Survey
Level of Preparedness % with written plan in place or have undertaken a formal review of this risk Damage to Reputation 48% Business interruption 70% Third party liability 75% Distribution or supply chain failure 63% Market environment 35% Regulatory/legislative changes 41% Failure to attract or retain staff 55% Market risk 56% Physical damage 77% Merger/acquisition/restructuring 69% Failure of disaster recovery plan 65% Source: 2007 Aon Global Risk Management Survey
Business Activity Priorities Current Priority Priority Ranking – Business Activities Ranking Next 2 years Risk identification, quantification and analysis 1 1 Regulatory compliance and reporting 2 3 Loss control / prevention 3 4 Managing risk on an enterprise-wide basis 4 2 Risk communication – internally with management and operations 5 5 Emergency / contingency planning 6 6 Insurance buying 7 9 Risk financing 8 7 Claims management 9 8 Risk communication – externally with business partners 10 10 Source: 2007 Aon Global Risk Management Survey
Responding to Changing Risks 11% 23% 8% External service/ advisor 32% 29% Benchmarking 46% Quantitative analysis Management intuition and experience 22% 42% 29% 19% Identify major risks Assess probability and Determine limits for impact insurance Source: 2007 Aon Global Risk Management Survey
Identification of Major Risks 5% 11% 14% 4% 13% 8% 7% Other 19% 18% External service provider/ 32% 55% advisor Business Unit registers or key 45% risk indicator w orksheets Senior management intuition 55% and experience 42% 23% Board w orkshops or scenario 19% planning 7% 12% 5% 3% All The Americas Europe Asia/Pacific Source: 2007 Aon Global Risk Management Survey
What is Risk? • Risk can be defined as the potential harm that may arise from some present process or from some future event. • In everyday usage, "risk" is often used synonymously with "probability", but in professional risk assessments, risk combines the probability of a negative event occurring with how harmful that event would be. • Risk can also be viewed as “volatility from expected.” This definition captures both the upside and downside of risk.
What is Risk? Financial • Includes the fluctuating cost of fuel, interest rates and access to capital Human Capital • A growing area of exposure in today’s labor market including employee selection, retention and turnover, absenteeism, compensation and labor relations Legal / Regulatory • Incorporates liabilities for employment, defamation and other allegations, including regulatory change and governance requirements
What is Risk? Operational • Includes day-to-day business challenges across all functional platforms, including the strive for efficiency, optimal use of outsourcing and business continuity Strategic • Includes organizational planning, such as the strategic response to changing customer preferences, competition, reputation/brand, innovation, etc. Technology • Includes system failure, network liability, internet
Public Company – View of ERM • A strategic mechanism for effective risk identification and containment • Ensures that business objectives are balanced with: • Corporate governance initiatives • Risk mitigation initiatives • Enhanced and timely business decisions • Enhanced profitability • Long-term growth • Goal to maximize shareholder value for the enterprise as a whole • Greatly influenced by Sarbanes-Oxley and SEC in the U.S.
Private Company – View of ERM • Short Term: • Drives structured and disciplined approach to risk management: • Provides methodology for measuring business risks • Increases awareness of risks and potential risks • Long Term: • Ability to aggregate risks and benefit from enterprise effects • Better capital allocation and competitive position • More effective strategic and operational planning • Ensures execution of the Core Competency
Balancing Diverse Interests Value Creation Performance Growth Returns • Bus. Units • Shareholders • Managers • Investors External • Partners Internal Enterprise ERM Goals & ERM Objectives Governance Capital • Controls • Debtholders • Compliance • Agencies Financial Strength • Regulators Conformance
COSO – A Starting Point for ERM The COSO ERM Framework Consists of 8 Interrelated Components and 4 Objectives Elements of ERM as outlined in the framework: • Is a process • Is effected by people • Is applied in strategy setting • Is applied across the enterprise • Is designed to identify potential events • Manages risks within risk appetite • Provides “reasonable assurance” • Supports achievement of key objectives Source: COSO ERM Framework
Using a Value-Driven Approach Start with a skilled assessment of your business and ERM needs to ensure that the approach and outcomes are well matched to your needs Evaluate Risk Process Risk Identification ERM management & Prioritization ERM process Governance, Culture and Disclosure Growth Profitability ERM outcome - value Risk Quantification Continuity Risk Management Implementation Risk Response Solution
Evaluate Risk Process Activities Deliverables Gather information on current status  Current state risk score card Develop scorecard ranking current program vs. leading practice  Risk maturity benchmark Develop future vision for ERM program  Key ERM goals & objectives Develop gap analysis using scorecard format and identify quick-hits  ERM performance plan Conduct executive workshop  Alignment on ERM framework / plan
Current State Assessment Initial Established Uniform Managed Optimizing Risk Opportunity
Current State Assessment • Risk management is becoming more complex • Most companies have a wide-range of risk management activities underway  ERM  Sarbanes-Oxley  Compliance  Operations  Risk committees • Unfortunately, many companies lack a coherent vision for risk management • Senior management and board members often have differing views of what information they would like to see from risk management • Rating agencies are assessing risk management quality as part of their overall rating process – S&P, Fitch
Risk Maturity Benchmarking Sample Risk Maturity Benchmark C A P A B IL IT IE S RE S UL T S M easu res R I S K M A N A G E DS K E N A B L E D R isk R i sk S tr a te g y P e o p le P a r tn e r sh i p s P ro c e sse s R isk H a n d lin g O u tc o m e s L e a d e rsh ip & P o lic ie s F u lly e m b e d d e d L E V E L 5 (= in d a y - t o - d a y Ex c e l l e n t c a pa bi l ity b u s in e s s e s ta bli s h e d) p ro ce sse s an d s tr a te g ie s . R I In t e g r a t e d a p p ro a c h e s to L E V E L 4 (= m a n a g in g r is k Em be dde d a n d are i m p r o vi n g ) im p le m e n t e d acro ss b o u n d a r ie s . F o rm al R IS K D E F IN E D L E V E L 3 (= a p p ro a c h e s to Im p l e m e n t a t i o n m a n a g in g r is k c o m pl e te d i n k e y in p la c e a n d ar eas ) w id e ly im p le m e n t e d . F o rm al a p p ro a c h e s to L E V E L 2 (= m a n a g in g r is k Im p l e m e n t a t i o n in p la c e a n d P la n n e d) p a r t ia lly im p le m e n t e d . R IS K A W A R E L E V E L 1 (= Aw are n e ss o f A war en es s / n e e d b u t lit t le U n de r s ta n di n g ) a c tio n . D o s e n io r m a n a g e rs s u p p o rt a n d p ro m o t e ris k P ro c e s s D o t h e o r g a n i s a t i o n 's p r o c e s s e s i n c o r p o r a t e L e a d e r s h ip m a n a g e m e n t? e ffe c t i v e r i s k m a n a g e m e n t ? es R is k R is k
Maturity: Building Risk Capabilities Systematically Build and Improve Risk Management Capabilities Organization focused Risks on RM as a Policies, measured, source of processes managed and competitive Process aggregated established and practices advantage Capabilities defined and on an and and enterprise- are repeating: formalized continuous characteristic across the wide basis improvement reliance on of individuals, people is organization not of the reduced organization Initial Established Uniform Managed Optimizing RISK OPPORTUNITY
Risk Identification & Prioritization Activities Deliverables Risk categorization and scoring criteria  Risk hierarchy and criteria Conduct interviews / surveys  Internal risk identification Benchmark client’s public risk factors  External risk identification Consolidation and aggregation of identified risks  Risk register Conduct risk workshop  Prioritized risk map
Calibrate Definitions and Criteria Risk Categorization and Scoring Criteria
Prioritized Risk Map
Risk Quantification Activities Deliverables Develop risk scenarios and correlations  Risk scenarios Modeling key risks  Individual risk quantification and prioritization Aggregate impact of key risk on company’s Calculate aggregate risk exposures  value and financial performance
Risk Quantification / Valuation Step 1 Step 2 Step 3 Develop Risk Develop Baseline Run Model to Scenarios Valuation Model Quantify Risks  Conduct  Build baseline  Aggregate risks interviews with valuation model;  Shock model for risk experts project financials each consistent with  Develop risk risk/scenario strategic plan scenarios and  Quantify impact associated  Adapt model to to value and financial impact dynamically other key metrics accommodate  Gather existing risks/scenarios,  Provide basis for facts / historical value drivers and decision-making data points key metrics
Defining Value – One View ERM Value Propositions Improved resource allocation Keeping resources focused on Enhanced risk corporate governance those activities that matter most Increased operational efficiency to the organization Common and deep knowledge of critical business and Greater transparency of risk organizational risks Possible reduction in earnings volatility Structured process to allocate capital based on those Optimized capital allocation businesses that are the most Improved regulatory standing risky to the organization Everyone in the organization Enhanced risk reporting has the ability to define, treat, Consistent framework for risk and manage risk in a Provide confidence that risks are homogeneous fashion Improved compliance being identified and managed in a constructive fashion
