Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Risk Management
Facilitation Skills for Risk ManagersImproving the risk identification process
Dr Rodney Irwin Ann Alder
Group Director Risk Management Director / Founder
& Internal Control RSVP Design Ltd
TNT NV
3
Best postal operator
in the world
Mail networks in eight
European countries
4.7 billion addressed
mail items in Holland
Largest in express
in Europe
40 aircraft
26,610 vehicles
230 million
consignments
World-class global leader in express and mail
151,000 employees
64 countries
Network covers 200 countries
4
Hoau
5
Speedage
6
Overview of ERM Process
Risk Management is a critical part of internal and external
governance systems within the group – legally required disclosure on
risk profile in Dutch corporate governance code and the Dutch
Financial Markets Supervision Act (EU Transparency Directive).
The current process has been in place for seven years and is one of
the more established formal governance mechanisms in the group
The process has Group ownership with localised participation and
has a dedicated sign off as part of the semi-annual LOR process
(Journey continues)
Linked to M&A, CAPEX and Budget setting processes
7
``
8
Journey or Destination.
ERM perceived as a compliance issue therefore not fully supported
by all management
ERM seen as additional work (we do risk management everyday –
why do we need a formalised process)
ERM is seen as too transparent for some!!!
What is risky to one is a opportunity to another so the definition of
risk is not universally understood
Then there is the problem of the risk management team …….
9
2. Risk Management at TNT - ERM Capability Maturity Model
Top Down
• Tone for managing the risks is set
by the Board but not embraced.;
• Enterprise wide, industry specific
risk framework;
• The Board establishes the risk
appetite;
• Few executives are held
responsible;
• Risk assessments are performed
considering only financial impacts;
• Enterprise-wide policies,
procedures and controls to mitigate
risks are developed and
communicated;
• Monitored through separate
evaluations by top management.
Systematic Risk Mgmt
• The tone for managing risks and
risk awareness is widely adopted
throughout the enterprise;
• Standardized risk framework
• Technology enabled processes
are used for risk reporting ;
• The Board establishes thresholds
(financial and non financial) and
tolerances in accordance with the
risk appetite;
• Appropriate executives consider
risk as part of the decision
making;
• Training is provided to employees
to understand the risk
management responsibilities;
• Controls are robust and support
an effective and reliable
operation.
Fragmented
• Written charters include risk
management roles and
responsibilities;
• Limited accountability of
senior executives;
• Disconnected risk
management programs and
tools in various silos;
• Sporadic risk assessments
considering expected event
on a limited basis;
• Controls are adequately
designed but have
inconsistent operating
effectiveness results;
• Ownership of risks is siloed.
Risk Intelligent
• Board considers risk
management as a competitive
advantage;
• There is a common risk language
including the value protection and
value creation;
• Senior executives constitute a
executive-level committee;
• Integrated with corporate
strategy:
• Risk management is monitored
extensively;
• Tools and techniques (such as
stress testing, sensitivity analysis)
are used to identify how the
enterprise might fail;
• Risk scenarios are prepared;
• There is an early warning system
based on thresholds to the Board.
Sta
ke
ho
lde
r V
alu
e
Systematic
Risk
Intelligent
Top DownFragmented
Unaware
• No tone at the top for
managing risks,
• No risk governance
structure;
• No risk framework, no
risk process;
• Heavy reliance on
manual processes to
report, communicate and
monitor risk related
activities;
• Unassigned roles and
responsibilities;
• No risk ownership for
business units.
Unaware
Integrated ERM capability
Where is TNT today?
Where does TNT want to be?
10
Strong program areas:
Common Risk Framework
Risk Infrastructure
Supporting functions
Key areas of attention:
- Risk Definition
- Executive management
Risk Infrastructure
& Oversight
Risk Governance Risk Infrastructure & Oversight Risk Ownership
Risk Definition
Common Risk
Framework
Roles &
Responsibiliti
es
Transparency/
Visibility
Executive
Management
Risk
Infrastructure
Functions
(IA, Risk
Mgmt.)
Business
Units
Supporting
Functions
Current State 3 4 3 3 3 4 3 3 4
Future State 5 5 5 5 5 5 5 5 5
0
1
2
3
4
5Risk Definition
Common Risk Framework
Roles and Responsibilities
Transparency / Visibility
Executive Management Risk Infrastructure
Functions
(IA, RM, Mgt)
Business Units
Supporting Functions
2. Risk Management at TNT - ERM Capability Maturity Model
11
Recommendations of Enhancement
1. Upgrade existing risk management processes to embed a local culture of risk identification,
ownership and accountability. Move away from the mindset of compliance towards
responsible management with informed decision making. Specifically (in order or priority)
- focus more attention on the quality of risk identification and the effective follow-up on corrective
actions by local management. Allocate sufficient skilled facilitation resources to the role of risk
coordinator locally.
- require regions and certain material local entities to perform risk workshops more frequently
than once a year and to update the risk profile accordingly in the risk register. e.g. require
quarterly management meetings to review risk profile and to adjust based on current knowledge.
- Re-define the risk management definition at TNT and replace it with a more time focused factor
as is the case in current best practice.
2. Develop functional risk assessments for key Group wide and division specific activities to add
bridge the gaps in the current silo model.
3. Create a virtual Risk Council to recommend risks for Board evaluation, monitor and (in some
cases) drive the corrective actions of known significant risks and improve the decision
making of key projects by evaluating the risks attached to such projects.
