190 likes | 566 Views
Overview - Managing Risk In Uncertain Times. . The Global Financial Crisis Reflecting on possible causes and impacts to date Implications for risk management?Global survey results:
E N D
2. Overview - Managing Risk In Uncertain Times
3. Global Financial Crisis – Reflecting on outcomes
4. Global Financial Crisis – Reflecting on outcomes (Australia)
5. The Global Financial Crisis - the causes?
6. The last few years have seen some things go horribly wrong ……
Poor “risk culture” has been blamed as one of the causes for the GFC
Risk Culture failed Platinum Branded Companies and Regulators
Due diligence of management decisions and actions
Complicit regulations
Complexity of communication
The last few years have seen some things go horribly wrong ……
Poor “risk culture” has been blamed as one of the causes for the GFC
Risk Culture failed Platinum Branded Companies and Regulators
Due diligence of management decisions and actions
Complicit regulations
Complexity of communication
7. Beyond box ticking: A new era for risk governance Intro
Shareholders are examining whether risk oversight has been sufficiently rigorous
Wide range of industries Asia/Aust, Nth America & West Europe
Respondents were C-level executives or Board level execs
Intro
Shareholders are examining whether risk oversight has been sufficiently rigorous
Wide range of industries Asia/Aust, Nth America & West Europe
Respondents were C-level executives or Board level execs
8. Key themes of the survey
9. 1. Building a risk culture – Key findings 1. “risk is not the responsibility of somebody in isolation. Its everybodys responsibility”.
2. “Boards tend to live in a partial assurance vacuum. Management knows risks but only tells board what they want. Managers rarely report candidly because disincentive of doing so”
Set tone at the top. 63% believe risk culture should come from executive management leadership
3. Only 32% believe their organisations effective instilling awareness of risk through organisation.
34% believe the least effective area is with lines of business , next on list was IT dept at 13%
4. CRO Marsh UK “ talk in terms people understand, everyday language not how risk function communicate amongst themselves”
Business “ownership”:
A key feature of the best organisations
Key front line business managers are responsible / accountable. They care
1. “risk is not the responsibility of somebody in isolation. Its everybodys responsibility”.
2. “Boards tend to live in a partial assurance vacuum. Management knows risks but only tells board what they want. Managers rarely report candidly because disincentive of doing so”
Set tone at the top. 63% believe risk culture should come from executive management leadership
3. Only 32% believe their organisations effective instilling awareness of risk through organisation.
34% believe the least effective area is with lines of business , next on list was IT dept at 13%
4. CRO Marsh UK “ talk in terms people understand, everyday language not how risk function communicate amongst themselves”
Business “ownership”:
A key feature of the best organisations
Key front line business managers are responsible / accountable. They care
10. 1. Building a risk cultureTen risk indicators of successful risk management from the current economic crisis Only four of the indicators relate to risk management techniques.
6 of the 10 indicators are cultural and point to the right culture being fundamental to the success of any risk management function.
Only four of the indicators relate to risk management techniques.
6 of the 10 indicators are cultural and point to the right culture being fundamental to the success of any risk management function.
11. 2. Gaps in corporate risk expertise and resourcing constraints – Key findings 1. Stats change based on size and location but generally believe
CEOs and CFOs understand risk.
Only 55% believe chairman effective
46% that audit committees effective.
2. Only 30% believe boards effective at having discussion on this topic.
3. Audit committee have taken on risk by default but do they have the skills. “ the risk reward ratio” is not right to get the right talent.
4. Less than half have / looking to recruit CRO an
1. Stats change based on size and location but generally believe
CEOs and CFOs understand risk.
Only 55% believe chairman effective
46% that audit committees effective.
2. Only 30% believe boards effective at having discussion on this topic.
3. Audit committee have taken on risk by default but do they have the skills. “ the risk reward ratio” is not right to get the right talent.