Defining Value – Alternate View Risk Adjusted Income Statement 2008 2009 2010 REVENUE Sales 642,100 670,965 701,292 Other Operating Revenue 14,482 14,626 14,773 Total Revenue 656,582 685,591 Aggregate Loss Distribution 716,065 OPERATING EXPENSES 0.07 0.06 Salaries, Wages and Benefits 310,667 323,093 0.05 336,017 Supplies and Services 289,850 309,593 0.04 330,750 0.03 Total Operating Expenses 600,517 632,686 0.02 666,767 0.01 0 (LOSS) INCOME FROM OPERATIONS 56,065 52,906 0 5 10 15 49,298 20 25 30 35 40 45 OTHER INCOME (EXPENSE) Interest and Dividends 28,419 28,704 28,991 Competing Mitigation Strategies Current State Risk Exposure (16,000) (17,326) 20% (15,683) Mitigation Costs (2,784) (2,812) 18% 16% (2,840) Mitigation Impact on Current State Risk 14,326 16,532 14% 12% 12,031 Total Other Income (Expense) 23,961 25,098 10% 8% 22,499 6% 4% NET PRETAX INCOME 80,026 78,003 2% 0% 71,796 -6 -4 -2 0 2 4 6 8 10 12 14 16
Value-centric ERM framework Risk Management Tactics Strategy Risk Appetite Determine Scenario Portfolio Development ERM Committee Effect Consensus Meeting Surveys Enterprise ERM Risk Exposure All Key Model Risks Risks (∆Value) Value Individual Risk Risk Identification Quantification & Ranking Process Key: Risk Quantification Risk Management
Sample Output (partial data) Risk Distribution Report Key Risks Rank by Value Impact of Worst Case Scenario Risk: IT External Attack (Risk #4) Risk Scenario Likelihood Value Risk 11 1-in-30 year Risk 1 Worst Case -7.5% event Risk 8 Risk 7 Risk 4 1-in-10 year Pessimistic -2.4% Risk 9 event Risk 12 Risk 10 Risk 15 Best Estimate Most Likely --- Risk 6 Risk 13 Risk 3 1-in-15 year Optimistic 0.1% Risk 5 event Risk 14 Risk 2 1-in-50 year Best Case 0.2% 0.0% -5.0% -10.0% -15.0% -20.0% event
Risk Response Solution Activities Deliverables Determine risk tolerance  Defined risk tolerance Identify risk response solution options  Risk response solutions Evaluate and select risk response solution  Risk response business case
Risk Appetite - One View Impact of $100 Financial Buffer FY07 Metrics FY07E Defined Goal million, pre - tax (RBC) losses on metric EPS Growth 25.0% 22.5% - 260 bps $60 (from 2006) Free Cash $1,883 $1,400 - $53 million $750 Flow Operating 40.1% 40.5% - 81 bps $0 Margin Threshold is Cash/ Months not expected to Operating 8.9 12.0 - 0.11 months be achieved in Expense FY07 Total Debt/CFO 73.6 Not Available +155 bps Not Available $ in millions Sources: 2007 budget, metric & threshold input
Risk Appetite - Alternate View Value Enterprise Risk Exposure Target for Current State Future State Event Probability Probability Is the ERM Committee Rev Growth comfortable with the 10% decrease in 15% ? current state? If not, value Achieving strategic what do they want it to 35% ? be? The answers result plan goals in tolerance thresholds eps Growth 5% increase in eps 5% ? collectively called Risk Appetite. Other
Risk Response Solution Risk Response Strategies Terminate Mitigate Transfer Exploit Tolerate Exit Risk Preventative Financing Solutions Explore the Make a Area upside of risk conscience by taking new decision to Corrective opportunities tolerate the risk Insurance Directive Capital Markets Detective Contractual Transfer Hybrid
Evaluating Solutions Increase in Likelihood of Meeting Risk Appetite Current Mitigation Total Cost of Risk Mitigation Option Being Considered 85% Risk Tolerance 95% Increased Mitigation Cost 0% 99.9% Cumulative Probability
Evaluating Solutions Management selects ERM actions that move enterprise risk exposure towards risk appetite, for example: Risk Exposure Pre-Mitigation Value Risk Exposure Post-Mitigation Value
Risk Management Implementation Activities Deliverables Develop risk response plan  Risk management project plan Obtain support of risk management leaders  Project governance structure Develop teams and tools  Resource allocation, communication and training Implement projects  Program management Define metrics and implement monitoring tools  Risk platform and scorecards
Risk Management Implementation ERM Multi-Year Project Plan 2007 2008 2009 Define Risk Strategy Comprehensive Risk Mapping Develop Cost of Risk Model Technology implementation Establish Risk Appetite Risk Modeling Expanded Risk Assessment Evaluate Data Strategy Captive Optimization Portfolio Risk Modeling Develop Risk Profiling Legacy Claim Projects Legacy Claim Evaluation Global Optimization Captive Strategy M & A Process Evaluation
ERM Enabling Technologies There are a lot of technologies related to risk in general and ERM – Use a selection process as with any tool/technology • Analysis: RFI/RFP • Vendor discussions and “Bake-off” with prototype • Design: Purchase on trial basis • Full deployment
ERM Dashboard Applications
ERM Monitoring and Reporting
Dashboards & Governance Drives Accountability Facilitates “Dashboard” Reporting Automates Tracking of Key Risk Indicators
Governance, Culture and Disclosure Key Activities Client Deliverables Develop detailed ERM frameworks and governance  Policies, manuals, committees, roles and accountabilities Develop internal risk communication and awareness program  Rollout of communication and awareness program Develop external communication strategy  Enhanced communication with rating agencies, equity analysts and regulators Monitor risk performance against defined metrics  Reporting on KPI’s Develop continuous improvement process  Improvement processes and accountabilities
Governance, Culture and Disclosure ERM Framework and Governance Board of Directors Executive Committee Chief Risk COO CFO CIO CLO Officer ERM Function Business Division Unit A A Functional, Business support and Division Unit B Shared services B Business Division Unit C C Risk Management Internal Audit Compliance
Governance: Partnership is Key Board • Set Policy • Approve Risk Strategy • Enforce Correction • Provide Tone from the Top Audit Committee • Establish Policy • Propose Risk Strategy • Measure / Monitor • Report to Board on Key Matters ERM Working Group* • Monitor • Facilitate • Coordinate • Benchmark • Educate • Report Compliance/Ethics Internal Audit Business/Functional Risk Owners • Provide Assurance • Identify Risk • Manage Risk • Act as Functional Risk Owner • Conduct Risk-Based • Measure Risk • Report & • Manage Legal Risks Audits • Prioritize Risk Improve • Foster an Ethical Environment *possibly chaired by CRO
Governance, Culture and Disclosure ERM Project Plan e.g. ERM Manual Client ABC Client ABC Client ABC
External Risk Disclosure Analysis Annual 10-K reports are a primary risk information source for investors and the public. • How was this list developed? • How was the order of the risks determined? • Were the impacts of these risks quantified? • How will investors react if an unmentioned risk results in significant loss of market value? • How does your list compare to your competitors?
Comparative Analysis • A comprehensive ERM program can ensure that the10-K risk factor list is complete and in appropriate order. • Review the risks listed in the 10-K report – Is anything missing? – Are the risks listed in an order that is representative of their impacts? – Have these risks been quantified? How would investors or regulators react if an unmentioned risk results in significant loss of value?
Analyzing Competitors’ Disclosures Regular review of competitors’ risk disclosures is vital to: • Ensure that your risk disclosure is complete • Keep tabs on changes in the industry environment
Comparing Risk Disclosures Description Consumer demand and acceptance of services offered by us Our ability to achieve and maintain acceptable cost levels Fare levels Actions by competitors Regulatory matters Strategic General economic conditions Review of Commodity prices Annual Reports / Changing business strategies Regulatory Single aircraft type Filings Changes to and costs of security procedures Green = Declared Cost and availability of aircraft insurance Red = Not Declared Terrorist attack Orange = Not Relevant International hostilities Ability to continue as a going concern Ability to operate pursuant to the terms of the DIP Financing Ability to obtain a federal loan guarantee from the ATSB
ERM – Commonly Cited Challenges • Inability to demonstrate immediate, quantifiable return on investment • Internal competition among business units • Cultural incompatibility • Limited technology / tools • Inadequate senior-level support
ERM - Critical Success Factors • Senior management support • Clearly defined vision • Regular and open communication among the team • Realistic expectations regarding timelines and deliverables • Sufficient resource allocation for implementation and follow-through • Linkage to organizational success factors, strategies and processes
ERM Potential Benefits Establish Sustainable Competitive • Integrate with business planning and value Advantage management processes • Avoid missing key risks and losing vital opportunities • Optimize balance between capital preservation and growth/profit-generation Manage Risk at a Lower Cost • Minimize risk averse behavior • Develop cost-effective risk strategies and solutions • Eliminate redundant or unnecessary risk controls Improve Business Performance • Support more informed/proactive risk management decisions aligned with business objectives/strategies • Link to enterprise performance, measurement and monitoring • Reduce volatility and prevent surprises
ERM Gap Analysis Phase I Phase II Phase III Phase IV Information Gathering Setting the Stage Executive Support Implementation • Conduct interviews / • Develop overall • Obtain support of • Deliver defined gather information risk management risk management projects vision leaders • Identify risk universe • Update progress • Create risk • Present overall toward overall • Define and develop management objectives and vision cost of risk data scorecard / Gap plan to senior • Measure • Conduct gap analysis analysis management performance • Identify key risk • Develop teams • Create linkage to projects / and tools next steps activities needed • Get moving to achieve risk • Build feedback management loop to ensure excellence continued progress toward goals • Understand cost / benefit of potential risk management strategies