12
Recommendations of Enhancement
1. Upgrade existing risk management processes to embed a local culture of risk identification,
ownership and accountability. Move away from the mindset of compliance towards
responsible management with informed decision making. Specifically (in order or priority)
- focus more attention on the quality of risk identification and the effective follow-up on corrective
actions by local management. Allocate sufficient skilled facilitation resources to the role of risk
coordinator locally.
- require regions and certain material local entities to perform risk workshops more frequently
than once a year and to update the risk profile accordingly in the risk register. e.g. require
quarterly management meetings to review risk profile and to adjust based on current knowledge.
- Re-define the risk management definition at TNT and replace it with a more time focused factor
as is the case in current best practice.
2. Develop functional risk assessments for key Group wide and division specific activities to add
bridge the gaps in the current silo model.
3. Create a virtual Risk Council to recommend risks for Board evaluation, monitor and (in some
cases) drive the corrective actions of known significant risks and improve the decision
making of key projects by evaluating the risks attached to such projects.
The rest of this workshop will be devoted to one of these enhancement
objectives
We believe it to be the fundamental to many other objectives being implemented.
focus more attention on the quality of risk identification and the
effective follow-up on corrective actions by local management.
Allocate sufficient skilled facilitation resources to the role of risk
coordinator locally
13
Why did TNT initiate this training?
TNT’s Risk Managers are responsible for running Risk
Assessment Workshops (minimum one a year). In these,
they collect and share ideas and discuss the events that
could impact the achievement of business objectives.
All divisions, BU’s and Group Head Office departments
are required to run a formal workshop, whose outcome
will be reported to the next level of the organisation
through the TNT ERM Register.
14
Why did TNT initiate this training?
The Managing Director, Finance Director and the Management team
attend, participate and provide input to the risk assessment session.
In a BU/RPU risk assessment the management team should include
those responsible for ICT, Security, Operations and Health & Safety
(e.g. Sales, Customer, Administration), Human Resources and
Sustainability & Environment.
So, a senior and diverse group…...
15
Why did TNT initiate this training?
The purpose of the Risk Assessment
Workshops is to:
- Familiarise participants with the risk management process
- Enhance risk awareness
- Share risk knowledge and experience
- Determine the [entity] risk profile
- Understand key risks in more detail
- Develop initial risk mitigating action plans
16
Why did TNT initiate this training?
Observation and experience suggested
that:- Those delivering the workshops lacked confidence in their own ability to
manage the process
- There was a reluctance to move out of an ‘instructional role’ and to
engage the participants in active discussion and debate
- The relative lack of seniority of the workshop presenters meant that they
could feel threatened by Senior Managers in the workshops
- There was an over-reliance on a ‘script’ and technology
- There was a tendency to repeat ‘old’ thinking and not challenge this
- There was concern that the process was not contributing to ‘risk
awareness’ but being seen purely as a compliance exercise
17
What do we mean by Facilitation Skills?
Pure ‘Facilitation’ ( from the same root word ‘facile’) means to ‘make easy’.
In organisational contexts, we use the word in the context of facilitating a process: making it easy for a group to work through a process and achieve their end goal.
Facilitation is not instruction, training or coaching.
It relies on a three core skills: • Sensitivity to what is going on within a process
• Diagnostic ability to be able to identify what needs to happen or to change
• An ability to move towards action
18
What do we mean by Facilitation Skills?
It is perfectly possible to facilitate a process without having any knowledge of the content. It requires some of the same skills as those demonstrated by an independent chairperson in a meeting: the ability to support a group in making the decisions that are required.
Good facilitation needs:o Group management skills
o A client-centred focus
o Effective listening skills and ability to clarify and summarise
o The ability to ask appropriate and varied questions
o The ability to offer feedback
o The ability to challenge and confront discrepancy
o The ability to create positive, agreed future action
19
Why do Risk Managers need these skills?
For TNT’s Risk Managers, their role was somewhat confused.
Within the same workshop they needed to move between the roles of:
• Subject Matter Expert
• Instructor/presenter
• Consultant/Compliance advisor
• Process Facilitator
It was the last of these that was the most difficult for them. It was therefore decided to support them by working on a specific set of facilitation skills.
20
Why do Risk Managers need these skills?
In this context, Risk Managers need to be able to:
Ensure that the purpose and output of the session is achieved
Ensure that all key risks are identified and assessed
Engage the participants and encourage ‘ownership’
Provide specialist knowledge as appropriate
Manage the discussion and interaction effectively
Ensure that there is representation of different points of view
Handle challenges and objections
Achieve commitment to follow-up and implement action plans
21
The Training Design
It was agreed that the training design would be aligned
to the following learning objectives:
- To understand the specific role of the facilitator in managing risk workshops and how to build credibility in that role
- To understand how to elicit and manage good quality information form participants
- To understand group process and learn techniques in group management and control
- The develop skills and confidence in challenging and confronting participants in order to achieve more in-depth understanding of issues
- The ability to challenge and confront discrepancy
- The develop new approaches to running their own workshops
22
The Training Design
It was also agreed that the training design would include and illustrate facilitation methods appropriate for use in the Risk
- Small group/breakout group work
- Experiential learning activities
- Activities to encourage creative and innovative
thinking and would also include
- Rehearsal and practice
- Trainer and peer feedback
- Workshop re-design and application planning
23
The Training Workshop
So, let’s get you involved in some experiential learning:
A practical activity to explore the Risk Management journey ahead……