4. Less than half have / looking to recruit CRO an
12. 2. Gaps in corporate risk expertise and resourcing constraints Companies recognise the need to strengthen risk management but a lack of financial resources is impeding investment
But - when companies are making investments, it is on process rather than expertise, technology or data
A focus on process improvement alone is unlikely to address underlying risk deficiencies Past 12 Months
43% say biggest barrier in past has been “poor data quality and availability”.
Going forward
they say “lack of financial resource” & “shortage of available expertise” is ranked second for past and future.
30% say Focus on processes - will not meet expectations of risk function.
Some major changes Lloyds TSB created 70 more roles in risk function despite their thousands of job cuts.
But
Many businesses still remain in survival mode and investing in process is relatively easy and less costly as opposed to cajoling, educating exec management.
Past 12 Months
43% say biggest barrier in past has been “poor data quality and availability”.
Going forward
they say “lack of financial resource” & “shortage of available expertise” is ranked second for past and future.
30% say Focus on processes - will not meet expectations of risk function.
Some major changes Lloyds TSB created 70 more roles in risk function despite their thousands of job cuts.
But
Many businesses still remain in survival mode and investing in process is relatively easy and less costly as opposed to cajoling, educating exec management.
13. 3. The importance of communication – Key findings The survey findings suggested that more needs to be done about the timeliness of risk information (just over 36% thought that risk info was timely and up to date)
Risk professionals have a key role in education and communication within the business – to help people see risk management as a performance driver. Reports need to be relevant and have purpose – not too much detail
Respondents indicated limited confidence in the effectiveness of risk reporting – is it tailored to the audience? Does it enable an aggregate view of risk?
Must not neglect judgement – management know the business – don’t rely overly on sophiticated systems and overly long reports
The survey findings suggested that more needs to be done about the timeliness of risk information (just over 36% thought that risk info was timely and up to date)
Risk professionals have a key role in education and communication within the business – to help people see risk management as a performance driver. Reports need to be relevant and have purpose – not too much detail
Respondents indicated limited confidence in the effectiveness of risk reporting – is it tailored to the audience? Does it enable an aggregate view of risk?
Must not neglect judgement – management know the business – don’t rely overly on sophiticated systems and overly long reports
14. 4. More than just compliance – Key findings 1. 75% of risk managements time spent on controls and monitoring and compliance.
2. If you turn risk management into a tick the box approach, then you will miss the inter relationships between the various types of risk.
Less than half of respondents believe the risk function in their company effectively supports the improvement of shareholder value.1. 75% of risk managements time spent on controls and monitoring and compliance.
2. If you turn risk management into a tick the box approach, then you will miss the inter relationships between the various types of risk.
Less than half of respondents believe the risk function in their company effectively supports the improvement of shareholder value.
15. Beyond Box-ticking: Take away observations What are the key messages from the survey responses?
Businesses now know that risk management and risk governance is not about box – ticking
Risk Governance is perceived to have direct impact on bottom line BUT
Few believe they can afford to overhaul current risk practices
The answer may be that Finance departments need to re-allocate budgets to enable a change
16. KPMG’s enterprise risk management framework has five elements which enable discrete assessment of maturity for each element What have we observed? KPMG ERM framework This model is consistent with the concepts in the COSO ERM model and AS/N2Si4360 and outlines 5 key areas.
1. RISK GOVERNANCE
Considers the organisations approach and attitude to risk management.
Need to consider:
The Environment you operate.
Risk Strategy – extent of alignment with business strategy.
Policy & communication – is there a “common language” to communicate risk within the business.
Building a structure – what are the processes and tools used to support RM – centralised or decentralised.
Enabling people – how the people engaged and mobilised.
2. RISK ASSESSMENT
Setting Context – extent of alignment with business strategy?
Process – How are risks identified, assessed and treated?
Sustainability – Extent of embedding risk man activities
3. QUANTIFICATION & AGGREGATION
Processes that support the measurement criteria – if its not measured its not done
How risks are analysed and quantified within the business.
4. MONITORING & REPORTING
Monitoring – processes to monitor risks in light of tolerance levels.
Reporting – escalation and reporting processes – risk information going to the right people/forums at the right time and in the most appropriate form?