Risk Management Vision • Risk management vision transcends the various projects and activities that comprise risk management within an organization • In order to define risk management vision, the company must resolve a series of key questions:  What are the goals of the company’s risk management efforts?  How does the company define risk management excellence?  What is the current state of risk management?  Where are the gaps?  What are the priorities?  How will success be measured? • In the end, risk management must deliver measurable impact on the company’s operating performance
Key Risk / Performance Indicators • What are the KRIs? • How do I get them? • How often do I get them? • What do I do with them? • Foundation understanding of: frequency, source and meaning
KRI’s - Example
Focus on Value Risk Management Tactics Strategy Risk Appetite Determine Scenario Portfolio Development ERM Committee Effect Consensus Meeting Surveys Enterprise ERM Risk Exposure All Key Model Risks Risks (∆Value) Value Individual Risk Risk Identification Quantification & Ranking Process Key: Risk Quantification Risk Management
Case Study #1: Fast Growing Company • Highly successful, profitable company • Recent patent litigation surprise created temporary cash and credit crunch • Audit committee wanted an overview of key risks facing the company • Risk committee was formed to coordinate the effort • Team conducted interviews with over 50 executives, supplemented by over 80 surveys
Project Objectives • Has the company identified all its critical risks ? • Does the company have effective controls for managing its critical risks? • Are the risks greater now than they were 12 - 24 months ago (earnings pressure, continued acquisitions and internal strategic initiatives)? • Are these risks within acceptable limits? • Is the right level of information reported to Senior Management and the Board?
Project Results • Provided information to senior management and the Audit Committee • Developed models for key risks based on potential impact on:  Revenue  EPS  Cash  Reputation • Examined current and potential risk mitigation opportunities, including risk transfer and self-funding • Created a framework for more effective decision-making regarding supply chain management, site selection and inventory management
Case Study # 2: Manufacturing Company • Company had a well-developed risk management process • Top risks for each of the business were routinely assessed and evaluated • Due to lack of internal data, limited effort had been made to quantify the potential impact of events • Recent supply chain problems had highlighted previous unmeasured vulnerabilities • Project team developed customized risk models for the top five risks of each business unit
Project Results • Delivered working risk models to each business unit • Risk models were used to develop “underwriting models” for potential risk transfer / mitigation solutions • Company expanded the use of existing captive insurance company and finite risk insurance arrangements to address key issues • Event risk maps helped uncover critical decision points that could substantially alter the overall risk exposure • Changes were made in supply contracts, inventory levels and contingent business interruption coverage as a result of the analysis
Case Study #3: Consumer Products • Fortune 100 consumer products company • Treasurer and Risk Manager had identified 17 key risks under their charge • Company wanted to develop a quantitative approach to better evaluate risk decisions • Solution: Risk modeling project to help evaluate the optimal risk strategy
Project Results • Project focused on the analysis of internal and external risk data • Creation of individual and portfolio risk models • Risk mitigation and transfer alternatives were tested using the models, resulting in significant changes • Company was able to demonstrate the value of additional risk retention and the use of internal funding (via a captive insurance subsidiary) • Risk finance and mitigation resources were reallocated to optimize the company’s risk management efforts
Case Study #4: Hospital • Medium-sized hospital looking to achieve excellence in health care by surpassing standards set in “The New American Hospital” and the Malcolm Baldrige National Quality Award • Key objective: conduct a comprehensive risk assessment • Project involved:  Interviews with key personnel (management, physicians and nurses)  Creation of a risk inventory  Benchmarking of current risk management approaches and quality of care against industry standards and best practices  Evaluation of current risk mitigation methods
Hospital ERM Project Results • Identified and prioritized key enterprise risks • Recommended improved approaches for risk management • Opportunities for improvement included:  Implementation of clinical best practices and rapid response teams to reduce cardiac complication rates  Diversification of services to counteract the impact of Medicare reform  Contingency planning around key physicians and sole- source service providers  Improvement of the contract oversight and document retention process to minimize legal liabilities
Case Study #5: Capital One Capital One signed an "informal memorandum of understanding" with bank regulators. More than a dozen class actions were filed charging the credit card issuer with securities fraud for misleading shareholders about its financial health and its compliance with bank regulations. Risk management capabilities designed and implemented across the organization. Capital One's stock plummeted by 39%, falling from a $50.60 per share close on July 16 to $30.48 per share by the close of July 17; a drop of roughly $4B in market July 2002, 8K filing: the company publicly value. commits to enhance its enterprise risk management and internal control environment.
ERM Process: Enhanced Future State Integrated into Operational Business Processes Improved Risk Predictability and Measurement Line of ERM Business Risk-Adjusted Decision Process Operations Making Risk Metrics Improved Business Performance
Suggestion: Adopt a Pilot Approach • Start small and grow big • Select a locale with engaged management and non- complex products or customers • Establish proof of the ERM concept – quicker benefits • Accomplish process objectives in a shorter timeframe • Learn from successes/mistakes to roll out the ERM process across the organization
Overview of a Pilot Review current company and Severity ($ millions) >100M H2 S1 Strategic Legend S1 – Partnering arrangements business objectives/risk High Impact Moderate Impact 50 O5 O1 O3 L1 S2 – Changing industry dynamics Ope rational O1 – New initiative integration/success management objectives; evaluate O2 O2 – Business continuity Low Impact 10 Partial / Full Mitigation No / Minimal H1 O4 O3 – Product quality O4 – Centralized distribution O5 – Hazard risk Establish risk management current risk management Mitigation 5 T2 T1 H3 S2 F2 Human Capital H1 – Succession planning H2 – Turnove r H3 – Human capital de velopment options, action plans, etc. infrastructure and capabilities 2 H2 F1 Legal/Regulatory L1 – Political pressure around drug affordability Te chnology T1 – Intellectual prope rty T2 – Information security Risk Definition Current State Financial 1 • Ability to safeguard proprietary knowledge from a security F1 – Currency fluctuations Information Technology breach which could damage financials, brand and reputation Severity F2 – Commodity prices – Network Security • Intentional, coordinated and/or hidden sabotage of systems, Level <5 10 25 50 75 software or processes by internal or external parties Frequency Current Metrics Risk Owner(s) • Number of viruses per month • Chief Technology Officer • Minutes of downtime per month • IT Department • Backup processes double checked weekly • Security Action Plans Risk Assessment Pilot Current: Recommended: Estimated Investment: • Up-to-date Anti-virus and • Intrusion detection and vulnerability • Additional IT staff personnel Establish criticality of risk and system Firewall protection • Disaster recovery plans • Network backup planning • Software and data backups detection equipment and software • Destruction of old hard drives from redundant computers • Ensure no single point of failure • Purchase of intrusion detection and vulnerability detection equipment • Continual investment in updating • Backup Power Supply • Redundant hardware systems software prioritize; map key risks September November Perform facilitated session and/or Summarize data of most interviews with select internal and significant risks external experts to identify and assess risks and risk management processes Reduce voluntary employee departures by 10% by 2008 Analyze risks for causal factors, 2006 # Departures effects, and interrelationships 2007 est. 2008 Target est.
Questions to Consider • Is ERM adding value for your organization? • Is the ERM effort stalled or is progress being made? • Are there parallel risk management efforts that fall outside of the ERM process? • What can be done to automate portions of the ERM process? • Are there high impact “drill-down” projects that will deliver ERM value? • Is ERM sustainable after the project team has moved on to other assignments?
Barry Franklin, FCAS, MAAA Aon Global Risk Consulting 312.381.3920 barry_franklin@ars.aon.com
Confidentiality We recognize that our clients’ industries are extremely competitive and maintaining confidentiality is of the utmost importance. Accordingly, Aon takes seriously its obligation to protect the confidentiality of client information. Similarly, we view our approaches and insights as proprietary and therefore look to our clients to protect Aon interests in our presentations, methodologies, and analytical techniques. Under no circumstances should the material in this report be shared with any third party without the written consent of Aon. Copyright © 2007 Aon

