• Home

  • Documents

  • UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: Enterprise Risk Management...
28
Board Governance - Enterprise Risk Management Forum for Corporate Directors – Leadership in the Board Room UC Irvine – The Paul Merage School of Business Executive MBA Program July 18, 2009

UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: Enterprise Risk Management (ERM)

Embed Size (px)

DESCRIPTION

 

Citation preview

  • 1. Board Governance - Enterprise Risk Management Forum for Corporate Directors Leadership in the Board Room UC Irvine The Paul Merage School of Business Executive MBA Program July 18, 2009
  • 2. Agenda Defining risk A new risk paradigm ERM a process point of view Drivers of ERM ERM roles and responsibilities A practical approach to ERM Enterprise risk assessment Risk management framework assessment Page 2 UC irvine Executive MBA Enterprise Risk Management
  • 3. Defining risk A risk the threat that an event, action, or non-action could adversely affect an organizations ability to achieve its business objectives and execute its strategies successfully. Page 3 UC irvine Executive MBA Enterprise Risk Management
  • 4. A new risk paradigm Leading organizations expand their view of risks and enhance risk management beyond the traditional compliance function. Keep Us Out of Trouble Make Our Business Better Growing Number of Restatements Bigger Fines and Settlements goal Coordinated Risk Activities Enhanced Business Processes Expanding Stiffer Risk-Adjusted Effective Use Regulation Sanctions Decisions of Technology Catastrophic Criminal Improved Risk Reduced Total Reputational Indictments Reporting and Risk Spend Consequences Disclosure All too confusing and overdone Must do it Except when we get in trouble But how do we do it better? Page 4 UC irvine Executive MBA Enterprise Risk Management
  • 5. Enterprise Risk Management (ERM) a process point of view Enterprise risk management is a e ns ng c nc gi t io process, effected by an entitys rti ia te ra pl po ra pe m St Re board of directors, management, Co O Internal Environment and other personnel, applied in strategy setting and across the Objective Setting enterprise, designed to identify Event Identification potential events that may affect the Risk Assessment entity, and manage risk to be Risk Response within its risk appetite, to provide reasonable assurance regarding Control Activities the achievement of entity Information & Communication objectives. Monitoring Source: COSO Enterprise Risk Management Integrated Framework Page 5 UC irvine Executive MBA Enterprise Risk Management
  • 6. Drivers of ERM
  • 7. Greater complexity of business environment and decision making Various internal and external drivers and developments require companies to become more effective and efficient at managing risks. External Drivers Internal Drivers Changing and expanding regulatory More dynamic / business models and requirements changing technology requirements Instability of economic and market Greater distribution of business conditions activities, locations, etc. Geo-political developments Increasing interdependencies on Increasing litigations and fines business relationships (alliances, JV) Focus on preservation and leverage of Increasing scrutiny by rating agencies intangible assets and listing exchanges Greater sophistication and scrutiny by Increasing cost and/or scarcity of board members resources (material and labor) Focus on risk-adjusted decision making Rapidly changing competitive landscape Others Others Page 7 UC irvine Executive MBA Enterprise Risk Management
  • 8. Business advantages of good risk management Benefits for stakeholders: Benefits for the Surveys point to the value the financial markets and organization: investment analysts ascribe to those companies that Avoid surprises can demonstrate good risk management. A routine process to identify and manage Fewer negative surprises potential issues Better governance Greater financial stability Clear risk roles and responsibilities Greater certainty of profitability Clear risk communication, Lower investment risk language, reporting and escalation Better long-term share price performance Better decision making Greater confidence to retain / Considering the business increase stake impact of a broader range of scenarios Greater transparency Efficiencies Lower share price volatility More effective and efficient risk functions Adds company value Less overlap and fewer 0 5 10 15 20 25 30 35 gaps in risk coverage % of respondents (N = 137) Page 8 UC irvine Executive MBA Enterprise Risk Management
  • 9. Shareholder value of risk management A survey of 137 institutional investors managing some of the worlds largest funds concluded the following on the question if it was worth paying a premium for companies that can demonstrate a successful approach to risk management. Strongly Agree (31%) Agree Somewhat (51%) Disagree somewhat (6%) Strongly disagree (7%) Not specified (5%) Source: Global Risk Survey of 137 Institutional Investors managing the worlds largest funds, November 2005 Page 9 UC irvine Executive MBA Enterprise Risk Management
