1 / 18

Implementing Enterprise Risk Management

Implementing Enterprise Risk Management. A P ractical A pproach May 14 th 2014. Keith W. Old Managing Director Riskwide Consulting Services. Agenda. What is a risk? – What is ERM?.

apu
Download Presentation

Implementing Enterprise Risk Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implementing Enterprise Risk Management A Practical Approach May 14th 2014 Keith W. Old Managing Director Riskwide Consulting Services

  2. Agenda Riskwide Consulting Services, British Columbia, Canada

  3. What is a risk? – What is ERM? • According to ISO 31000, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected. • Enterprise Risk Management (ERM) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.

  4. Features of ERM • Formalized approach to risk applied throughout • Common language • Focused discussion forums • Reporting timely information to people in a format they require • Common measurement of risk (qualitative and quantitative) • It is about being proactive rather than reactive • The prime focus on improving controls (risk mitigation) over time • It is continuous rather than ad hoc • Not a one off or annual exercise only • It is broadly focused • Involves all areas • All risks are considered (not just financial risks) • Looks at inter-linkages between risks

  5. History • In Australia - Public Sector • In Canada - Corporate “The board of directors of every corporation should explicitly assume responsibility for the identification of the principal risks of the corporation’s business and ensuring the implementation of appropriate systems to manage these risks.” TSX Guidelines for Corporate Governance

  6. Case Studies City of Surrey Jeff Schaafsma Queen’s University Kim Murphy Seaspan ULC Chris Hext

  7. City of Surrey • One of the fastest growing cities in Canada and the fastest growing city in Metro Vancouver • Population of over 468,000 (2011 census) and adding approximately 800 new residents each month • Manage risks associated with providing services as diverse as fire services, library, RCMP, planning and development, parks and recreational, infrastructure • Manage all the risks that come from having 3400 employees

  8. City of Surrey - ERM Program • The Risk Manager and Internal Audit wanted a clearer and more holistic view of the risks facing the City • To accurately target risk mitigation activity and reduce the number and size of claims • Inform the annual internal audit plan • Bottom up approach • Municipalities don’t necessarily have to drive from top levels to establish ERM as a governance tool • Desire to embed the culture at the lower levels first • Challenges • Very diverse functions within the municipality - different understanding what risk management is within various groups • Time – getting in people’s calendars • Convincing people to participate • Reasonable amount of change happening

  9. City of Surrey - Lessons Learned • Double the timeline that you think you will need • Focus on quality rather than quantity • Get your framework right first • Sell value to participants – what’s in it for them? • Fit into existing schedules as much as possible • Make sure you cycle back to all participants • Look for opportunity to incorporate other risk management activity • E.g. climate adaptation

  10. Queen’s University • One of Canada’s oldest degree-granting institutions (1841) • A full-spectrum, research-intensive university • 24,582 students - 7,254 staff and faculty • Queen’s University has grown substantially since 2001-02 • Total enrolment has increased 32% and graduate enrolment 48% • Government grants and contracts have increased 26% • Unique characteristics of student cohort • 95% of the student population from outside Kingston • 85% of students living within a 15-minute walk to campus • 90% of first-year students live in residence • Queen’s is home to students from more than 120 different countries

  11. Queen’s University - ERM Program • Driven by directive from board level to implement ERM • Top down approach • Management decision to implement at senior levels first • Important to establish ownership at senior levels before attempting to drive downwards • Challenges • Very diverse functions within the university – a lot of ground to cover to get a holistic view of risk in a compact time frame • Academic view versus administration view • Reviving a previously stalled project • Limited resources to implement (1/2 person) • Fitting into an already complex governance structure

  12. Lessons Learned – Queen’s • Get the Committee structure right • Plan well in advance • Asked Committee what kind of reporting they wanted to see rather than telling them what reporting was available and asking for feedback • Show relevance • Promote discussion as much as possible • E.g. Ranking focus groups rather than online surveys

  13. Seaspan ULC • An association of Canadian companies primarily involved in coastal and deep sea transportation, bunkering, ship repair and shipbuilding services in Western North America • Some services offered directly through Seaspan – others provided via affiliate companies: Marine Petrobulk, Seaspan Ferries, Vancouver Drydock, Vancouver Shipyards and Victoria Shipyards • National Shipbuilding Procurement Strategy Secretariat announces Vancouver Shipyards to build the Joint Support Ships in 2016

  14. Seaspan ULC – ERM Program • Driven by Board’s desire to understand risks and the mitigation work that was being undertaken • Top down and across approach • Establishing a strategic risk register and then linking in operation risk management • Challenges • Many long established and very silo based risk management methods and attitudes • Change fatigue • Whole corporation was extremely busy

  15. Lessons Learned – Seaspan ULC • Process needs to be simple and streamlined • Establish good clear reporting • Robust system with good usability (if needed) • Focus heavily on risk education • Ensure people understand what a risk is and how to develop good mitigation plans • Make sure that the steering committee: • Is aware of their role • Is composed of the right people • Has time and enthusiasm • Link the strategic level (50,000 ft) to the operational mitigation work that is happening • Be patient

  16. Additional Suggestions (Riskwide) • Perform a risk assessment on your own ERM project • Seek advice from others • Similar projects within your organisation • Externals • Establish internal champions • Think about the right pace for your organization

  17. Contact Details Keith W. Old Managing Director Riskwide Consulting Services Inc. Office: (+1) 604 727 9757 Cell: (+1) 778 386 0756 Email: keithold@riskwide.com www.riskwide.com

  18. Wise words • The biggest risk is a missed opportunity • Exchanging ideas – the way to better risk management • There is no learning without risks • Things that don’t normally happen, happen all the time • Risk is an essential precursor for reward. It’s the natural context for any great endeavor, and nothing that matters was ever built without risk. • Your biggest risk is that you will underestimate your potential • Understanding risk allows you to make better decisions

More Related