Recommandé

Private Equity Operational Due Diligence Trends
Private Equity Operational Due Diligence TrendsPrivate Equity Operational Due Diligence Trends
Private Equity Operational Due Diligence TrendsCorgetum Consulting (http://www.Corgentum.com)
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionMichel Rochette
 
FORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFERMA
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMichel Rochette
 
Five Strategy Conversations Every Board Should Have
Five Strategy Conversations Every Board Should HaveFive Strategy Conversations Every Board Should Have
Five Strategy Conversations Every Board Should HaveStrategic Offsites Group
 
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...Ferma survey part 2 - governance enterprise risk mnagement and key risks for...
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...FERMA
 
FERMA Seminar - Frank Baron - The Asian Perspective
FERMA Seminar - Frank Baron - The Asian PerspectiveFERMA Seminar - Frank Baron - The Asian Perspective
FERMA Seminar - Frank Baron - The Asian PerspectiveFERMA
 
Adopting Agile In The Organization
Adopting Agile In The OrganizationAdopting Agile In The Organization
Adopting Agile In The OrganizationValtech UK
 

Recommandé

Private Equity Operational Due Diligence Trends
Private Equity Operational Due Diligence TrendsPrivate Equity Operational Due Diligence Trends
Private Equity Operational Due Diligence TrendsCorgetum Consulting (http://www.Corgentum.com)
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionMichel Rochette
 
FORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFERMA
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMichel Rochette
 
Five Strategy Conversations Every Board Should Have
Five Strategy Conversations Every Board Should HaveFive Strategy Conversations Every Board Should Have
Five Strategy Conversations Every Board Should HaveStrategic Offsites Group
 
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...Ferma survey part 2 - governance enterprise risk mnagement and key risks for...
Ferma survey part 2 - governance enterprise risk mnagement and key risks for...FERMA
 
FERMA Seminar - Frank Baron - The Asian Perspective
FERMA Seminar - Frank Baron - The Asian PerspectiveFERMA Seminar - Frank Baron - The Asian Perspective
FERMA Seminar - Frank Baron - The Asian PerspectiveFERMA
 
Adopting Agile In The Organization
Adopting Agile In The OrganizationAdopting Agile In The Organization
Adopting Agile In The OrganizationValtech UK
 
Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010Intact
 
Intact Investor Presentation
Intact Investor PresentationIntact Investor Presentation
Intact Investor PresentationIntact
 
Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010Intact
 
August 2010 Presentation
August 2010 PresentationAugust 2010 Presentation
August 2010 PresentationIntact
 
High Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsHigh Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsFindWhitePapers
 
Agile india 2012 survey results final
Agile india 2012 survey results finalAgile india 2012 survey results final
Agile india 2012 survey results finalValtech India
 
Investor Presentation 2010
Investor Presentation 2010Investor Presentation 2010
Investor Presentation 2010Intact
 
NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012Alton Cogert
 
Investor presentation february_2011
Investor presentation february_2011Investor presentation february_2011
Investor presentation february_2011Intact
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
Stream 1- Enhanced Business Performance
Stream 1- Enhanced Business PerformanceStream 1- Enhanced Business Performance
Stream 1- Enhanced Business PerformanceIBM Business Insight
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management InfographicSAP Analytics
 
Get To Know Your Ba
Get To Know Your BaGet To Know Your Ba
Get To Know Your BaJohny Bravo
 
ERM AEGON Canada
ERM AEGON CanadaERM AEGON Canada
ERM AEGON CanadaRon Harasym
 
Corporate governance embraer day 2007
Corporate governance embraer day 2007Corporate governance embraer day 2007
Corporate governance embraer day 2007Embraer RI
 
2007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 20072007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 2007Embraer RI
 
Release 3Q00
Release 3Q00Release 3Q00
Release 3Q00Embraer RI
 
Status of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan AfricaStatus of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan AfricaKigoda Consulting
 
McDonald's Strategy Presentation
McDonald's Strategy PresentationMcDonald's Strategy Presentation
McDonald's Strategy PresentationNiklas Reinhold
 
The Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product ManufacturersThe Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product ManufacturersFindWhitePapers
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 

Contenu connexe

Similaire à 03 25 franklin

Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010Intact
 
Intact Investor Presentation
Intact Investor PresentationIntact Investor Presentation
Intact Investor PresentationIntact
 
Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010Intact
 
August 2010 Presentation
August 2010 PresentationAugust 2010 Presentation
August 2010 PresentationIntact
 
High Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsHigh Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsFindWhitePapers
 
Agile india 2012 survey results final
Agile india 2012 survey results finalAgile india 2012 survey results final
Agile india 2012 survey results finalValtech India
 
Investor Presentation 2010
Investor Presentation 2010Investor Presentation 2010
Investor Presentation 2010Intact
 
NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012Alton Cogert
 
Investor presentation february_2011
Investor presentation february_2011Investor presentation february_2011
Investor presentation february_2011Intact
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 
Stream 1- Enhanced Business Performance
Stream 1- Enhanced Business PerformanceStream 1- Enhanced Business Performance
Stream 1- Enhanced Business PerformanceIBM Business Insight
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management InfographicSAP Analytics
 
Get To Know Your Ba
Get To Know Your BaGet To Know Your Ba
Get To Know Your BaJohny Bravo
 
ERM AEGON Canada
ERM AEGON CanadaERM AEGON Canada
ERM AEGON CanadaRon Harasym
 
Corporate governance embraer day 2007
Corporate governance embraer day 2007Corporate governance embraer day 2007
Corporate governance embraer day 2007Embraer RI
 
2007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 20072007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 2007Embraer RI
 
Status of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan AfricaStatus of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan AfricaKigoda Consulting
 
McDonald's Strategy Presentation
McDonald's Strategy PresentationMcDonald's Strategy Presentation
McDonald's Strategy PresentationNiklas Reinhold
 
The Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product ManufacturersThe Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product ManufacturersFindWhitePapers
 

Similaire à 03 25 franklin (20)

Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010Intact Investor Presentation - June 2010
Intact Investor Presentation - June 2010
 
Intact Investor Presentation
Intact Investor PresentationIntact Investor Presentation
Intact Investor Presentation
 
Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010Intact Investor Presentation - March 2010
Intact Investor Presentation - March 2010
 