5. Control Optimisation
Risk management activity – risk treatment – how is the organisation responding to the risk? How controllable is the risk? Proactive response/monitor? What does this do to the risk profile?
Business Performance – how does risk information enhance business strategy – is it used as a feeder to business planning/strategy?
This model is consistent with the concepts in the COSO ERM model and AS/N2Si4360 and outlines 5 key areas.
1. RISK GOVERNANCE
Considers the organisations approach and attitude to risk management.
Need to consider:
The Environment you operate.
Risk Strategy – extent of alignment with business strategy.
Policy & communication – is there a “common language” to communicate risk within the business.
Building a structure – what are the processes and tools used to support RM – centralised or decentralised.
Enabling people – how the people engaged and mobilised.
2. RISK ASSESSMENT
Setting Context – extent of alignment with business strategy?
Process – How are risks identified, assessed and treated?
Sustainability – Extent of embedding risk man activities
3. QUANTIFICATION & AGGREGATION
Processes that support the measurement criteria – if its not measured its not done
How risks are analysed and quantified within the business.
4. MONITORING & REPORTING
Monitoring – processes to monitor risks in light of tolerance levels.
Reporting – escalation and reporting processes – risk information going to the right people/forums at the right time and in the most appropriate form?
5. Control Optimisation
Risk management activity – risk treatment – how is the organisation responding to the risk? How controllable is the risk? Proactive response/monitor? What does this do to the risk profile?
Business Performance – how does risk information enhance business strategy – is it used as a feeder to business planning/strategy?
17. What have we observed - Nationally ERM framework industry benchmarking data Some industries are more advanced than others - Banks have embraced RM concepts and have been embedding risk man. Into day to day practices.
used quantifying and measurement techniques e.g. Value at risk
assisted by regulatory bodies
Also those businesses with a focus on risk / reward investment planning and prioritising safety conscious behaviour (eg mining).
Many industries are in their infancy eg retail & media.
still use risk management as a bolt on rather than as a means to optimise business outcomes & returns
prepare risk registers and report but are yet to move beyond this reactive approach
these have tended to be industries with a strong cost and margin culture largely depending on consumer confidence or day to day sustainability
Business are starting to get risk management into the business planning processes.
Will a more mature ERM framework secure a competitive advantage.Some industries are more advanced than others - Banks have embraced RM concepts and have been embedding risk man. Into day to day practices.
used quantifying and measurement techniques e.g. Value at risk
assisted by regulatory bodies
Also those businesses with a focus on risk / reward investment planning and prioritising safety conscious behaviour (eg mining).
Many industries are in their infancy eg retail & media.
still use risk management as a bolt on rather than as a means to optimise business outcomes & returns
prepare risk registers and report but are yet to move beyond this reactive approach
these have tended to be industries with a strong cost and margin culture largely depending on consumer confidence or day to day sustainability
Business are starting to get risk management into the business planning processes.
Will a more mature ERM framework secure a competitive advantage.
18. What have we observed - Locally Generally there is no quick fix … risk management is a journey
No one size fits all … each organisation should determine the desired level of maturity
Requires senior management commitment (Culture)
Challenges of bringing changes to existing practices and cultures should not be under estimated (Change management & culture)
Risks should be considered from multiple perspectives
Board focus ? gross risk
Management focus ? net risk
Risk controllability
To remain effective tool for top level governance
Don’t identify too many risks
Leverage risk information…inputs for:
Strategic business planning, resource allocation, financing, assurance activities
19. Relevant recent KPMG Risk Management Publications Beyond box-ticking – A new era for risk governance
The business case for a risk executive – Leading efforts to avoid surprises, manoeuvre through challenges and add value
Placing value of Enterprise Risk Management
The convergence challenge – Global survey into the integration of governance, risk & compliance
(Publications available via email on request)
20. Presenter’s contact detailsName: Alastair McDougallPosition: DirectorPhone: 03 6230 4000Email: amcdougall@kpmg.com.au