  • 10. ERM consideration in the S&P debt rating evaluation Scoring ERM in the debt rating process: S&P indicates that assessing a companys risk management capabilities is the most subjective of all areas when assigning a credit rating The process started to roll out in Q3 of 2008 with the introduction of the framework model and a focus on building specific industry benchmarks Rating adjustments expected in Q1/Q2 2009 Ultimately, the evaluation of risk management may directly impact an organizations cost of capital Page 10 UC irvine Executive MBA Enterprise Risk Management
  • 11. ERM roles and responsibilities
  • 12. ERM roles and responsibilities (examples) Board of Directors ERM Steering Committee Is ultimately responsible for ERM program Assembles executive from key functional areas Approves risk appetite and risk tolerances and risk management functions Contributes knowledge on risks specific to Approves risk catalog and assessment methods particular business functions Sets standards regarding risk policies and Communicates directly with business unit programs managers to promote ERM and obtain relevant Monitors the quality of the program information Shares experiences regarding risk strategies and CEO risk mitigation tactics Coordinates design, implementation, and Coordinates ERM training and reporting monitoring of the ERM program Contributes to the definition of risk policy, Risk Owner appetite, and tolerance Assumes responsibility for the implementation, Assigns roles and responsibilities for design, use, and monitoring of risk management implementation, and monitoring techniques Decides on resource allocations for risk Contributes to risk assessment and ensures that management strategies risk response strategies remain pertinent and effective Decides on risk indicators, thresholds, and implementation of risk response strategies Documents implemented ERM efforts and reports on relevant risk issues / developments Reports to the board on risk issues Page 12 UC irvine Executive MBA Enterprise Risk Management
  • 13. The role of Internal Audit Coordinating of k Cons RM framewor RM Co t of E oli al a ch dated ov hmen ing ppr Fa te repo rd a ERM activities cil ma veloping the E e ti ablis ita nag pp boa tin rting R ka ev gi g est e es for ie me ris de w ss o n ri s in nti he egy nt i ce g n fic gt ro pioni th n re e ati t ra t tp ttin ks Ev m de en s on alu an isk Ms spo Se Cham em ati ag r & Maintaining & ng on ag em ER ev ndi th e e nc an alu en ra ng re m ng po to u ss ati k rtin fk opi to r ris Ev a a on lua go ey nt es ons ng e v el isk of ting fk ris em sp si ey ag k re po risk ks De ris s ris n ris Im ma Ma ks nag ks s on em ent is ion Givin pro dec lf g ass ces kin g beha uran ses Ma ents ce th agem at ris man ks ar e cor ons e on rectly resp evalu g risk Giving assura ated m entin nc e on the risk Imple for risk manag ement managemen t pr ocess Accountability Core internal audit roles Legitimate internal audit Roles internal audit in regard to ERM roles with safeguards should not undertake Source: IIA UK The Role of Internal Auditing in Enterprise-wide Risk Management Page 13 UC irvine Executive MBA Enterprise Risk Management
  • 14. A practical approach to ERM
  • 15. High-level risk management lifecycle Establish Risk Identify Value Develop consistent risk Context & Drivers taxonomy and risk Governance repository and align relevant risks with value drivers (strategies, objectives, initiatives) Monitor & Report Risk Management Identify Risks Components Risk Culture Frequently monitor Define consistent effectiveness of risk Policy & Mandate assessment criteria response (e.g., controls) Infrastructure & People based on risk appetite and report on results and tolerances and Methods & Practices assess relevant risks Information & Technology Assess Risk Assess Risks Response Conclude on preliminary Define appropriate risk effectiveness of risk response strategy (i.e., response and develop Develop Risk acceptance, mitigation, action plan for monitoring Response sharing, transfer, etc.) Page 15 Avery Risk assessment / ERM workshop
  • 16. A practical approach to ERM Enterprise Risk Assessment Risk Management (ERA) Transformation 1 Identify, assess and prioritize the key risks to achieving the organizations Define improve and monitor efforts for the most significant business objectives risks to business objectives Embed and sustain ongoing risk assessment and monitoring into 3 existing management processes Alignand coordinate risk and control groups across the Risk Management Framework breadth of the organization Assessment (RMFA) 2 Define focus areas for framework Evaluate the maturity of design and enhancements aligned to consistency in application of the risk industry risks and leading management and internal control practice benchmarks framework Page 16 UC irvine Executive MBA Enterprise Risk Management
