370 likes | 539 Views
IMPLEMENTING RISK INTELLIGENCE GOVERNANCE STRATEGIES. Caribbean Association of Audit Committee Members Conference 2011. What is risk?. Def: “The chance that there is some danger or threat; an uncertainty”
E N D
IMPLEMENTING RISK INTELLIGENCE GOVERNANCE STRATEGIES Caribbean Association of Audit Committee Members Conference 2011 Robertine A Chaderton 2011
What is risk? • Def: “The chance that there is some danger or threat; an uncertainty” • The risks that can affect organisations are liquidity, environmental, reputational, strategic among others • Risk taking can be considered as a means of value creation , candid communication and collaboration between the board and management Robertine A Chaderton 2011
Risk • Risk like fear can be a good thing; it should keep things in perspective; no fear and you are a danger to yourself; too much fear and you can become paralysed • Too much risk is irresponsible; being too risk averse nothing is done • You are encouraged to change risk management from being an exercise in risk avoidance to be something to be considered when every decision, action and activity are undertaken Robertine A Chaderton 2011
What is RISK INTELLIGENCE? • RISK GOVERNANCE – strategic decision making and risk oversight led by the Board of Directors • RISK INFRASTRUCTURE & MANAGEMENT – designing, implementing and maintaining an effective management program carried out by executive management • RISK OWNERSHIP – identifying, measuring, monitoring and reporting on specific risks done at the level of business units Robertine A Chaderton 2011
GOVERNANCE • Directors are often so far away from the front line that they cannot foresee the practical issues that give rise to crises • Good governance hinges on sound decision making • “Directors should ensure good management , but they should not provide it” Robertine A Chaderton 2011
The Caribbean today • Recovering from the financial crisis of 2008 • To implement risk intelligence governance strategies, we must be prepared to learn lessons from the conventional way of doing business • We need to create the framework for thinking the unthinkable Robertine A Chaderton 2011
PRACTICAL GUIDE TO RISK INTELLIGENT GOVERNANCE A. Define the Board’s oversight role B. Foster a Risk intelligent culture C. Help management incorporate risk intelligence into strategy D. Help define the risk appetite E. Execute the Risk intelligent governance process F. Benchmark and evaluate the governance process Robertine A Chaderton 2011
A: Questions to ask about risk oversight • How is risk overseen by our various board committees? • Is there appropriate coordination & communication? Are we getting the information we need for key decisions? • What mechanisms does management use to monitor emerging risks? What early warning mechanisms exist? How and how often are they reviewed? • What is the role of technology in the risk management program? Robertine A Chaderton 2011
STEPS USED TO IMPROVE RISK GOVERNANCE • Revised committee charters to include risk related concerns • Benchmarked their practices against peer companies • Obtained guidance from association of directors • Focused more attention on risk management and its value • Revised ethical guidelines and codes of conduct Robertine A Chaderton 2011
B: Questions on organisation culture • How are we communicating our Risk Intelligence messages? • Are people comfortable in discussing risk or are they afraid to raise difficult issues? • How is the compensation package encouraging in appropriate short term risk taking? • Has the organisation developed a common language around risk that measures and promotes risk awareness in all activities at all levels? Robertine A Chaderton 2011
C: Questions on incorporating RiskIntelligence into strategy • How can we include Risk Intelligence into decisions about capital acquisition, allocation & succession planning? • How should risk-return trade off be weighed in strategic planning & review sessions? • What is the process for identifying & evaluating changes in the external environment? How are these findings take into consideration in that strategic planning sessions? Robertine A Chaderton 2011
WAYS TO ENCOURAGE THE RISK INTELLIGENCE APPROACH INTO STATEGIC PLANNING • Increase the frequency of discussions of risk with management • Evaluate the risk appetite and tolerances with management • Identify activities, decisions & transactions (typically by size) that must be brought to the board’s attention Robertine A Chaderton 2011
D: Questions on risk appetite • What size risks or opportunities do we expect management to bring to our attention? • How does management determine the organisation’s risk appetite? Which risk categories are considered and how do they relate to management’s performance goals and compensation? Robertine A Chaderton 2011
E: Questions on Risk Intelligence process • Are people at all levels actively engaged in risk management? If so, how? If not, why not? • What criteria does management use to prioritise enterprise risks? • How is management addressing the major opportunities & risks facing the organisation? • How often do we discuss risk with management? What issues have been brought to our attention in the past 6-12 months? Robertine A Chaderton 2011
F: Questions on benchmarking & evaluating governance process • How have we gone about assessing our risk governance and management programs? • To what extent are our compliance, internal audit and risk management teams using Risk Intelligence approaches? • What value might be derived from bringing an outside entity to assess our organisation against industry standards? Robertine A Chaderton 2011
