Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
© Building Risk Management Capabilities, Monica Merrifield, 2019
Managing Uncertainty for Greater Impact
Charity Village Webinar - March 21, 2019
Monica Merrifield,
Strategic Risk & Agility Leader
© Building Risk Management Capabilities, Monica Merrifield, 2019
Monica Merrifield is a strategic risk and innovation leader dedicated tobuilding capacity and enabling strategy for stronger, more resilientorganizations to achieve positive change desired. Monica’s current andprior roles include senior advisor on strategic risk and ERM, agility andinnovation for nonprofit and public sector organizations, and includes herrole as Vice President of Risk Intelligence for YMCA of Greater Torontoresponsible for strategic risk management and innovation for one ofCanada’s largest and most diverse charities. Monica also co-founded andco-designed two national risk management and insurance programs forlarge and mid-size YMCAs across Canada. Monica is the Chair of a globalRIMS Strategic & Enterprise Risk Management Council, and a DeloitteERM Roundtable Member, and RIMS Board Diversity Task Force Member.A published author and frequent speaker at international conferencesand university lecturer on strategic risk, innovation and strategy, Monicaalso facilitates workshops for leadership teams and boards and hasworked on assignments in Italy, Mexico, Colombia, and U.S.A. Monica isthe recipient of the RIMS Global ERM Award of Distinction, and she alsoreceived the Risk Innovator Award from Risk & Insurance Magazine.
Monica Merrifield, Strategic Risk & Agility and Innovation Leader
Twitter | LinkedIn
© Building Risk Management Capabilities, Monica Merrifield, 2019
Our Time Together
• Why engage in risk conversations
- Definitions, current state of ERM
• Deepen our risk understanding
- assessing risks & opportunities
- surface priorities, risk reporting
• Approaches for managing uncertainty, strategies for success
© Building Risk Management Capabilities, Monica Merrifield, 2019
Why engage in risk conversations?
• Protect people, image, buildings, finances
• Achieve outcomes we desire
• Build on unique assets, and capabilities
• Maintain public trustImage courtesy of YMCA of Greater Toronto
© Building Risk Management Capabilities, Monica Merrifield, 2019
© Building Risk Management Capabilities, Monica Merrifield, 2019
Definitions
Risk is the effect (positive or negative) of uncertainty on an organization’s objectives and strategy
Risk management is a continuous process for understanding and actively managing uncertainty
Enterprise risk management is a strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact as an interrelated risk portfolio
© Building Risk Management Capabilities, Monica Merrifield, 2019
Current State of ERM
Source: CGMA Report - Global State of Enterprise Risk Oversight, 2015
35% or fewer organizations
have formal ERM in place
Less than 30% view their risk
management process as providing
meaningful benefits
Only 40% or fewer organizations/leadership teams
are satisfied with risk information
or reporting they get on top risks
Less than half (42%) link risk / opportunity thinking
when discussing strategy
80% organizations indicate increasing, more complex risk issues, yet …
© Building Risk Management Capabilities, Monica Merrifield, 2019
Strategic Risks Really Matter
Strategic Risks
Operational Risks
Legal and Compliance Risks
Financial Reporting Risks
LikelihoodofOccurrencePercentageofRiskFailureLeadingtoSignificantMarketDecline
Source:CEB2014ShareShocksAnalysisfromCEBExecu veGuidance,ReducingRiskManagement’sOrganiza onalDrag,2014
Execu veTimeSpentPercentageofTimeSpentbyAuditonRiskTypes
© Building Risk Management Capabilities, Monica Merrifield, 2019
Engaging in Risk Discussions
• What can get in the way of achieving what we desire?
• How bad or good can it get?
• What do we agree to do about it?
• How do we know that what we’re doing is working?
© Building Risk Management Capabilities, Monica Merrifield, 2019
Understanding what matters most
Understanding which events pose greatest opportunity and risk enables leaders to focus resources on what matters most . . .
© Building Risk Management Capabilities, Monica Merrifield, 2019
Why it’s worth it . . .