  • 17. A practical approach to ERM (overview) 1 2 Enterprise Risk Risk Management Framework Assessment Assessment Ke y b u s in e s C o m p r e h e n s i v e r is k c o v e r a g e s K e y b u s in e s s R is k a n d o b je c t iv r is k s c o n t r o l a c t iv it ie s C o o r d i n a t i o n a c r o s s t h e li n e s o f d e f e n s e e s New Product Revenue and Treasury Internal Executive Development market share Strate gic As s e s s Audit management Monitoring and control functions y g e t a r t s s s e ni s u B Operations and business units Marketing & IT Advertising Reputation Support functions and brand Operations Sourcing & Compliance Board Tax Oversight Procurement Im p r o v e Asset Manufacturing Finance Audit Financial & Production Internal control and capital committee management Distribution Legal & Logistics Earnings and Risk Other operating Complianc e M o n it o r Customer Management committees HR margins Support A li g n m e n t t o b u s i n e s s o b je c t iv e s Page 17 UC irvine Executive MBA Enterprise Risk Management
  • 18. ERA identifying risks in the context of the business drivers Changes to Strategy, Merger and People, Process, Acquisition Activity Technology Reputation and Brand Do the stakeholders have a favorable view? Revenue and Asset and Market Share Capital Management How does the Business Drivers How efficient organization grow? is the organization? Earnings and Operating Margins New Product and Service How profitable is External Events or the organization? Developments Developments Page 18 UC irvine Executive MBA Enterprise Risk Management
  • 19. ERA a common categorization and understanding of risks A common risk taxonomy and risk assessment method is the cornerstone of an effective ERA process. RiskUniverse Categories Key Questions Planning and Resource Allocation What are our key risks and how do we Major Initiatives Strategic Mergers, Acquisition and Divestures measure the relevance of those risks? Market Dynamics Communication and Investor Relations Are we focused on the risks that matter? Sales & Marketing Supply Chain Operations People Who is accountable for the key risks? Information Technology Hazards Are resources aligned to our risk profile? Physical Assets Market Financial Liquidity and Credit Are we accepting the right level of risk? Accounting and Reporting Tax Are we receiving a fair return on that risk? Capital Structure Governance Compliance Code of Conduct Who is monitoring the significant risks? Legal Regulatory How are we improving key controls? Page 19 UC irvine Executive MBA Enterprise Risk Management
  • 20. ERA common techniques to assess and prioritize risks A company may employ quantitative or qualitative risk assessment models, which need to be understood and accepted by the respective risk owners and executive management: Quantitative Models Qualitative Models Methods / Value at Risk (VaR) Risk map Techniques Cash Flow at Risk (CaR) Self-assessments, interviews, Earnings at Risk (EaR) or facilitated workshops Monte Carlo Simulation SWOT analysis Others Scenario analysis Others Assessment Target or industry Risk Assessment Criteria (RAC) with Criteria benchmarks impact and likelihood thresholds Important Requires availability of sufficient Knowledge and judgment of Consideration amount of data or individuals involved is critical understanding of models Well suited where risks dont lend Well suited for financial risks themselves for quantification Page 20 UC irvine Executive MBA Enterprise Risk Management
  • 21. ERA relating risk appetite, risk tolerance and risk limits to prioritize risks Risk The broad based amount of risk a company is able to accept in pursuit of its Capacity mission, vision, business objectives and overall strategic goals - directly related to an entitys capital, liquidity and external stakeholder influence The broad-based aggregate amount of risk a company is willing to accept in Risk pursuit of its mission, vision, business objectives and strategic goals - directly Appetite related to an entitys risk capacity as well as its culture, desired level of risk, risk management capability and business strategy The specific maximum applicable to each category of risk regarding the Risk magnitude of risks that the organization is willing to take to achieve its strategy and objectives - set such that the aggregation of risk tolerances ensures the Tolerance organization operates within the risk appetite The optimal level of risk that the organization desires to take to achieve specific business objectives and operate within its appetite/tolerance for risk Risk Target defines the balance between risk and reward - risk target is based on the managements desired returns, the role of risk to achieve those returns and capability to manage the risk/reward profile Thresholds to ensure that variation from expected outcome will be consistent with the risk target, but will not exceed the risk appetite/tolerance defines Risk Limits process level controls and management authorities and should reflect risk limits Page 21 UC irvine Executive MBA Enterprise Risk Management
