Cathy Hauslein - Susser Holdings, Speaker at the marcus evans CFO Summit Fall 2011 in Las Vegas, NV, delivered her presentation entitled Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appetite

1. Finance Is Risky Business
Managing Your Company’s Risk Appetite
Cathy Hauslein, VP-Controller
Susser Holdings Corp.
1

2. What is Risk Management
• Risk Management is the process of
analyzing exposure to risk and
determining how best to handle such
exposure.
• Enterprise Risk Management (ERM) seeks
to strategically consider the interactive
effects of various risk events with the goal
of balancing an enterprise’s portfolio of
risks to be within the stakeholders’
appetite for risk.
2

3. Strategic Risk Management Characteristics
1. Alignment with a commitment to ethically
create shareholder value – focus on the
upside of risk.
2. Use of a holistic approach that is broad
enough to encompass the spectrum of
entity-wide activities needed to achieve an
organization’s strategy.
3. Approach must be capable of identifying
and evaluating events and forces of change
– must be a continual, ongoing process.
3

4. Evaluating Strategic Business Risk
1. Understand the entity’s key strategies
that are designed to preserve and create
stakeholder value.
2. Identify the risk-how poorly a strategy will
perform if the ‘wrong’ scenario occurs.
3. Define an overriding risk management
goal-what is the entity’s risk appetite.
4

5. There is nothing more crucial to the success of ERM
efforts in an organization than an informed and
supportive culture.
5

6. Risk Management Process
• Context
• Risk Assessment
– Risk Identification
– Risk Analysis
– Risk Evaluation
• Risk Treatment
• Monitoring and Review
• Communication and Consultation
• Recording the Risk Management Process
6

7. Risk Management Process
• Context
– The organization-wide risk appetite is
formulated and the risk management
environment of the organization is defined.
– Context looks at the
laws, market, economy, culture, regulations, t
echnology, natural environment, stakeholders’
needs, issues, and concerns.
– Main output of context is the risk criteria to be
used to determine the acceptability of risks.
7

8. Risk Management Process
• Risk Assessment
– Risk Identification – Types of Risks to be
Evaluated
8

9. Types of Risk to be Evaluated
• Shareholder value risk • Brand risk
• Financial reporting risk • Partnering risk
• Governance risk • Supply chain risk
• Customer and market risk • Employee engagement
• Operations risk risk
• Innovation risk • R&D risk
• Communications risk
9

10. Risk Management Process
• Risk Assessment
– Risk Analysis – To provide the decision maker
with sufficient understanding of the risk that
they are satisfied they have sufficient
knowledge about the risk to make decisions
on risk treatment and acceptance.
– Risk Evaluation – Comparing residual risk
after risk treatment (Impact) against the risk
criteria (Likelihood).
10

11. Risk Evaluation
11

12. Risk Management Process
• Risk Treatment – Identification, selection
and implementation of control options.
• Monitoring and Review – Key to the
continuous improvement of risk
management.
– Key Risk Indicators (KRI’s)
• Human Resource
• Information Technology
• Finance
• Legal/Compliance
• Audit
12

13. Risk Management Process
• Communication and Consultation –
Extensive communication among team
members and consultations with other
experts in the organization.
• Recording the Risk Management Process
– Provide for traceability of
decisions, continuous improvement in risk
management, data for other management
activities, and legal and regulatory
requirements.
13

14. Questions?
14