1 / 35

Enterprise Risk Management Tools & Techniques January 12, 2011

Enterprise Risk Management Tools & Techniques January 12, 2011. Cathy Taylor, ADP Emerissa Babin, OPG Michelle Reid, TSSA. Today’s Objectives. Share Enable. Agenda. Establish context Risk identification Risk analysis and evaluation Risk treatment Monitoring and review

moral
Download Presentation

Enterprise Risk Management Tools & Techniques January 12, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enterprise Risk ManagementTools & TechniquesJanuary 12, 2011 Cathy Taylor, ADP Emerissa Babin, OPG Michelle Reid, TSSA

  2. Today’s Objectives • Share • Enable

  3. Agenda • Establish context • Risk identification • Risk analysis and evaluation • Risk treatment • Monitoring and review • Communication and reporting

  4. Establish Context • Define environment within which risk will be managed • Ensures risk management approach is appropriate • Considerations include: • Public or private • Publicly traded or nonprofit • Organizational structure • Tone at the top • Organizational culture • How are decisions made?

  5. Establish Context President & CEO Corporate Risk Management (CRM) Organization • Oversight of Strategic, Financial, Operational & Transactional Risks • Risk Reports to Board Committees • Risks to Business Plan Objectives (BURSA) • MD&A Risk Management , AIF Risk Factors

  6. BOARD / EXECUTIVE Set Policy Support & Set the Tone RISK MANAGEMENT TEAM Set Risk Appetite ALL DEPARTMENTS Risk Ownership (identification, assessment, treatment, monitoring & reporting) Build RM Capability, Process & Tools Monitor & report program Monitor Risk Reporting Set Assurance Agenda Framework Advice, Coaching & Support Performance Management Assure Stakeholders Define ERM & Governance Expectations Establish Context

  7. Establish Context

  8. Risk Identification • Gather and document risks that could impact achievement of objectives • Common techniques include: • Surveys • Workshops • Management interviews • Environment scans • SWOT analysis • Results of audits

  9. Risk Identification

  10. Risk Identification

  11. Significant RISKS & OPPORTUNITIES impacting achievement of initiatives Corporate Objectives/ Priorities Risk Mitigation & Opportunity Optimization Activities Key Initiatives to Achieve Objectives Targets KPI’s KRI’s + inform Assess & Report Performance Against Targets Significant RISKS & OPPORTUNITIES impacting achievement of objectives shape Risk Identification

  12. Risk Identification

  13. Risk Analysis and Evaluation • Understand the risk, its causes, the likelihood of occurrence, potential impact, and the organization’s appetite and/or tolerance for the risk • Common tools include: • Root cause analysis • Risk assessment criteria • Risk appetite matrix • Risk tolerance

  14. Risk Analysis and Evaluation Risk Statements: • Important to express a risk in such a way that it can be effectively understood and addressed • Components • Event, Cause & Effect • Example: • Financial loss due to default by Clients in funding of processed payroll. • Inability to obtain adequate (quality/quantity) expat labour supply due to negative perceptions about project location results in increased construction costs • Bad Risk Statements: • Budget cuts • Company delays all IT investments • Fires

  15. Risk Analysis and Evaluation Quantitative assessment • Probability • Improbable (<10%) • Unlikely (10% - 30%) • Possible (30% - 70%) • Likely (70% - 90%) • Probable (>90%) • Financial Impact • Minimal (<$5M) • Minor ($5M - $50M) • Notable ($50M - $200M) • Substantial ($200M - $500M) • Major (>$500M)

  16. Risk Analysis and Evaluation Qualitative Assessment • Manageability • The degree to which the outcome of a risk is controllable through the risk treatment/mitigation actions. • Stakeholder Sensitivity • The extent of the reaction of external stakeholders (public, shareholder, regulator, etc.) to the risk or how tolerant the stakeholders are of the risk; and • What their expectations are for managing the risk. • Urgency • The promptness needed to implement mitigation for a risk in order for it to be effective. This criterion refers to how pressing the need is for mitigation as opposed to the imminence of the risk itself.

  17. Risk Analysis and Evaluation

  18. Risk Analysis and Evaluation

  19. Risk Analysis and Evaluation

  20. Risk Analysis and Evaluation

  21. Break Please be back in 10 minutes

  22. Risk Treatment • Select and implement options to modify risk • Typical risk treatment concepts include: • Avoid risk (cancel product line, sell business unit) • Transfer risk (out-source function or enter contract to transfer risk) • Control risk (change process, training, etc) • Fund risk (insurance)

  23. Risk Treatment

  24. TOO MUCH CONTROL so: A - removing procedure B - reduce insurance costs/increase insurance deductible RISK MATRIX E L M H H H Risk 1 (Inherent) D L M M H H B C L L M H H X A LIKELIHOOD RATING B L L M M H Risk 1 (Residual) A L L M M H 1 2 3 4 5 SEVERITY RATING Risk Treatment

  25. Risk Treatment

  26. Risk Treatment

  27. Monitor and Review • Periodic monitoring of risk treatment plans and influence on risks • Ensure treatment plans exist • Ensure they are effective • Obtain additional info for further assessment • Identify emerging risks • Most common tool or technique is audit

  28. Monitor and Review

  29. RISK MATRIX E L M H H H D L M M H H C L L M H H B L L M M H A L L M M H 1 2 3 4 5 SEVERITY RATING Monitor and Review Risk based Audit program – which risk to audit? Risk 2 (Inherent) Risk 1 (Inherent) Risk 1 (Residual) LIKELIHOOD RATING Risk 2 (Residual)

  30. Communication and Reporting • Create awareness, facilitate understanding, foster adoption / engagement • Governance or legislative requirements

  31. Communication and Reporting

  32. Communication and Reporting

  33. Questions?

  34. Announcements • CE Certificates • RIMS ERM Centre of Excellence • New RIMS logo • Curling bonspeil – February 8, 2011 • One-day Conference – March 9, 2011 • Volunteer

  35. Thank you!

More Related