  • 22. ERA risk map / assessment outputs (example) Risk No Tier 1 risks High 25.0 1 Emerging Markets Growth 1 Liquidity Cash Improve Monitor 2 Management 20.0 6 Controls 3 Key Supplier Dependence 3 (Impact x likelihood) 2 5 12 4 Debt Cost of Capital Risk exposure 15.0 9 5 IT Security and Privacy 4 7 11 6 Sourcing - Global 10.0 Competition 8 10 IT - Infrastructure 7 Efficiency Monitor Accept Joint Venture 5.0 8 Relationships Risks Optimize Ineffective Financial 9 Planning and Forecasting 0.0 Competitive Recruitment Low 10 and Retention 1.0 2.0 3.0 4.0 5.0 Focus and alignment of Low Management preparedness High 11 Acquisitions and Integration Evolving Regulatory 12 Changes United States Markets Page 22 UC irvine Executive MBA Enterprise Risk Management
  • 23. RMFA a view of required competencies Leveraging the information obtained through the ERA, the company evaluates the design and application of the risk management competencies to define improvement opportunities. Do we have the proper oversight on risk and control? Are risk decisions made with proper guidance? Strategy Governance & Mandate Does the culture encourage taking the appropriate risks? s Im es pro People Are efforts effectively aligned and s As v coordinated to manage risk? e Are risk and control activities efficient Methods and Practices and effective? How are risks and controls assessed, monitored and improved? Monitor Page 23 UC irvine Executive MBA Enterprise Risk Management
  • 24. RMFA key focus areas to be assessed The evaluation of an organizations risk management capabilities should be focused on a variety of key components and identify opportunities for enhancements across the organization. Governance People Methods and Practices Tone At The Top Culture and Performance Risk Identification and Assessment Strategies and Alignment and Objectives Coordination Risk Management Design and Policy and Procedures Competence and Effectiveness Capabilities Organizational Process Improvement Structure Roles and and Efficiency Responsibilities Compliance Monitoring and Communication Reporting Technology Page 24 UC irvine Executive MBA Enterprise Risk Management
  • 25. Wrap-up
  • 26. P rinciple s of Effe of successful ERM programs 6 key elements ctive Ris k Ma na ge me nt Agreed risk strategy The Board and management must provide guidance on the appropriate strategy and E&Ys ERM point of view approach to Risk Management aligned to the organizational strategy. Clear governance framework The Board will usually delegate day-to-day governance through an oversight structure that includes an enterprise risk committee and/or a chief risk officer. Efficient Risk Management processes The organization needs defined procedures for assessing and continuously monitoring risks on an enterprise wide basis. Appropriate technology Effective systems providing access to information about risk identification, assessment and solutions to support the Risk Management processes. Coordination of Risk Management functions Integrated risk functions embedded within the business to leverage expertise across the entire organization. The right culture and capability Everyone in the organization must be attuned to the risk culture and performance measurements must be risk based. Page 26 UC irvine Executive MBA Enterprise Risk Management
  • 27. Parting comments A ship in harbor is safe -- but that is not what ships are built for. John A. Shedd, Salt from My Attic, 1928 Questions? Page 27 UC irvine Executive MBA Enterprise Risk Management
  • 28. Speakers bio Peter Rosenzweig has more than 17 years experience in the assessment, design, and implementation of complex risk management and internal control frameworks, including IT risk and control structures. Peter serves as regional subject matter resource in the application of Ernst & Youngs Enterprise Risk Management methodology and he has assisted various large organizations with the implementation or transformation of enterprise-wide risk management capabilities. Contact Information Peter Rosenzweig Ernst & Young LLP Risk Advisory Services Direct: 213.977.5849 [email protected] About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 130,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve potential. For more information, please visit www.ey.com. Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Final ERM Symposium Presentation 10.16 ERM Symposium...Final ERM Symposium Presentation 10.16.19 Created Date: 20191016195917Z

