• 280 likes • 699 Views
Enterprise Risk Management. Framework for establishing industry requirements and priorities. Andreas Vogel September 13 th , 2006. Framework for Discussion. This is a strawman proposal which summarizes some thinking and brainstorming Next steps Team discussion and refinement
E N D
Enterprise Risk Management Framework for establishing industry requirements and priorities Andreas Vogel September 13th, 2006
Framework for Discussion • This is a strawman proposal which summarizes some thinking and brainstorming • Next steps • Team discussion and refinement • Framework for discussion with ISMs and IBUs • Framework for discussion with partners, analysts, customers The goal is to create a product strategy which optimizes between market requirements and SAP development capabilities.
Train of Thought (for non-audio consumption) • Risk Management Processes • Identifying the key processes and process steps within • Classify steps by generic vs. specific to a risk class • Modeling and monitoring are risk class specific • Risk Monitoring • Identify a list of risk classes, the corresponding key risk identifiers, and the industries where they apply (some are generic) • Risk Modeling • Understand pre-requisites for quantitative modeling • Identify techniques • Identify industries which satisfy pre-requisites • Understand approach to solution for qualitative modeling and analysis • Value drivers in key industries • ERM value pyramid • Used banking as an example to identify key value drivers within the ERM process • Provide similar analysis for other key industries
Response Strategy To hazards Actions to change Frequency Impact Periodically Periodically Continuously Managing Enterprise Risk – Processes View Strategic Planning Setting Risk Appetite Risk Identification and Assessment Risk Identification Surveys Workshops Review Risk Registration Risk database Description Owners, etc. Risk Assessment Qualitative Quantitative Models/Simulation VaR, Monte Carlo, etc. Risk Monitoring Monitoring Risk indicators Specific Generic
Train of Thought (for non-audio consumption) • Risk Management Processes • Identifying the key processes and process steps within • Classify steps by generic vs. specific to a risk class • Modeling and monitoring are risk class specific • Risk Monitoring • Identify a list of risk classes, the corresponding key risk identifiers, and the industries where they apply (some are generic) • Risk Modeling • Understand pre-requisites for quantitative modeling • Identify techniques • Identify industries which satisfy pre-requisites • Understand approach to solution for qualitative modeling and analysis • Value drivers in key industries • ERM value pyramid • Used banking as an example to identify key value drivers within the ERM process • Provide similar analysis for other key industries
Train of Thought (for non-audio consumption) • Risk Management Processes • Identifying the key processes and process steps within • Classify steps by generic vs. specific to a risk class • Modeling and monitoring are risk class specific • Risk Monitoring • Identify a list of risk classes, the corresponding key risk identifiers, and the industries where they apply (some are generic) • Risk Modeling • Understand pre-requisites for quantitative modeling • Identify techniques • Identify industries which satisfy pre-requisites • Understand approach to solution for qualitative modeling and analysis • Value drivers in key industries • ERM value pyramid • Used banking as an example to identify key value drivers within the ERM process • Provide similar analysis for other key industries
What could be done outside the financials services industry? Risk Modeling and Simulation Prerequisites for Quantitative Modeling • Statistically relevant historical data samples, e.g. • Stock market data • Accident static of thousands of employees over years • Historical demand data • Applicable modeling and simulation technique, e.g. • Value at Risk • Monte Carlo Simulation • Apply quantitative modeling and simulation techniques • Banking • Insurance available Are there other industries Where quantitative modeling can be applied? not available • Apply qualitative techniques • What-if scenario analysis How would tools for scenario analysis look like?
Train of Thought (for non-audio consumption) • Risk Management Processes • Identifying the key processes and process steps within • Classify steps by generic vs. specific to a risk class • Modeling and monitoring are risk class specific • Risk Monitoring • Identify a list of risk classes, the corresponding key risk identifiers, and the industries where they apply (some are generic) • Risk Modeling • Understand pre-requisites for quantitative modeling • Identify techniques • Identify industries which satisfy pre-requisites • Understand approach to solution for qualitative modeling and analysis • Value drivers in key industries • ERM value pyramid • Used banking as an example to identify key value drivers within the ERM process • Provide similar analysis for other key industries
Failure to address certain classes of risk can put companies out of business Often regulated industries Budget available Some processes and org structures in place Failure to address certain classes could have major impact on business Processes and org structures rudimentary Mining Oil & Gas Pharma / Biotech Aerospace and Defense Utilities Remaining industries Have agreement on what the sweet spot is and why? Need to review selected industry in this bucket with IBUs ERM Value Pyramid Requirements too sophisticated for current SAP offering ERM is core value driver Companies have sophisticated tools, processes and org structures in place Budget available Banking Insurance ERM iscore business Sweet spot forSAP ERM ERM iskey to business No $$$ ERM isimportant to business
Failure to address certain classes of risk can put companies out of business Often regulated industries Budget available Some processes and org structures in place Failure to address certain classes could have major impact on business Processes and org structures rudimentary May have very specific risks requiring special solutions Pharma Utilities / Energy Oil & Gas / Mining Selected manufacturing (large and complex) Public sector Healthcare Telco Retail ERM Value Pyramid based on Deloitte Input ERM is core value driver Companies have sophisticated tools, processes and org structures in place Budget available Banking Insurance ERM iscore business ERM iskey to business ERM isimportant to business
Continuously Periodically Periodically Can we make similar assessment for other industries? Value Drivers in Financial Services Strategic Planning Setting Risk Appetite Risk Identification and Assessment Response Strategy To hazards Risk Identification Surveys Workshops Review Risk Registration Risk database Description Owners, etc. Risk Assessment Qualitative Quantitative Actions to change Frequency Impact Investment decisions Models/Simulation VaR, Monte Carlo, etc. Risk Monitoring Monitoring Risk indicators
Case Studies and Customer Interviews I 1 Excerpt from Barton et al, “Making Enterprise Risk Management Pay Off”, fei Research Foundation, 2002
Case Studies and Customer Interviews II 1 Excerpt from Barton et al, “Making Enterprise Risk Management Pay Off”, fei Research Foundation, 2002
Case Studies and Customer Interviews III 2 Excerpt from Paul et al, “Enterprise Risk Management: Pulling it all together”, The Institute of Auditors Research Foundation, 2002
Case Studies and Customer Interviews IV 2 Excerpt from Paul et al, “Enterprise Risk Management: Pulling it all together”, The Institute of Auditors Research Foundation, 2002
Southern Company3 3 Phone interview by Andreas in 2005/2006
Bombardier3 3 Phone interview by Andreas in 2005/2006
Hydro One3 3 Phone interview by Andreas in 2005/2006