View
41
Download
1
Embed Size (px)
Citation preview
1
On24 Tech Tips
• Make sure your speakers are on• Hit F5 any time your console freezes• For a LIVE event you should be hearing music now• Use the “Ask a Question” feature to report issues• Webcast starts at the top of the hour
Presented by:
Moderator:DeLisa M. White, Multi-Media Content Producer, Risk Intelligence, GARP
Presenter(s):Brenda Boultwood, Senior Vice President of GRC Solutions, MetricStream Martin Pergler, Founder and Principal, Balanced Risk Strategies, Ltd
Wednesday 18, 2015
GARP Webcast
Explore Your Opportunity Landscape by Harnessing Your Risks
2
Martin Pergler has over 15 years experience consulting and teaching about risk and strategic decision making under uncertainty. He has counselled over 200 companies in 32 countries on risk-related issues, with a particular emphasis on the energy/natural resources, industrial, and travel/logistics sectors, as well as multi-sector conglomerates, institutional investors, and other financial institutions.
Martin is presently Founder and Principal at Balanced Risk Strategies, Ltd., in Ottawa, Canada. Previously, he was Senior Expert in Risk at global consultancy McKinsey & Company, where he was a leader in their Corporate Risk and ERM service lines, based at various times in their Chicago, Prague, Singapore, and Montreal offices. Martin also co-founded McKinsey’s global risk analytics centre of excellence in India, and was for some time the Functional Learning Leader for Risk and sat on the editorial board of McKinsey’s Risk Working Papers publication series. Martin continues to work with McKinsey as a part-time Senior Advisor.
Martin has expertise in both qualitative (e.g., framework, processes, culture, governance) and quantitative (e.g. analytics, modeling, reporting) aspects of risk. He deals both with the risk management process itself, as well as the incorporation of risk and uncertainty in other corporate processes, such as strategic planning, scenario development, capital allocation, and specific risk-taking or risk-mitigating decisions.Martin has been a core faculty member and curriculum developer in over 20 capability building programs, for audiences from risk specialists to traders to broader management teams seeking a structured way to deal with uncertainty. He is an adjunct faculty member at DukeCE, the custom executive education arm of Duke’s Fuqua School of Business. Previously, Martin was a lecturer in mathematics at the University of Chicago, where he won a University-wide teaching award.
Martin has made over 30 presentations on risk-related issues at major conferences as well as published articles. Recent presentations include at Cambridge University, the Rotman School of Management (University of Toronto), GARP (Global Association of Risk Professionals), and for the AFP (Association of Financial Professionals). Press interviews and excerpts include the Globe and Mail, forbes.com, China Business News, the Corporate Financial Treasurers Exchange, and the McKinsey Quarterly/McKinsey on Finance. He co-directed a survey of Board risk oversight practices for The Conference Board.
Martin holds a B.Sc. (highest honours) from Carleton University in Canada, and an S.M. and Ph.D. from the University of Chicago, all in mathematics. He won the Governor General’s medal at Carleton and held Canada’s highest graduate scholarship (NSERC 1967) for study abroad. He was also active as a classical musician, with performances on NPR, CBC, and European Public Radio. He lives in Ottawa, Canada.
Martin Pergler, Balanced Risk Strategies, Ltd.
3
Agenda
• How Enterprise Risk Management (ERM) acts as a key enabler in building a sustainable competitive advantage
• How organizations can align their risk focus with long term, strategic objectives
• The role of Risk Intelligence in harnessing risks to explore new opportunities
• Technology that can be leveraged to capitalize on risks
4
Aware-ness
Minimi-zation
Risk-return
Competitive advantage
Risk focus
Valu
e fr
om ri
sk m
anag
emen
t
Maturity spectrum for risk management
• General trend to the right (though at very different speeds in different industries and in different companies)
• Opportunity sneaks onstage in “Risk-return”, takes center stage in “Competitive Advantage”
SOURCE: Balanced Risk Strategies
5
ERM: from dentist to safari guide
• Safety, compliance, response to danger
• Backwards looking• Necessary but no fun
• Tradeoffs, value stewardship• Forward-looking enabler• OPPORTUNITY
SOURCE (RHS): Martin’s trip down the Zambezi river, 2003.