Final ERM Symposium Presentation 10.16 ERM Symposium...Final ERM Symposium Presentation 10.16.19 Created Date: 20191016195917Z

Documents
Pancreatitis UCI

Pancreatitis UCI

Documents
Positioning Uci

Positioning Uci

Documents
Metformina uci

Metformina uci

Documents
Shocksepticovsfarmacologicopara uci

Shocksepticovsfarmacologicopara uci

Documents
UCI and FGV Collaboration by Gary W. Matkin, UCI

UCI and FGV Collaboration by Gary W. Matkin, UCI

Education
Insights into the new GRI Standards - ERM · - Lise Kingo, Exec Director, UN Global Compact speaking at GRI 2016 37. The business of sustainability ... GRI 302: Energy How do GRI

Insights into the new GRI Standards - ERM · - Lise Kingo, Exec Director, UN Global Compact speaking at GRI 2016 37. The business of sustainability ... GRI 302: Energy How do GRI

Documents
2017 UCI BMX Supercross World Cup STAGE III · © UCI 2017 2017 UCI BMX Supercross World Cup

2017 UCI BMX Supercross World Cup STAGE III · © UCI 2017 2017 UCI BMX Supercross World Cup

Documents
EXEC. PRODUCER: DICK WOLF PROD. #01006/108 EXEC. …

EXEC. PRODUCER: DICK WOLF PROD. #01006/108 EXEC. …

Documents
Don Spong (ORNL), ZhihongLin (UCI), Sam Taimourzadeh (UCI ...€¦ · Don Spong (ORNL), ZhihongLin (UCI), Sam Taimourzadeh (UCI), and the ISEP Team ISEP Introduction ISEP computational

Don Spong (ORNL), ZhihongLin (UCI), Sam Taimourzadeh (UCI ...€¦ · Don Spong (ORNL), ZhihongLin (UCI), Sam Taimourzadeh (UCI), and the ISEP Team ISEP Introduction ISEP computational

Documents
[PPT]PowerPoint Presentation - Event Schedule & Agenda …schd.ws/hosted_files/2016agripspring/97/Joint ERM... · Web viewOutline ERM Frameworks Why CIS is Involved in ERM CIS ERM

[PPT]PowerPoint Presentation - Event Schedule & Agenda …schd.ws/hosted_files/2016agripspring/97/Joint ERM... · Web viewOutline ERM Frameworks Why CIS is Involved in ERM CIS ERM