Organizations exhibiting mature risk management capabilities
realize a valuation premium of 25% …
Source: RIMS Executive Risk Report: Why a Mature ERM Effort is Worth the Investment, RIMS 2015
© Building Risk Management Capabilities, Monica Merrifield, 2019
Questions Directors Ask
About Risk…
• Are the major risks/opportunities known?
• Are processes in place to actively manage risks?
• Are there emerging risks that can impact us,
and are we prepared?
• Is there contingency planning in the event of crisis?
GMs Employment & Community,
Provincial/National
SVP Employment & Community
Chief Financial Officer is BCP Crisis Commander
CEO
GMs Health & Fitness
GMs Child & Family Dev’t
SVP Health, Fitness &
Recreation
SVP Child & Family
Development
BOARD
Employees, Volunteers, Local Authorities (CAS, police, fire, public health, Ministry, etc…)*
IT Disaster Recovery Team
Crisis Management Team of Subject Matter Experts (SMEs) includes:
• Risk Intelligence (BCP process expert) • Core program experts (SVPs, VPs, COO)• Crisis Communications • Other areas as applicable
(e.g. HR, Property/Facility, IT, etc.)
GMs liaise withemergencyauthorities,
notify Funderif applicable
*Communications, Decisions
On-going with local authorities
On Site Manager
SVP/VPs notify and
consultwith COO
GMs Camping & Education /
Head of School
VP Camping & Outdoor Ed
GMs Program & Strategy
Support notify their VP or SVP
YMCA Crisis Escalation Model
© Building Risk Management Capabilities, Monica Merrifield, 2019
Steps in Risk Management Process
Source: ISO 31000
© Building Risk Management Capabilities, Monica Merrifield, 2019
M. Merrifield, YMCA of Greater Toronto, 2012
Risk Intelligence Framework
© Building Risk Management Capabilities, Monica Merrifield, 2019
Our Mission: The YMCA of Greater Toronto is a charity offering opportunities for personal growth, communityinvolvement and leadership.
Our Vision: Our communities will be home to the healthiest children, teens and young adults.Our Values: We are guided by values that inform the way we act and decisions we make:
Caring, Health, Honesty, Inclusiveness, Respect, Responsibility
© Building Risk Management Capabilities, Monica Merrifield, 2019
Actively managing uncertainty
Begins with a deeper understanding . . .
• Identify key uncertainties to achieving objectives
— Sources of value threats or creation/enhancers
• Review trends
— When we failed to realize value
— When we were most successful
• Consider any gaps, performance variances
© Building Risk Management Capabilities, Monica Merrifield, 2019
Our Risk Universe
Strategic Risks
Internal or external uncertainties, whether event or
trend driven, that impact an organization’s strategy
or implementation of strategy/strategic initiatives(e.g. brand/reputation, relevancy, strategic alliances, capacity)
Operational Risks
People, assets, processes including controls
established to achieve organizational targets, goals,
and continuity of offerings, etc.
© Building Risk Management Capabilities, Monica Merrifield, 2019
Risk Categories – cont’d
Financial Risks
Includes economic conditions, access to capital,
revenue generation, diversified funding sources,
debt, interest rate fluctuations, etc.
Compliance Risks
Includes legal, policy, external reporting
requirements, or ability to adapt to changing
regulatory landscape, transparency requirements
© Building Risk Management Capabilities, Monica Merrifield, 2019
Fiscal Performance
Innovation
InformationTechnology
Data Security/Privacy
ManagingComplexity
Resource Allocation/Capacity
Changing Laws
People /Talent
Brand /Reputation
Business Continuity/ Disaster Recovery
Strategic Risks
Financial Risks
Compliance Risks
Operational Risks
Higher impact / likelihood Higher perceived interconnection
Understanding Risk Interconnections
© Building Risk Management Capabilities, Monica Merrifield, 2019
Risk / Opportunity Landscape
© Building Risk Management Capabilities, Monica Merrifield, 2019
Exploring Emerging Risks
• What’s emerging / unfolding that could impact our business
or program model... how we operate in 2 or 3 years from now?