6
Questions for today
1. How ERM acts as a key enabler in building a sustainable competitive advantage
2. How organizations can align their risk focus with long term, strategic objectives
3. The role of Risk Intelligence in harnessing risks to explore new opportunities
4. Technology that can be leveraged to capitalize on risks
7
Uncertainty is hard…the risk toolkit helps
• Individual and group biases in evaluating uncertainty (necessary to evaluate opportunities)
• We freeze…overreact…run away: Pandora’s box problem
vs
Benefits of the risk (ERM) toolkit
• Provide structure; systematic approach
• Marshall facts AND opinions from variety of stakeholders
• Respect lack of (full) knowledge
• Calm the fear. Unfreeze.• Focus flexibility/opportunity,
not just risk mitigation
1
8
Risk management involves the whole gang…ERM function natural convenor
Board: Fiduciary responsibility
CEO: Chief integrator (risk and
everything else)
CFO: Steward of
equity capital
HS&E: Steward of employee
and society health
CRO (if exists): Risk silo-breaker, coach
Natural coordinator/convenor
Treasurer: Steward of cash/liquidity
Everyone: Good risk culture (mindsets and behaviors)
SOURCE: Balanced Risk Strategies
1
9
Aligning risk focus with long term strategic objectives
• ISO31000: Risk is “effect of uncertainty on objectives”• Define explicit time horizon and objective metrics to get past
“dangers in current operations”• What are the “big bets” your strategic objectives depends
on…those are your risks (but without the emotional baggage of the word “risk”)
• Sitting still is too risky
2
10
Example: Risk heat maps extended to describe the whole uncertainty ecosystem
Oppty/ Thrive
Deliver on plan
Major change needed
Survive
Fail
Remote (small%)
Possible (~1%/yr)
Plausible (~5%)
Probable (~20%+)
Most likely
(50%+)
Impa
ct o
n bu
sine
ss m
odel
nex
t 5 y
ears
Likelihood
Business as usual
Extreme events(Crisis
response)
Real options
Stre
ss te
stin
g
Corestrat
planningscenarios
Source: Book manuscript (Pergler)
• Impact axis (from conventional risk heat map) grounded in qualitative consequences on company’s future…
• …and includes positive outcomes – a genuine OPPORTUNITY LANDSCAPE
• Increasing quantitative sophistication needed along the red arrow
2
11
Risk intelligence to explore new opportunities
• Insight rather than just data• “Learnable” and “natural” risks – risks you want to own…• …leading to thoughtful risk choices (risk appetite!) aligned
with your strategy • Humble and thoughtful quants are your friend • Embrace uncertainty and (non)consensus to do what-if
3
12
Example: Project risk quantification – going well beyond risk response and simple mitigation
Source: Sanitized client example (Pergler & Rasmussen, McKinsey on Finance, “Making Better Decisions about the Risks of Capital Projects”, 2014)
+ Conditional on assumptions
- P5 may not be a real P5…fat tails, epistemic uncertainty
• From how to we respond to project execution risks…
• …to how do we anticipate…
• …to evaluate if the project is a good idea given the risks…
• …to improve the risk-return profile of the project, making it feasible: OPPORTUNITY
3
13
Brenda Boultwood is Senior Vice President of Industry Solutions at MetricStream. Before joining MetricStream, Brenda was Senior Vice President and Chief Risk Officer for Constellation Energy where she led risk management activities for Constellation Energy and its businesses, including defining and assessing enterprise-wide business risks and facilitating proactive decision-making to effectively manage the risks associated with each business line.
Prior to joining Constellation Energy, Brenda served in a number of roles at JPMorganChase, including serving as head of risk management for their Treasury Services business. Prior to that, Brenda served as head of market risk, counterparty credit risk and operational risk management at Bank One Corporation. Brenda also worked with PricewaterhouseCoopers as a senior manager in its Financial Risk Management Consulting Practice and was employed with Chemical Bank Corporation as a financial engineering associate. In addition, she spent six years teaching in the University of Maryland’s Master of Business Administration program.