Documents
Home | UCI Mathematicsbrusso/levinson.pdfHome | UCI Mathematics

Home | UCI Mathematicsbrusso/levinson.pdfHome | UCI Mathematics

Documents
UCI REGULATIONS FOR THERAPEUTIC USE EXEMPTIONS · UCI Regulations for Therapeutic Use Exemptions The UCI Regulations for Therapeutic Use Exemptions (“UCI TUER”) are mandatory

UCI REGULATIONS FOR THERAPEUTIC USE EXEMPTIONS · UCI Regulations for Therapeutic Use Exemptions The UCI Regulations for Therapeutic Use Exemptions (“UCI TUER”) are mandatory

Documents
TROMBOLISIS uci

TROMBOLISIS uci

Documents
Finance 590 Enterprise Risk Management. ERM Quick review of last class Today’s discussion –ERM Basics –ERM Concepts and processes –ERM Risk Analytics

Finance 590 Enterprise Risk Management. ERM Quick review of last class Today’s discussion –ERM Basics –ERM Concepts and processes –ERM Risk Analytics

Documents
Erm C Methylase erm I Regulation of erm Methylase Constitutive Inducible Macrolides Methylase

Erm C Methylase erm I Regulation of erm Methylase Constitutive Inducible Macrolides Methylase

Documents
ERM 101 Lisanne Sison Director ERM Bickmore. What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO)

ERM 101 Lisanne Sison Director ERM Bickmore. What is ERM? Enterprise Risk Management (ERM) is defined by the Committee of Sponsoring Organizations (COSO)

Documents
Reglamento UCI

Reglamento UCI

Documents
UCI Thermoelectric

UCI Thermoelectric

Documents
Uci Manual

Uci Manual

Documents
Programs & Activities - UCI International Center | UCI

Programs & Activities - UCI International Center | UCI

Documents
UCI Physics and Astronomysasha/VI/Review_Usp.pdf · UCI Physics and Astronomy

UCI Physics and Astronomysasha/VI/Review_Usp.pdf · UCI Physics and Astronomy

Documents
2020 UCI JERSEYS...2020 UCI JERSEYS VISUAL GUIDELINES UCI COLOURS 3 Colours UCI coulours and rainbow stripes 3 Colours UCI Gran Fondo 4 Colours UCI Women’s WorldTour 5 Colours UCI

2020 UCI JERSEYS...2020 UCI JERSEYS VISUAL GUIDELINES UCI COLOURS 3 Colours UCI coulours and rainbow stripes 3 Colours UCI Gran Fondo 4 Colours UCI Women’s WorldTour 5 Colours UCI

Documents
Backup Exec 2012 Feedback. What are they saying about Backup Exec? Backup Exec 2012 Feedback 2

Backup Exec 2012 Feedback. What are they saying about Backup Exec? Backup Exec 2012 Feedback 2

Documents
ELIMINASI UCI

ELIMINASI UCI

Documents
2017 UCI Jerseys Visual Guidelines · 2017 UCI JERSEYS VISUAL GUIDELINES UCI COLOURS 2 Colours UCI coulours and rainbow stripes 2 Colours UCI Gran Fondo 3 Colours UCI Women’s WorldTour

2017 UCI Jerseys Visual Guidelines · 2017 UCI JERSEYS VISUAL GUIDELINES UCI COLOURS 2 Colours UCI coulours and rainbow stripes 2 Colours UCI Gran Fondo 3 Colours UCI Women’s WorldTour

Documents
REGISTRATION PROCEDURE FOR UCI · PDF fileinscription des epreuves internationales au calendrier uci 2017 / route ... registration procedure for uci calendars uci sports department

REGISTRATION PROCEDURE FOR UCI · PDF fileinscription des epreuves internationales au calendrier uci 2017 / route ... registration procedure for uci calendars uci sports department

Documents
INHALOTERAPIA UCI

INHALOTERAPIA UCI

Documents
Education - ERM Initiative | ERM

Education - ERM Initiative | ERM

Documents
Incentive uci

Incentive uci

Business