August 2010 Presentation
August 2010 PresentationAugust 2010 Presentation
August 2010 Presentation
 
High Efficiency in Manufacturing Operations
High Efficiency in Manufacturing OperationsHigh Efficiency in Manufacturing Operations
High Efficiency in Manufacturing Operations
 
Agile india 2012 survey results final
Agile india 2012 survey results finalAgile india 2012 survey results final
Agile india 2012 survey results final
 
Investor Presentation 2010
Investor Presentation 2010Investor Presentation 2010
Investor Presentation 2010
 
NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012NAMIC Management Conference, June 25, 2012
NAMIC Management Conference, June 25, 2012
 
Investor presentation february_2011
Investor presentation february_2011Investor presentation february_2011
Investor presentation february_2011
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
Stream 1- Enhanced Business Performance
Stream 1- Enhanced Business PerformanceStream 1- Enhanced Business Performance
Stream 1- Enhanced Business Performance
 
Risk Management Infographic
Risk Management InfographicRisk Management Infographic
Risk Management Infographic
 
Get To Know Your Ba
Get To Know Your BaGet To Know Your Ba
Get To Know Your Ba
 
ERM AEGON Canada
ERM AEGON CanadaERM AEGON Canada
ERM AEGON Canada
 
Corporate governance embraer day 2007
Corporate governance embraer day 2007Corporate governance embraer day 2007
Corporate governance embraer day 2007
 
2007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 20072007* Corporate Governance Embraer Day 2007
2007* Corporate Governance Embraer Day 2007
 
Release 3Q00
Release 3Q00Release 3Q00
Release 3Q00
 
Status of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan AfricaStatus of sustainability reporting in sub-Saharan Africa
Status of sustainability reporting in sub-Saharan Africa
 
McDonald's Strategy Presentation
McDonald's Strategy PresentationMcDonald's Strategy Presentation
McDonald's Strategy Presentation
 
The Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product ManufacturersThe Impact of Lean on Consumer Product Manufacturers
The Impact of Lean on Consumer Product Manufacturers
 

Dernier

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 

Dernier (20)

Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 

03 25 franklin

  • 1. Enterprise Risk Management: Practical Implementation Barry Franklin Group Managing Director, Americas Aon Global Risk Consulting November 2007
  • 2. Discussion Topics  Preliminaries  Defining ERM  ERM drivers  Recent survey results  Defining “Risk”  Balancing diverse views - consistent framework  A value-driven approach to ERM  Implementation challenges  Case studies
  • 3. What is ERM? ERM is the process by which companies identify, measure, manage, and disclose all key risks to increase value to primary stakeholders while satisfying other stakeholders.
  • 4. What is ERM? Process: • A systematic and sustained business process Measure: • Consistent metrics adopted in an integrated manner across the organization Manage: • Focused on enabling management decision making and enabling exploitation of business opportunities Disclose: • Enabler of meaningful and transparent disclosure to key stakeholders Holistic: • Integrated approach to Financial, Operational, Strategic and Regulatory risks Material risks: • Analyzing & quantifying the organization's significant risks Value: • Balanced perspective on uncertainty, managing threats and capturing opportunities Stakeholders: • Focused on delivering the organization's key stakeholder needs and expectations
  • 5. Related Risk Management Processes • Enterprise Risk Management (ERM) is often identified with Strategic Risk Management (SRM) or Governance, Risk and Compliance (GRC). Common elements are: • Process applied consistently across company • Driven from the top of the organization • Takes a proactive, forward-looking view • Considers both risks and rewards • Integrates risk management into business process • Assigns clear risk ownership
  • 6. Driving Forces Behind ERM Enron Corporate WorldCom Disasters Adelphia Banks Mutual Funds Asset Managers Energy Firms Corporations Best Enterprise Regulatory Practices Risk Actions Management S.E.C. Sarbanes-Oxley Basel II Treadway Report, US Industry Turnbull Report, UK Initiatives Dey Report, Canada
  • 7. Executive Research Key Findings • Most companies are making some progress • Greater board and CEO involvement • More awareness across organizations • Faster adoption outside of North America • Few companies have progressed to “advanced” level • Slower progress than originally expected
  • 8. Key Drivers Corporate Governance Requirements Understand Hard to Quantify Risks Regulatory Pressures Board Request 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
  • 9. Key Objectives 2006 • Ensure risk considered in decision making 83% • Avoid surprises 85% • Integrate risk management into corporate processes 70% • Align risk exposures & mitigation 65% • Use risk management as competitive tool 36% Source: The Conference Board
  • 10. Integration into Business Processes 75.0% Rest of the World 75.0% 53.8% UK/Europe 65.9% 71.2% United States/Canada 39.8% 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
  • 11. Building the Process Business Risk Inventory Mission Statement Regular Risk Assessment Common Risk Languange 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
  • 12. Building the Process Root Cause Analysis Individual Risk Ow nership Regulaar Board Reports Tolerances 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
  • 13. Risk Management Integration Internal Audit Strategic Planning New Product Development Product Pricing 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 2004 2006 Source: The Conference Board
  • 14. Greatest Benefits Better Informed Decisions Management Consensus Articulate Risk Taking Governance 0.0% 20.0% 40.0% 60.0% 80.0% 2004 2006 Source: The Conference Board
  • 15. Key Risks - Americas • Damage to reputation • Business interruption • Third party liability • Distribution or supply chain failure • Market environment • Regulatory/legislative changes • Failure to attract or retain staff • Technology failure • Failure of disaster recovery plan • Loss of data Source: 2007 Aon Global Risk Management Survey
  • 16. Level of Preparedness % with written plan in place or have undertaken a formal review of this risk Damage to Reputation 48% Business interruption 70% Third party liability 75% Distribution or supply chain failure 63% Market environment 35% Regulatory/legislative changes 41% Failure to attract or retain staff 55% Market risk 56% Physical damage 77% Merger/acquisition/restructuring 69% Failure of disaster recovery plan 65% Source: 2007 Aon Global Risk Management Survey
  • 17. Business Activity Priorities Current Priority Priority Ranking – Business Activities Ranking Next 2 years Risk identification, quantification and analysis 1 1 Regulatory compliance and reporting 2 3 Loss control / prevention 3 4 Managing risk on an enterprise-wide basis 4 2 Risk communication – internally with management and operations 5 5 Emergency / contingency planning 6 6 Insurance buying 7 9 Risk financing 8 7 Claims management 9 8 Risk communication – externally with business partners 10 10 Source: 2007 Aon Global Risk Management Survey
  • 18. Responding to Changing Risks 11% 23% 8% External service/ advisor 32% 29% Benchmarking 46% Quantitative analysis Management intuition and experience 22% 42% 29% 19% Identify major risks Assess probability and Determine limits for impact insurance Source: 2007 Aon Global Risk Management Survey
  • 19. Identification of Major Risks 5% 11% 14% 4% 13% 8% 7% Other 19% 18% External service provider/ 32% 55% advisor Business Unit registers or key 45% risk indicator w orksheets Senior management intuition 55% and experience 42% 23% Board w orkshops or scenario 19% planning 7% 12% 5% 3% All The Americas Europe Asia/Pacific Source: 2007 Aon Global Risk Management Survey
  • 20. What is Risk? • Risk can be defined as the potential harm that may arise from some present process or from some future event. • In everyday usage, "risk" is often used synonymously with "probability", but in professional risk assessments, risk combines the probability of a negative event occurring with how harmful that event would be. • Risk can also be viewed as “volatility from expected.” This definition captures both the upside and downside of risk.
  • 21. What is Risk? Financial • Includes the fluctuating cost of fuel, interest rates and access to capital Human Capital • A growing area of exposure in today’s labor market including employee selection, retention and turnover, absenteeism, compensation and labor relations Legal / Regulatory • Incorporates liabilities for employment, defamation and other allegations, including regulatory change and governance requirements
  • 22. What is Risk? Operational • Includes day-to-day business challenges across all functional platforms, including the strive for efficiency, optimal use of outsourcing and business continuity Strategic • Includes organizational planning, such as the strategic response to changing customer preferences, competition, reputation/brand, innovation, etc. Technology • Includes system failure, network liability, internet
  • 23. Public Company – View of ERM • A strategic mechanism for effective risk identification and containment • Ensures that business objectives are balanced with: • Corporate governance initiatives • Risk mitigation initiatives • Enhanced and timely business decisions • Enhanced profitability • Long-term growth • Goal to maximize shareholder value for the enterprise as a whole • Greatly influenced by Sarbanes-Oxley and SEC in the U.S.
  • 24. Private Company – View of ERM • Short Term: • Drives structured and disciplined approach to risk management: • Provides methodology for measuring business risks • Increases awareness of risks and potential risks • Long Term: • Ability to aggregate risks and benefit from enterprise effects • Better capital allocation and competitive position • More effective strategic and operational planning • Ensures execution of the Core Competency
  • 25. Balancing Diverse Interests Value Creation Performance Growth Returns • Bus. Units • Shareholders • Managers • Investors External • Partners Internal Enterprise ERM Goals & ERM Objectives Governance Capital • Controls • Debtholders • Compliance • Agencies Financial Strength • Regulators Conformance
  • 26. COSO – A Starting Point for ERM The COSO ERM Framework Consists of 8 Interrelated Components and 4 Objectives Elements of ERM as outlined in the framework: • Is a process • Is effected by people • Is applied in strategy setting • Is applied across the enterprise • Is designed to identify potential events • Manages risks within risk appetite • Provides “reasonable assurance” • Supports achievement of key objectives Source: COSO ERM Framework
  • 27. Using a Value-Driven Approach Start with a skilled assessment of your business and ERM needs to ensure that the approach and outcomes are well matched to your needs Evaluate Risk Process Risk Identification ERM management & Prioritization ERM process Governance, Culture and Disclosure Growth Profitability ERM outcome - value Risk Quantification Continuity Risk Management Implementation Risk Response Solution
  • 28. Evaluate Risk Process Activities Deliverables Gather information on current status  Current state risk score card Develop scorecard ranking current program vs. leading practice  Risk maturity benchmark Develop future vision for ERM program  Key ERM goals & objectives Develop gap analysis using scorecard format and identify quick-hits  ERM performance plan Conduct executive workshop  Alignment on ERM framework / plan
  • 29. Current State Assessment Initial Established Uniform Managed Optimizing Risk Opportunity
  • 30. Current State Assessment • Risk management is becoming more complex • Most companies have a wide-range of risk management activities underway  ERM  Sarbanes-Oxley  Compliance  Operations  Risk committees • Unfortunately, many companies lack a coherent vision for risk management • Senior management and board members often have differing views of what information they would like to see from risk management • Rating agencies are assessing risk management quality as part of their overall rating process – S&P, Fitch
  • 31. Risk Maturity Benchmarking Sample Risk Maturity Benchmark C A P A B IL IT IE S RE S UL T S M easu res R I S K M A N A G E DS K E N A B L E D R isk R i sk S tr a te g y P e o p le P a r tn e r sh i p s P ro c e sse s R isk H a n d lin g O u tc o m e s L e a d e rsh ip & P o lic ie s F u lly e m b e d d e d L E V E L 5 (= in d a y - t o - d a y Ex c e l l e n t c a pa bi l ity b u s in e s s e s ta bli s h e d) p ro ce sse s an d s tr a te g ie s . R I In t e g r a t e d a p p ro a c h e s to L E V E L 4 (= m a n a g in g r is k Em be dde d a n d are i m p r o vi n g ) im p le m e n t e d acro ss b o u n d a r ie s . F o rm al R IS K D E F IN E D L E V E L 3 (= a p p ro a c h e s to Im p l e m e n t a t i o n m a n a g in g r is k c o m pl e te d i n k e y in p la c e a n d ar eas ) w id e ly im p le m e n t e d . F o rm al a p p ro a c h e s to L E V E L 2 (= m a n a g in g r is k Im p l e m e n t a t i o n in p la c e a n d P la n n e d) p a r t ia lly im p le m e n t e d . R IS K A W A R E L E V E L 1 (= Aw are n e ss o f A war en es s / n e e d b u t lit t le U n de r s ta n di n g ) a c tio n . D o s e n io r m a n a g e rs s u p p o rt a n d p ro m o t e ris k P ro c e s s D o t h e o r g a n i s a t i o n 's p r o c e s s e s i n c o r p o r a t e L e a d e r s h ip m a n a g e m e n t? e ffe c t i v e r i s k m a n a g e m e n t ? es R is k R is k