ACTIONS TO CONSIDER IN BENCHMARKING & EVALUATION OF GOVERNANCE PROCESSES • Use internal monitoring & feedback • Participate in continuing education and updates • Solicit independent viewpoints • Include risk as a topic in the annual board’s self assessment Robertine A Chaderton 2011
10 Essential Risk Intelligence lessons to be learnt (1) 1. Counting on false assumptions – Directors have believed that the assumptions they made are true • Are directors willing to question their assumptions or for that matter the assumptions of others? Chances are that they are not…..directors think they know what they know ….but life is filled with uncertainties. Factors affecting events will change and the events are not mildly random, instead they are wildly random. 2. Failing to exercise vigilance – Directors were not keeping their eyes open to what was happening around them in their organisations Robertine A Chaderton 2011
10 Essential Risk Intelligencelessons to be learnt (2) 3. Ignoring velocity and momentum – Directors are not noticing how quickly situations and events are changing. 4. Failingto make key connections and manage complexity- Directors do not realize how interconnected we are and that this inter connection causes decision making to be complex. Robertine A Chaderton 2011
10 Essential Risk Intelligence lessons to be learnt (3) 5. Failing to imagine failure - if we can imagine what it is like to fail or the worst thing that can happen, then we can take the necessary steps to prevent it or at least have a back up plan. 6. Relying on unverified sources of information- it is so very important to double check the source of the information which you intend to use for decision making; we cannot always rely on the media; try to verify from another unrelated source. Robertine A Chaderton 2011
Questions to ask about anticipating causes of failure HANDOUT 1 Robertine A Chaderton 2011
10 Essential Risk Intelligence lessons to be learnt (4) • Maintaining inadequate margins of safety - This can be corrected by having a fall back position – a buffer level of resources and assets; it is generally best in turbulent times not to be running flat out. TURBULENT TIMES COME WITHOUT WARNING 8. Focusing exclusively on the short term – while short termism is attractive, in that you are motivated to complete certain projects or achieve certain targets, it can have the negative impact of excessive risk for short term paybacks; board members need to place emphasis on tactics rather than on strategy and can lose continuity in leadership. Robertine A Chaderton 2011
10 Essential Risk Intelligence lessons to be learnt (5) 9. Taking the wrong rather than the ‘right’ risks - one of the biggest risks that businesses face is the failure to innovate. Every time someone comes up with a new idea, the persons who are risk averse, kill it. It is not suggested that there be the taking of reckless risks, but there has to be a balance. Robertine A Chaderton 2011
10 Essential Risk Intelligence lessons to be learnt (6) 10. Abandoning operational discipline -To instill operational discipline and accountability, the Romans insisted that engineers stand under the arches they had designed when the supporting wooden tussles were taken away. That may explain why the bridges they built have lasted over 2000 years. Robertine A Chaderton 2011
Root causes of a lack of operational discipline (1) • Lack of ‘felt” leadership and leaders who do not WALK THE WALK • Insufficient resources to support operation • Employees not engaged in improving the business • Ineffective lines of communication • Lack of strong teamwork • Lack of shared values Robertine A Chaderton 2011
Root causes of a lack of operational discipline (2) • Outdated documentation • Failure to practice what you preach • A proliferation of short cuts • Poor housekeeping • Lack of pride in the organisation HOW TO CORRECT THESE ROOT CAUSES 1. Question every rule 2. Build trust through responsibility 3.Thank the messenger 4. Promote risk takers Robertine A Chaderton 2011
The Voice of Experience “People don’t see the need for prevention until it’s too late. Obviously when a crisis occurs, everyone recognises the need…….…It ought to obvious that prevention is less expensive and more effective than response and recovery……… Let us make sure we understand the risks that we have in the organisation and the need to take some actions to mitigate the risk,….. understand it……..be more involved “ (A director) Robertine A Chaderton 2011
“ The less prudence with which others conduct their affairs, the greater prudence with which we must conduct our own affairs” Warren Buffet Robertine A Chaderton 2011
Transformation Success Factors (1) • Create the right tone at the top • Assign Executive ownership • Leverage the best of the existing organisational culture • Build Risk Intelligence into core business processes • Adopt a disciplined change management process Robertine A Chaderton 2011
Transformation Success Factors (2) • Link Metrics to Compensation and performance management • Focus on the “VITAL FEW”, not on the “TRIVIAL MANY” • Improve cross-functional preparedness and co-ordination • Demand discipline and accountability in execution Robertine A Chaderton 2011
Transformation Success Factors (3) • Insist on reasonable assurance and independent reassurance for the most relevant and highest impact risks • ACT ON YOUR KNOWLEDGE AND ADAPT • COMPLETE THE QUESTIONNAIRE TO ASSESS YOUR ENTERPRISE RISK IQ (Handout 2) Robertine A Chaderton 2011
References • “Risk intelligent governance – A practical guide for boards” DELOITTE Risk Intelligence Series Issue No 16 • “Risk Intelligent enterprise management – Running the Risk Intelligent Enterprise ” DELOITTE Risk Intelligence Series Issue No 16 cont’d • Funston, Frederick and Stephen Wagner (2010) “Surviving and Thriving in Uncertainty: Creating The Risk Intelligent Enterprise” Wiley& Sons Robertine A Chaderton 2011