• What are we unprepared for, that makes us vulnerable?
- Vulnerability including speed of change and ability to
adapt quickly, or withstand an event (e.g. financial buffer)
- Resiliency is the capacity to anticipate and respond to
major events, trends, changing preferences … and ability
to evolve to address a rapidly changing landscape - Agility
© Building Risk Management Capabilities, Monica Merrifield, 2019
WEF Global Top Risks NCSU/Protiviti Top Risks
Extreme weather events Existing operations achieving performance
Climate-change mitigation/adaptation failure Succession, attracting/retaining talent
Major natural disasters Regulatory changes, scrutiny
Massive incident of data fraud/theft Cyber threats
Large-scale cyber attacks Resistance to change operations
Man-made environmental damage/disasters Rapid speed of disruptive innovations
Large-scale involuntary migration Information security/privacy
Major biodiversity loss, ecosystem collapse Inability to utilize analytics, big data
Water crises Organizational culture, timely escalation
Asset bubbles in a major economy Sustaining customer loyalty, retention
What can impact ability to achieve our Plan?External insights on risks ...
Source: NC State/Protiviti Executive Perspectives on Top Risks 2019
Source: World Economic Forum Global Risks Report 2019
Themes – environmental, resilience Themes – change, agility
© Building Risk Management Capabilities, Monica Merrifield, 2019
Assessing: 4 Quadrants of Risk
High Impact
Low Likelihood
BManage and monitor
e.g. contingency planning
High Impact
High Likelihood
AExtensive response,
control activity essential
Low Impact
Low Likelihood
DAccept but monitor
Low Impact
High Likelihood
CManagement effort
worthwhile
IMP
AC
T O
F R
ISK
LIKELIHOOD OF RISK OCCURRING
Source: M. Merrifield - 20 Questions NFP Directors Should Ask About Risk, CICA, 2009
© Building Risk Management Capabilities, Monica Merrifield, 2019
“Not everything that counts can be counted, and not everything that can be counted, counts …”
Albert Einstein
© Building Risk Management Capabilities, Monica Merrifield, 2019
Addressing Priority Risks
‘Menu’ of response options . . .
• Enhance value / program delivery chain, preparedness
• Invest in talent, training, clarify expectations - policies
• Invest in quality/process enhancements, efficiencies
• Monitor performance, trends, feedback mechanisms
• Conduct assessments, incorporate lessons learned
. . . Employ response strategies in combination
26
© Building Risk Management Capabilities, Monica Merrifield, 2019
Sample Risk Register
Major Risk Definition Ranking(Risk Level)
Response Strategies in Place Risk Owner
People / Talent
Risks and opportunities
related to attracting /
retaining qualified people
with ‘right fit’ to manage
key performance drivers,
engagement, leverage
talent, succession
planning, talent
shortages or
demographic shifts
R 5
HR policies, employment
practices, volunteer management
Compensation/benefits system
Performance management system
Orientation, training/refresh
Employee survey, hotline
VP HR
Resource Allocation / Capacity
Risk of taking on too
much or lacking resource
capacity or effective
channeling of resources
to support opportunities,
activities that balance
risk and reward while
achieving mission,
sustainability outcomes
R 3
Clearly articulated plans (annual
operating, strategic), alignment
Executive oversight provides
alignment, focus, monitoring
Integrated annual and multi-year
planning clarifies key initiatives
and resourcing priorities
Major threats/opportunities
assessed with action plans
CEO / ED
27
© Building Risk Management Capabilities, Monica Merrifield, 2019
Phased Approach for Building Capacity
Phase I Assess current state
Establish common language
Identify and prioritize risks
Phase II Develop strategies
Establish risk framework, roles
Develop response strategies & controls
Phase III Embed risk thinking
Integrate in other planning processes(e.g. budgeting, program development, capital projects, strategy development)
© Building Risk Management Capabilities, Monica Merrifield, 2019
Opportunities:1. [briefly describe…]
2. [briefly describe…]
3. [briefly describe…]
Response Strategies:- [insert…]- [insert…]
- [insert…]
Owner / Monitor:
Threats:1. [briefly describe…]
2. [briefly describe…]
3. [briefly describe…]
Response Strategies:- [insert…]- [insert...]