  • 32. Maturity: Building Risk Capabilities Systematically Build and Improve Risk Management Capabilities Organization focused Risks on RM as a Policies, measured, source of processes managed and competitive Process aggregated established and practices advantage Capabilities defined and on an and and enterprise- are repeating: formalized continuous characteristic across the wide basis improvement reliance on of individuals, people is organization not of the reduced organization Initial Established Uniform Managed Optimizing RISK OPPORTUNITY
  • 33. Risk Identification & Prioritization Activities Deliverables Risk categorization and scoring criteria  Risk hierarchy and criteria Conduct interviews / surveys  Internal risk identification Benchmark client’s public risk factors  External risk identification Consolidation and aggregation of identified risks  Risk register Conduct risk workshop  Prioritized risk map
  • 34. Calibrate Definitions and Criteria Risk Categorization and Scoring Criteria
  • 36. Risk Quantification Activities Deliverables Develop risk scenarios and correlations  Risk scenarios Modeling key risks  Individual risk quantification and prioritization Aggregate impact of key risk on company’s Calculate aggregate risk exposures  value and financial performance
  • 37. Risk Quantification / Valuation Step 1 Step 2 Step 3 Develop Risk Develop Baseline Run Model to Scenarios Valuation Model Quantify Risks  Conduct  Build baseline  Aggregate risks interviews with valuation model;  Shock model for risk experts project financials each consistent with  Develop risk risk/scenario strategic plan scenarios and  Quantify impact associated  Adapt model to to value and financial impact dynamically other key metrics accommodate  Gather existing risks/scenarios,  Provide basis for facts / historical value drivers and decision-making data points key metrics
  • 38. Defining Value – One View ERM Value Propositions Improved resource allocation Keeping resources focused on Enhanced risk corporate governance those activities that matter most Increased operational efficiency to the organization Common and deep knowledge of critical business and Greater transparency of risk organizational risks Possible reduction in earnings volatility Structured process to allocate capital based on those Optimized capital allocation businesses that are the most Improved regulatory standing risky to the organization Everyone in the organization Enhanced risk reporting has the ability to define, treat, Consistent framework for risk and manage risk in a Provide confidence that risks are homogeneous fashion Improved compliance being identified and managed in a constructive fashion
  • 39. Defining Value – Alternate View Risk Adjusted Income Statement 2008 2009 2010 REVENUE Sales 642,100 670,965 701,292 Other Operating Revenue 14,482 14,626 14,773 Total Revenue 656,582 685,591 Aggregate Loss Distribution 716,065 OPERATING EXPENSES 0.07 0.06 Salaries, Wages and Benefits 310,667 323,093 0.05 336,017 Supplies and Services 289,850 309,593 0.04 330,750 0.03 Total Operating Expenses 600,517 632,686 0.02 666,767 0.01 0 (LOSS) INCOME FROM OPERATIONS 56,065 52,906 0 5 10 15 49,298 20 25 30 35 40 45 OTHER INCOME (EXPENSE) Interest and Dividends 28,419 28,704 28,991 Competing Mitigation Strategies Current State Risk Exposure (16,000) (17,326) 20% (15,683) Mitigation Costs (2,784) (2,812) 18% 16% (2,840) Mitigation Impact on Current State Risk 14,326 16,532 14% 12% 12,031 Total Other Income (Expense) 23,961 25,098 10% 8% 22,499 6% 4% NET PRETAX INCOME 80,026 78,003 2% 0% 71,796 -6 -4 -2 0 2 4 6 8 10 12 14 16
  • 40. Value-centric ERM framework Risk Management Tactics Strategy Risk Appetite Determine Scenario Portfolio Development ERM Committee Effect Consensus Meeting Surveys Enterprise ERM Risk Exposure All Key Model Risks Risks (∆Value) Value Individual Risk Risk Identification Quantification & Ranking Process Key: Risk Quantification Risk Management
  • 41. Sample Output (partial data) Risk Distribution Report Key Risks Rank by Value Impact of Worst Case Scenario Risk: IT External Attack (Risk #4) Risk Scenario Likelihood Value Risk 11 1-in-30 year Risk 1 Worst Case -7.5% event Risk 8 Risk 7 Risk 4 1-in-10 year Pessimistic -2.4% Risk 9 event Risk 12 Risk 10 Risk 15 Best Estimate Most Likely --- Risk 6 Risk 13 Risk 3 1-in-15 year Optimistic 0.1% Risk 5 event Risk 14 Risk 2 1-in-50 year Best Case 0.2% 0.0% -5.0% -10.0% -15.0% -20.0% event
  • 42. Risk Response Solution Activities Deliverables Determine risk tolerance  Defined risk tolerance Identify risk response solution options  Risk response solutions Evaluate and select risk response solution  Risk response business case
  • 43. Risk Appetite - One View Impact of $100 Financial Buffer FY07 Metrics FY07E Defined Goal million, pre - tax (RBC) losses on metric EPS Growth 25.0% 22.5% - 260 bps $60 (from 2006) Free Cash $1,883 $1,400 - $53 million $750 Flow Operating 40.1% 40.5% - 81 bps $0 Margin Threshold is Cash/ Months not expected to Operating 8.9 12.0 - 0.11 months be achieved in Expense FY07 Total Debt/CFO 73.6 Not Available +155 bps Not Available $ in millions Sources: 2007 budget, metric & threshold input
  • 44. Risk Appetite - Alternate View Value Enterprise Risk Exposure Target for Current State Future State Event Probability Probability Is the ERM Committee Rev Growth comfortable with the 10% decrease in 15% ? current state? If not, value Achieving strategic what do they want it to 35% ? be? The answers result plan goals in tolerance thresholds eps Growth 5% increase in eps 5% ? collectively called Risk Appetite. Other
  • 45. Risk Response Solution Risk Response Strategies Terminate Mitigate Transfer Exploit Tolerate Exit Risk Preventative Financing Solutions Explore the Make a Area upside of risk conscience by taking new decision to Corrective opportunities tolerate the risk Insurance Directive Capital Markets Detective Contractual Transfer Hybrid
  • 46. Evaluating Solutions Increase in Likelihood of Meeting Risk Appetite Current Mitigation Total Cost of Risk Mitigation Option Being Considered 85% Risk Tolerance 95% Increased Mitigation Cost 0% 99.9% Cumulative Probability
  • 47. Evaluating Solutions Management selects ERM actions that move enterprise risk exposure towards risk appetite, for example: Risk Exposure Pre-Mitigation Value Risk Exposure Post-Mitigation Value
  • 48. Risk Management Implementation Activities Deliverables Develop risk response plan  Risk management project plan Obtain support of risk management leaders  Project governance structure Develop teams and tools  Resource allocation, communication and training Implement projects  Program management Define metrics and implement monitoring tools  Risk platform and scorecards
  • 49. Risk Management Implementation ERM Multi-Year Project Plan 2007 2008 2009 Define Risk Strategy Comprehensive Risk Mapping Develop Cost of Risk Model Technology implementation Establish Risk Appetite Risk Modeling Expanded Risk Assessment Evaluate Data Strategy Captive Optimization Portfolio Risk Modeling Develop Risk Profiling Legacy Claim Projects Legacy Claim Evaluation Global Optimization Captive Strategy M & A Process Evaluation
  • 50. ERM Enabling Technologies There are a lot of technologies related to risk in general and ERM – Use a selection process as with any tool/technology • Analysis: RFI/RFP • Vendor discussions and “Bake-off” with prototype • Design: Purchase on trial basis • Full deployment
  • 52. ERM Monitoring and Reporting
  • 53. Dashboards & Governance Drives Accountability Facilitates “Dashboard” Reporting Automates Tracking of Key Risk Indicators
  • 54. Governance, Culture and Disclosure Key Activities Client Deliverables Develop detailed ERM frameworks and governance  Policies, manuals, committees, roles and accountabilities Develop internal risk communication and awareness program  Rollout of communication and awareness program Develop external communication strategy  Enhanced communication with rating agencies, equity analysts and regulators Monitor risk performance against defined metrics  Reporting on KPI’s Develop continuous improvement process  Improvement processes and accountabilities
  • 55. Governance, Culture and Disclosure ERM Framework and Governance Board of Directors Executive Committee Chief Risk COO CFO CIO CLO Officer ERM Function Business Division Unit A A Functional, Business support and Division Unit B Shared services B Business Division Unit C C Risk Management Internal Audit Compliance
  • 56. Governance: Partnership is Key Board • Set Policy • Approve Risk Strategy • Enforce Correction • Provide Tone from the Top Audit Committee • Establish Policy • Propose Risk Strategy • Measure / Monitor • Report to Board on Key Matters ERM Working Group* • Monitor • Facilitate • Coordinate • Benchmark • Educate • Report Compliance/Ethics Internal Audit Business/Functional Risk Owners • Provide Assurance • Identify Risk • Manage Risk • Act as Functional Risk Owner • Conduct Risk-Based • Measure Risk • Report & • Manage Legal Risks Audits • Prioritize Risk Improve • Foster an Ethical Environment *possibly chaired by CRO
  • 57. Governance, Culture and Disclosure ERM Project Plan e.g. ERM Manual Client ABC Client ABC Client ABC
  • 58. External Risk Disclosure Analysis Annual 10-K reports are a primary risk information source for investors and the public. • How was this list developed? • How was the order of the risks determined? • Were the impacts of these risks quantified? • How will investors react if an unmentioned risk results in significant loss of market value? • How does your list compare to your competitors?
  • 59. Comparative Analysis • A comprehensive ERM program can ensure that the10-K risk factor list is complete and in appropriate order. • Review the risks listed in the 10-K report – Is anything missing? – Are the risks listed in an order that is representative of their impacts? – Have these risks been quantified? How would investors or regulators react if an unmentioned risk results in significant loss of value?
  • 60. Analyzing Competitors’ Disclosures Regular review of competitors’ risk disclosures is vital to: • Ensure that your risk disclosure is complete • Keep tabs on changes in the industry environment
  • 61. Comparing Risk Disclosures Description Consumer demand and acceptance of services offered by us Our ability to achieve and maintain acceptable cost levels Fare levels Actions by competitors Regulatory matters Strategic General economic conditions Review of Commodity prices Annual Reports / Changing business strategies Regulatory Single aircraft type Filings Changes to and costs of security procedures Green = Declared Cost and availability of aircraft insurance Red = Not Declared Terrorist attack Orange = Not Relevant International hostilities Ability to continue as a going concern Ability to operate pursuant to the terms of the DIP Financing Ability to obtain a federal loan guarantee from the ATSB
  • 62. ERM – Commonly Cited Challenges • Inability to demonstrate immediate, quantifiable return on investment • Internal competition among business units • Cultural incompatibility • Limited technology / tools • Inadequate senior-level support
  • 63. ERM - Critical Success Factors • Senior management support • Clearly defined vision • Regular and open communication among the team • Realistic expectations regarding timelines and deliverables • Sufficient resource allocation for implementation and follow-through • Linkage to organizational success factors, strategies and processes