Brenda was a member of the CFTC Technology Advisory Committee, and serves on the Boards of Committee of Chief Risk Officers (CCRO). She previously served as Board Member of Global Association of Risk Professionals (GARP). She earned a Ph.D. in economics.
Brenda Boultwood, MetricStream
14
Challenges in maintaining high Risk Data Quality Standards
Rising compliance costs and inability to adapt in a highly complex regulatory environment
Lack of visibility into business operations across the enterprise - Accessing information from multiple sources
Absence of a systematic and standardized approach to measure risk in a distributed business environment – prevalence of one-off/point solutions
Difficulty in Alignment of risk with the overall risk appetite for an organization
15
Enterprise Risk Management: New Reality
Integrated Risk Management
Higher Collaboration and Efficiency
Pressure on Profitability
Large Volumes of New and Changing
Regulations
Increasing Complexity of Requirements
Market Reality
Remapping Enterprise
Risk Strategy
Highly Dynamic Regulatory
Environment
Increased top Management
Accountability for Risk
• Seamless integration of information, processes , risks, controls, losses, and compliance breaking down org silos
• Consistent view of risk metrics across LoBs, Compliance, Legal, IT, Vendor, Credit, Market, Liquidity
• Embed risk management in the business process and org culture
• How well are the lines of defense aligned – Top Management, Front Office, Risk, Assurance, Audit
Focus on Business Value, Performance
• Faster business decision making - Real-time information aggregation, reporting and analytics at multiple levels
• Bring transparency for enhancing visibility and insights into the internal operating environment
16
Unite Multiple Perspectives on Risk Assessment
Visualize the Process and Associate Risks at Each
Process Step
Enterprise GRC Platform
Third Party/ Vendor
Risk
Technology / Security
RiskHuman Capital
Risk
Process Related
Risk
Reputational Risk
Accounts Payable Process
Legal Risk
17
Risk intelligence helps you harness your risks
• Simplicity & Crispness – less is more• Provide support to build a robust risk culture within the
organization• Build a decision framework and assisting in rationalizing
efforts• Identify Information of Interest
• Board – Monitor the organization’s overall risk exposure against a stated appetite
Top Risks Opportunities Current Status or trend Mitigation activity
• C-level – Details covering a broad range of operational risk categories
18
The risk reporting value chain
Develop Hypothesis
•Which questions need answering?
•Finding performance gaps, preliminary area of focus
Gather Data
•What data to collect?
•How do we collect it more effectively?
•Sampling and data collection plans
Data Analysis
•What does the data tell us?
•Qualitative and Quantitative data analysis to transform data into information
Interpretation
•Extracting insights from data
•Viewing data from different angles
•What does this mean for the business?
Communicate Insights
• How can we best deliver the conclusion we have reached?
•Putting insights in a suitable delivery channel
Take Action
•Act on data•Prioritize actions
•Decision-making and prioritization techniques, and project management and feedback systems to deliver value
19
Risk intelligence – Get the most out of your data
GRCProcesses
Risk Assessments
Internal &External Data
Risk Metrics,KRIs / KPIs &
Business Objectives
Reporting & Analytics
External Feeds(Regulatory Updates,
Social Monitoring, etc.)
