360 likes | 615 Views
Enterprise Risk Management Tools & Techniques January 12, 2011. Cathy Taylor, ADP Emerissa Babin, OPG Michelle Reid, TSSA. Today’s Objectives. Share Enable. Agenda. Establish context Risk identification Risk analysis and evaluation Risk treatment Monitoring and review
E N D
Enterprise Risk ManagementTools & TechniquesJanuary 12, 2011 Cathy Taylor, ADP Emerissa Babin, OPG Michelle Reid, TSSA
Today’s Objectives • Share • Enable
Agenda • Establish context • Risk identification • Risk analysis and evaluation • Risk treatment • Monitoring and review • Communication and reporting
Establish Context • Define environment within which risk will be managed • Ensures risk management approach is appropriate • Considerations include: • Public or private • Publicly traded or nonprofit • Organizational structure • Tone at the top • Organizational culture • How are decisions made?
Establish Context President & CEO Corporate Risk Management (CRM) Organization • Oversight of Strategic, Financial, Operational & Transactional Risks • Risk Reports to Board Committees • Risks to Business Plan Objectives (BURSA) • MD&A Risk Management , AIF Risk Factors
BOARD / EXECUTIVE Set Policy Support & Set the Tone RISK MANAGEMENT TEAM Set Risk Appetite ALL DEPARTMENTS Risk Ownership (identification, assessment, treatment, monitoring & reporting) Build RM Capability, Process & Tools Monitor & report program Monitor Risk Reporting Set Assurance Agenda Framework Advice, Coaching & Support Performance Management Assure Stakeholders Define ERM & Governance Expectations Establish Context
Risk Identification • Gather and document risks that could impact achievement of objectives • Common techniques include: • Surveys • Workshops • Management interviews • Environment scans • SWOT analysis • Results of audits
Significant RISKS & OPPORTUNITIES impacting achievement of initiatives Corporate Objectives/ Priorities Risk Mitigation & Opportunity Optimization Activities Key Initiatives to Achieve Objectives Targets KPI’s KRI’s + inform Assess & Report Performance Against Targets Significant RISKS & OPPORTUNITIES impacting achievement of objectives shape Risk Identification
Risk Analysis and Evaluation • Understand the risk, its causes, the likelihood of occurrence, potential impact, and the organization’s appetite and/or tolerance for the risk • Common tools include: • Root cause analysis • Risk assessment criteria • Risk appetite matrix • Risk tolerance
Risk Analysis and Evaluation Risk Statements: • Important to express a risk in such a way that it can be effectively understood and addressed • Components • Event, Cause & Effect • Example: • Financial loss due to default by Clients in funding of processed payroll. • Inability to obtain adequate (quality/quantity) expat labour supply due to negative perceptions about project location results in increased construction costs • Bad Risk Statements: • Budget cuts • Company delays all IT investments • Fires
Risk Analysis and Evaluation Quantitative assessment • Probability • Improbable (<10%) • Unlikely (10% - 30%) • Possible (30% - 70%) • Likely (70% - 90%) • Probable (>90%) • Financial Impact • Minimal (<$5M) • Minor ($5M - $50M) • Notable ($50M - $200M) • Substantial ($200M - $500M) • Major (>$500M)
Risk Analysis and Evaluation Qualitative Assessment • Manageability • The degree to which the outcome of a risk is controllable through the risk treatment/mitigation actions. • Stakeholder Sensitivity • The extent of the reaction of external stakeholders (public, shareholder, regulator, etc.) to the risk or how tolerant the stakeholders are of the risk; and • What their expectations are for managing the risk. • Urgency • The promptness needed to implement mitigation for a risk in order for it to be effective. This criterion refers to how pressing the need is for mitigation as opposed to the imminence of the risk itself.
Break Please be back in 10 minutes
Risk Treatment • Select and implement options to modify risk • Typical risk treatment concepts include: • Avoid risk (cancel product line, sell business unit) • Transfer risk (out-source function or enter contract to transfer risk) • Control risk (change process, training, etc) • Fund risk (insurance)
TOO MUCH CONTROL so: A - removing procedure B - reduce insurance costs/increase insurance deductible RISK MATRIX E L M H H H Risk 1 (Inherent) D L M M H H B C L L M H H X A LIKELIHOOD RATING B L L M M H Risk 1 (Residual) A L L M M H 1 2 3 4 5 SEVERITY RATING Risk Treatment
Monitor and Review • Periodic monitoring of risk treatment plans and influence on risks • Ensure treatment plans exist • Ensure they are effective • Obtain additional info for further assessment • Identify emerging risks • Most common tool or technique is audit
RISK MATRIX E L M H H H D L M M H H C L L M H H B L L M M H A L L M M H 1 2 3 4 5 SEVERITY RATING Monitor and Review Risk based Audit program – which risk to audit? Risk 2 (Inherent) Risk 1 (Inherent) Risk 1 (Residual) LIKELIHOOD RATING Risk 2 (Residual)
Communication and Reporting • Create awareness, facilitate understanding, foster adoption / engagement • Governance or legislative requirements
Announcements • CE Certificates • RIMS ERM Centre of Excellence • New RIMS logo • Curling bonspeil – February 8, 2011 • One-day Conference – March 9, 2011 • Volunteer