- [insert…]
Owner / Monitor:
Embedding Risk Thinking… Top risks that can have a positive/negative impact on achieving my budget
Embedding Risk Thinking… Top risks that can have a positive or negative impact on achieving my Budget
© Building Risk Management Capabilities, Monica Merrifield, 2019
Strategic risk management (SRM) ... a business discipline that drives deliberation
and action regarding uncertainties and untapped opportunities that affect an organization’s
strategy and strategic execution
RIMS Strategic Risk Management & Development Council, RIMS, 2011
Linking Strategy and Risk (SRM)
© Building Risk Management Capabilities, Monica Merrifield, 2019
Navigating uncertainty when
venturing into the unknown ...
“Employing frameworks, techniques and tools can provide a common language to help frame a problem,
uncover uncertainties and options that inevitably leads to a chosen response that a leadership team can all
agree on, which otherwise might not have been possible.”
Source: Monica Merrifield, Bridging Strategy and Implementation with SRM, RIMS 2016
© Building Risk Management Capabilities, Monica Merrifield, 2019
Success Screening Tool
© Building Risk Management Capabilities, Monica Merrifield, 2019
Getting Our Innovation Mix Right
Source: Monica Merrifield, Bridging Strategy and Implementation with Strategic Risk Management, RIMS 2016 (Adapted from Nagji and Tuff, Managing Your Innovation Portfolio, Harvard Business Review, May 2012)
%
%
Typical innovation
investments
Typical innovation
returns
TransformationalDeveloping breakthroughs,
new offerings for new markets
Adjacent / SustainingExtending existing offerings
into ‘new space’
Core / EfficiencyOptimizing existing
offerings forpeople served
70%
20%
10% 70%
20%
10%
Innovation Mix
for High Performing
Organizations today:
50 / 30 / 20
© Building Risk Management Capabilities, Monica Merrifield, 2019
Reverse Engineering
© Building Risk Management Capabilities, Monica Merrifield, 2019Source: Cognitive Bias - Risk Culture 2018, Raconteur
© Building Risk Management Capabilities, Monica Merrifield, 2019
Managing uncertainty in an age of rapid change
We are right to worry about the big events (natural disaster, coordinated cyber-attack), but often it’s the cascading impact of small failures that brings down systems
Two aspects make systems vulnerable to unexpected failures... complexity and tight coupling
(Charles Perrow, Sociologist)
While often we cannot simplify our systems ... the good news is we can change how we manage them
Starting with how we approach things, and knowing whento show up more with creative vs. reactive mind-sets
© Building Risk Management Capabilities, Monica Merrifield, 2019
How am I building agility ...? Small steps make a big difference
1. Leading with discovery 25% 50% 75% 100%
- I listen deeply, to find what I might be missing … an ask myself: “Is how I might be approaching this, contributing to the problem?”
- I create space to pause … I ask more Qs vs advocating my opinion
2. Leading with partnering 25% 50% 75% 100%
- I seek input from people who think differently from me … I look for perspectives, ideas that differ from my own
- When partnering I ask, “Who can I help, and who can help me?”
3. Leading with abundance 25% 50% 75% 100%
- I help identify new opportunities, unmet needs, potential available
- I seek win-win outcomes based on contribution and co-creation
© Building Risk Management Capabilities, Monica Merrifield, 2019
Exploring ERM Capabilities (Knowledge, People, Process)
© Building Risk Management Capabilities, Monica Merrifield, 2019
Lessons Learned at the Intersections
• Engage in risk conversations
• Embed risk & opportunity thinking
• Share lessons learned
Image courtesy of YMCA of Greater Toronto
© Building Risk Management Capabilities, Monica Merrifield, 2019
Imagining Possibilities
© Building Risk Management Capabilities, Monica Merrifield, 2019
Thank you!
For more information: [email protected]