Control Tests
Policy Management Surveys
Self Assessments
Monitoring
Audits
Issue Management
ContentOrganizational
DataLoss Data
Severity Frequency
Severity
Plug ‘n Play Analytics
Threats &Vulnerabilities
(Servers/Computers/Mobile/Cloud Assets)
Advanced Data VisualizationsReport & Dashboarding
Heat MapsBusiness ObjectivesKRIs, KPIs
20
Support Firm-wide Risk Governance – Ties Between the Business and the Board of Directors
Common Language of Risk and Controls
Shared Enterprise Repository (GRC)
•Review and Access changes and outputsBoard of Directors
•Perform top risk assessment and own top risks in the company
Management Committee
•Prioritize risk in business unitRisk Committees
•Measure, aggregate and report operational risks
Risk Management Group
•Risk and Control Self Assessment•Metrics•Loss Events
Business Unit and Functional Support
• Improved understanding on company’s risk profile
• Common vocabulary and assessment of risk
• Risk based corporate audit plan
• Functional Top Risks• Business Top Risks
• Risk Capital• Standard Reporting
• Risk Register• Business-owned Risk
Assessment• Control Environment
Action Plan
Role Process Output
21
Communication of Top Risks, Emerging Risk and Strategic Risks
To build and maintain an effective risk management framework, a company must continuously evaluate the risk landscape
• Top risks are highlighted to ensure that executive management is focusing on the priority risks to the company
• Emerging risks are identified based upon new systemic, political and market factors, as well as other current events
• Strategic risks assess underlying emerging and systematic risks incorporated in the strategic plan that could derail the strategy and business plan
By understanding the enterprise risk factors, a company can develop strategies to optimize controls, improve performance and harness opportunities
22
Risk Intelligence for Business Performance
Board of Directors• Overviews of key business processes and top risks/vulnerabilities to provide a context for
decisions - CapEx, M&A transactions• Heat maps of top current risks (through year end), emerging risks (1-3 year time horizon), strategic
risks (beyond 5 year time horizon)• Assessments of risk management approaches and frameworks • Review of policies, procedures, metrics, staffing and approaches
23
Risk Intelligence for Business Performance
Chief Executive Officer• Linkage between business objectives (revenue, EBIT) and risks to develop probability distributions
for likely business outcomes, rather than point estimates • Forward looking risk assessment information, integrated with the static, historical data about
business processes, functional groups or M&A transactions for strategic decision making • Decision makers are informed early about the risks and threats to earnings. • Get employees focused on the what’s important - integration of information across business
functional groups and businesses to increase efficiency
24
Risk Intelligence for Business Performance
Chief Financial Officer• Supplement static, backward looking data from ERP system with forward looking beliefs about
probability and impact of key risks for better informed business decision-making• Provide a discussion framework that allows management to form a view about its risk appetite and
willingness to take risk to achieve aggressive business objectives
25
Enable Informed Decision Making Process
• Advanced Analytics for decision-making• Better understanding of risk profiles
• Effective monitoring and communication• Integrate risk assessment into management decision-making
• Leverage risk assessment results to enhance controls or the risk acceptance• Enabling decision makers to quickly determine the potential impact of risk and develop
action plan• Powerful dashboards, charts and heat maps provide real-time information,
strengthen transparency into risk and control management• Monitor risk values vs. threshold values• Perform trend analysis • Conduct what-if & scenario analysis • Aggregate and monitor exposures across counterparties, lines of business, etc. • Graphical dashboards and board level scorecards
26
Enhance Visibility with Real-Time Risk Metrics
27
Risk Trends and Heatmaps
Best Practices – Stress TestingCreating a culture of risk awareness®
Global Association ofRisk Professionals
111 Town Square Place14th FloorJersey City, New Jersey 07310U.S.A.+ 1 201.719.7210
2nd FloorBengal Wing9A Devonshire SquareLondon, EC2M 4YNU.K.+ 44 (0) 20 7397 9630
www.garp.org
© 2015 Global Association of Risk Professionals. All rights reserved.
About GARP | The Global Association of Risk Professionals (GARP) is a not-for-profit global membership organization dedicated to preparing professionals and organizations to make better informed risk decisions. Membership represents over 150,000 risk management practitioners and researchers from banks, investment management firms, government agencies, academic institutions, and corporations from more than 195 countries and territories. GARP administers the Financial Risk Manager (FRM®) and the Energy Risk Professional (ERP®) exams; certifications recognized by risk professionals worldwide. GARP also helps advance the role of risk management via comprehensive professional education and training for professionals of all levels. www.garp.org