  • 64. ERM Potential Benefits Establish Sustainable Competitive • Integrate with business planning and value Advantage management processes • Avoid missing key risks and losing vital opportunities • Optimize balance between capital preservation and growth/profit-generation Manage Risk at a Lower Cost • Minimize risk averse behavior • Develop cost-effective risk strategies and solutions • Eliminate redundant or unnecessary risk controls Improve Business Performance • Support more informed/proactive risk management decisions aligned with business objectives/strategies • Link to enterprise performance, measurement and monitoring • Reduce volatility and prevent surprises
  • 65. ERM Gap Analysis Phase I Phase II Phase III Phase IV Information Gathering Setting the Stage Executive Support Implementation • Conduct interviews / • Develop overall • Obtain support of • Deliver defined gather information risk management risk management projects vision leaders • Identify risk universe • Update progress • Create risk • Present overall toward overall • Define and develop management objectives and vision cost of risk data scorecard / Gap plan to senior • Measure • Conduct gap analysis analysis management performance • Identify key risk • Develop teams • Create linkage to projects / and tools next steps activities needed • Get moving to achieve risk • Build feedback management loop to ensure excellence continued progress toward goals • Understand cost / benefit of potential risk management strategies
  • 66. Risk Management Vision • Risk management vision transcends the various projects and activities that comprise risk management within an organization • In order to define risk management vision, the company must resolve a series of key questions:  What are the goals of the company’s risk management efforts?  How does the company define risk management excellence?  What is the current state of risk management?  Where are the gaps?  What are the priorities?  How will success be measured? • In the end, risk management must deliver measurable impact on the company’s operating performance
  • 67. Key Risk / Performance Indicators • What are the KRIs? • How do I get them? • How often do I get them? • What do I do with them? • Foundation understanding of: frequency, source and meaning
  • 69. Focus on Value Risk Management Tactics Strategy Risk Appetite Determine Scenario Portfolio Development ERM Committee Effect Consensus Meeting Surveys Enterprise ERM Risk Exposure All Key Model Risks Risks (∆Value) Value Individual Risk Risk Identification Quantification & Ranking Process Key: Risk Quantification Risk Management
  • 70. Case Study #1: Fast Growing Company • Highly successful, profitable company • Recent patent litigation surprise created temporary cash and credit crunch • Audit committee wanted an overview of key risks facing the company • Risk committee was formed to coordinate the effort • Team conducted interviews with over 50 executives, supplemented by over 80 surveys
  • 71. Project Objectives • Has the company identified all its critical risks ? • Does the company have effective controls for managing its critical risks? • Are the risks greater now than they were 12 - 24 months ago (earnings pressure, continued acquisitions and internal strategic initiatives)? • Are these risks within acceptable limits? • Is the right level of information reported to Senior Management and the Board?
  • 72. Project Results • Provided information to senior management and the Audit Committee • Developed models for key risks based on potential impact on:  Revenue  EPS  Cash  Reputation • Examined current and potential risk mitigation opportunities, including risk transfer and self-funding • Created a framework for more effective decision-making regarding supply chain management, site selection and inventory management
  • 73. Case Study # 2: Manufacturing Company • Company had a well-developed risk management process • Top risks for each of the business were routinely assessed and evaluated • Due to lack of internal data, limited effort had been made to quantify the potential impact of events • Recent supply chain problems had highlighted previous unmeasured vulnerabilities • Project team developed customized risk models for the top five risks of each business unit
  • 74. Project Results • Delivered working risk models to each business unit • Risk models were used to develop “underwriting models” for potential risk transfer / mitigation solutions • Company expanded the use of existing captive insurance company and finite risk insurance arrangements to address key issues • Event risk maps helped uncover critical decision points that could substantially alter the overall risk exposure • Changes were made in supply contracts, inventory levels and contingent business interruption coverage as a result of the analysis
  • 75. Case Study #3: Consumer Products • Fortune 100 consumer products company • Treasurer and Risk Manager had identified 17 key risks under their charge • Company wanted to develop a quantitative approach to better evaluate risk decisions • Solution: Risk modeling project to help evaluate the optimal risk strategy
  • 76. Project Results • Project focused on the analysis of internal and external risk data • Creation of individual and portfolio risk models • Risk mitigation and transfer alternatives were tested using the models, resulting in significant changes • Company was able to demonstrate the value of additional risk retention and the use of internal funding (via a captive insurance subsidiary) • Risk finance and mitigation resources were reallocated to optimize the company’s risk management efforts
  • 77. Case Study #4: Hospital • Medium-sized hospital looking to achieve excellence in health care by surpassing standards set in “The New American Hospital” and the Malcolm Baldrige National Quality Award • Key objective: conduct a comprehensive risk assessment • Project involved:  Interviews with key personnel (management, physicians and nurses)  Creation of a risk inventory  Benchmarking of current risk management approaches and quality of care against industry standards and best practices  Evaluation of current risk mitigation methods
  • 78. Hospital ERM Project Results • Identified and prioritized key enterprise risks • Recommended improved approaches for risk management • Opportunities for improvement included:  Implementation of clinical best practices and rapid response teams to reduce cardiac complication rates  Diversification of services to counteract the impact of Medicare reform  Contingency planning around key physicians and sole- source service providers  Improvement of the contract oversight and document retention process to minimize legal liabilities
  • 79. Case Study #5: Capital One Capital One signed an "informal memorandum of understanding" with bank regulators. More than a dozen class actions were filed charging the credit card issuer with securities fraud for misleading shareholders about its financial health and its compliance with bank regulations. Risk management capabilities designed and implemented across the organization. Capital One's stock plummeted by 39%, falling from a $50.60 per share close on July 16 to $30.48 per share by the close of July 17; a drop of roughly $4B in market July 2002, 8K filing: the company publicly value. commits to enhance its enterprise risk management and internal control environment.
  • 80. ERM Process: Enhanced Future State Integrated into Operational Business Processes Improved Risk Predictability and Measurement Line of ERM Business Risk-Adjusted Decision Process Operations Making Risk Metrics Improved Business Performance
  • 81. Suggestion: Adopt a Pilot Approach • Start small and grow big • Select a locale with engaged management and non- complex products or customers • Establish proof of the ERM concept – quicker benefits • Accomplish process objectives in a shorter timeframe • Learn from successes/mistakes to roll out the ERM process across the organization
  • 82. Overview of a Pilot Review current company and Severity ($ millions) >100M H2 S1 Strategic Legend S1 – Partnering arrangements business objectives/risk High Impact Moderate Impact 50 O5 O1 O3 L1 S2 – Changing industry dynamics Ope rational O1 – New initiative integration/success management objectives; evaluate O2 O2 – Business continuity Low Impact 10 Partial / Full Mitigation No / Minimal H1 O4 O3 – Product quality O4 – Centralized distribution O5 – Hazard risk Establish risk management current risk management Mitigation 5 T2 T1 H3 S2 F2 Human Capital H1 – Succession planning H2 – Turnove r H3 – Human capital de velopment options, action plans, etc. infrastructure and capabilities 2 H2 F1 Legal/Regulatory L1 – Political pressure around drug affordability Te chnology T1 – Intellectual prope rty T2 – Information security Risk Definition Current State Financial 1 • Ability to safeguard proprietary knowledge from a security F1 – Currency fluctuations Information Technology breach which could damage financials, brand and reputation Severity F2 – Commodity prices – Network Security • Intentional, coordinated and/or hidden sabotage of systems, Level <5 10 25 50 75 software or processes by internal or external parties Frequency Current Metrics Risk Owner(s) • Number of viruses per month • Chief Technology Officer • Minutes of downtime per month • IT Department • Backup processes double checked weekly • Security Action Plans Risk Assessment Pilot Current: Recommended: Estimated Investment: • Up-to-date Anti-virus and • Intrusion detection and vulnerability • Additional IT staff personnel Establish criticality of risk and system Firewall protection • Disaster recovery plans • Network backup planning • Software and data backups detection equipment and software • Destruction of old hard drives from redundant computers • Ensure no single point of failure • Purchase of intrusion detection and vulnerability detection equipment • Continual investment in updating • Backup Power Supply • Redundant hardware systems software prioritize; map key risks September November Perform facilitated session and/or Summarize data of most interviews with select internal and significant risks external experts to identify and assess risks and risk management processes Reduce voluntary employee departures by 10% by 2008 Analyze risks for causal factors, 2006 # Departures effects, and interrelationships 2007 est. 2008 Target est.
  • 83. Questions to Consider • Is ERM adding value for your organization? • Is the ERM effort stalled or is progress being made? • Are there parallel risk management efforts that fall outside of the ERM process? • What can be done to automate portions of the ERM process? • Are there high impact “drill-down” projects that will deliver ERM value? • Is ERM sustainable after the project team has moved on to other assignments?
  • 84. Barry Franklin, FCAS, MAAA Aon Global Risk Consulting 312.381.3920 barry_franklin@ars.aon.com
  • 85. Confidentiality We recognize that our clients’ industries are extremely competitive and maintaining confidentiality is of the utmost importance. Accordingly, Aon takes seriously its obligation to protect the confidentiality of client information. Similarly, we view our approaches and insights as proprietary and therefore look to our clients to protect Aon interests in our presentations, methodologies, and analytical techniques. Under no circumstances should the material in this report be shared with any third party without the written consent of Aon. Copyright © 2007 Aon