Enterprise Risk Management in a Rapidly Changing Environment€¦ · Management Professional...

1

Enterprise Risk Management in a Rapidly Changing Environment

RIMS ST. LOUIS CHAPTER PRESENTATION

November 21 2019

2

RIMS MISSION:

To educate, engage

and advocate for the

global risk

community

3

Discussion Topics

• The Future Ain’t What It Used to Be

• Disrupting What We Thought We Knew

• What Is the Next Evolution of Risk Management?

• What Do You Want Your Personal Brand to Be?

4

THE FUTURE

AIN’T WHAT IT

USED TO BEYogi Berra

5

Rapidly changing technological environment

6

Rapidly changing

social

environment

7

“One of the key findings of this year’s Global Risks Report is that inequality and polarization are now ranked in the top three as

underlying drivers of global risks.”Source: https://www.weforum.org/agenda/2017/02/global-risks-report-2017/

8 8

"The UN estimates that an average of 22.5m people a year have been displaced by natural disasters since 2008, yet this remains a trickle compared with the flood of refugees and migrants that could result from

the growing effects of global warming.”

Simon BaptistChief Economist, EIU

September 17, 2017

Rapidly changing

meteorological

environment

9

“By 2023, IDC

predicts, over half

(52%) of global GDP

will be accounted for

by digitally

transformed

enterprises. This

digital tipping point

heralds the

emergence of a new

enterprise species,

the digital-first

enterprise.”

Gil Press

Top 10 Tech Predictions for 2020

from IDC

Forbes

October 29 2019

10

DISRUPTING

WHAT WE

THOUGHT WE

KNEW

11

Transactional

Protect Assets and Balance Sheet

• Purchase insurance, hedge and

transfer risks when possible

• Indemnification after the fact

Focus on hazards,

liabilities and threats

Copyright RIMS, the risk management society 2017. All rights reserved.

12

• Prevent and reduce losses before/after incidents

(safety, security, business continuity, etc.)

• Avoid uninsured expenses and improve cash flow

• Viewed as separate (vertical) cost centers

Focus on

control

activities

Transactional

Protect Assets and Balance Sheet

• Purchase insurance, hedge and

transfer risks when possible

• Indemnification after the fact

Focus on hazards,

liabilities and threats

Defensive

Copyright RIMS, the risk management society 2017. All rights reserved.

Protect Organization’s Mission and Value

13

Risk-Related Issues

• Business Disruption

• Contamination

• Execution Failure

• Theft / Civil Unrest

• Data Breach / Cyber Attack

• Regulatory Omission

• IT Infrastructure Failure

• Financial Anomalies

• Worker / Public Injury

Adhering to risk management

policies on risk tolerance,

risk management authorities,

etc.

Ro

ot

Cau

se A

naly

sis

Measure uncertainties / deviations from plan

Adapted from: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.

Assessment

14

Risk-Related Issues

• Business Disruption

• Contamination

• Execution Failure

• Theft / Civil Unrest

• Data Breach / Cyber Attack

• Regulatory Omission

• IT Infrastructure Failure

• Financial Anomalies

• Worker / Public Injury

Management Control Options

• Business Continuity Management

• Environmental Management

• Quality Assurance / Project Management

• Physical Security Management

• Privacy/Information Security Management

• Compliance Program Management

• IT Risk Management

• Financial Risk Management

• Safety Management

Adhering to risk management

policies on risk tolerance,

risk management authorities,

etc.

Accept, Avoid, Transfer, Share, Mitigate and/or Exploit

Ro

ot

Cau

se A

naly

sis

Controls

Assessment

(Audits)

Measure uncertainties / deviations from plan

Adapted from: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.

Assessment

15

Create and Protect Value Throughout an Enterprise

• Horizontal competency in planning and activities

• Future- and objectives-focused

• Inform capital allocation decisions

• Improve efficiencies

Focus on

uncertainty

and

decision

making

• Prevent and reduce losses before/after incidents

(safety, security, business continuity, etc.)

• Avoid uninsured expenses and improve cash flow

• Viewed as separate (vertical) cost centers

Focus on

control

activities

Transactional

Protect Assets and Balance Sheet

• Purchase insurance, hedge and

transfer risks when possible

• Indemnification after the fact

Focus on hazards,

liabilities and threats

Strategic

Defensive

Copyright RIMS, the risk management society 2017. All rights reserved.

Protect Organization’s Mission and Value

16

Source: RIMS 2017 Enterprise Risk Management Benchmark Survey. All rights reserved.

Where are we now?

Well beyond the tipping point

17

WHAT IS THE

NEXT EVOLUTION

IN RISK

MANAGEMENT?Will we be disrupted or be disruptors?

18

Insurance

• Administering

Hazard

• Managing

Integrated

• Directing

Strategic

• Leading

1950’s – 60’s 1970’s – 80’s 1990’s 21st Century

19

How Do Board Members See It?

From RIMS “Voice at the Top” WebinarMarch 14, 2013

Special Guest: Douglas W. LeatherdaleRetired Chairman and Chief Executive Officer, The St. Paul Companies, Inc.

Board Member:United Health Group Xcel EnergyNumerous societies and philanthropic organizations

20

Make sure that there is a

risk management system in

place in each business that

includes effective risk-

control mechanisms as well

as information systems that

flow up to senior

management

Shape the risk principles and policies

of the company, track the capital risk

capacity of the company, define who is

responsible for managing the specific

risks within the organization, and

provide a framework for judging the

effectiveness of risk-taking

Board’s View of Risk Management’s Primary Roles

What

else? Quote Sources: “Point Of View: A Special Issue Focusing On Today’s Board & CEO Agenda” 2010 spencerstuart.com

21

Strategy and Objectives

“Ecosystem” Risks

Business Unit Risks

Process and Behavior Risks

Unique Risks

- WHERE - - WHAT - - HOW -

Risk Triangle Risk FrameworkProcess, Tools &

Techniques

Game Theory

Risk Sensing

Interconnected Analyses

Root Cause Analyses

Traditional Assessments

22

Financial &

Safety Risks

Expected performance

Value of Organization Portfolio

across the Enterprise

Graphic Source: Dr. Carl Spetzler at RIMS Risk Summit 2017 in Palo Alto CA. All rights reserved.

Where are we seen to be now?

23

Effect of

Uncertainties Value of Organization Portfolio

across the Enterprise

Risk management competencies + process = informed decisions and improved performance

Graphic Source: Dr. Carl Spetzler at RIMS Risk Summit 2017 in Palo Alto CA. All rights reserved.

Where do we want to be?

24

WHAT DO YOU

WANT YOUR

PERSONAL

BRAND TO BE?

25

You are in charge of your brand.

Tom Peters, 1997

Mission

Team player

Exceptional Expert

Businessperson

Visionary

What do you want to be known for?

26

Personal Branding

What are you

known for?

“I know it all … I just can’t remember it all at once.”

27

What are the implications in taking an ERM approach?

Proactive

Reactive

• Objectives Focused

• Predictive Indicators

• Foresight

• Strategic

• Creates and captures value

• Event Focused

• Post Action Response

• After-thought

• Transactional

• Protects Value

Expanding personal and organizational risk management competencies

27Copyright © 2018 Risk and Insurance Management Society, Inc. All rights reserved.

28

The Evolving Role of the Risk Professional

Source: RIMS Executive Report: The Evolving Role of the Risk Professional 2012

29

The Role of a Risk Management Professional

A risk management professional is a partner who supports the organization to leverage the opportunities and uncertainties associated with its goals and objectives.

- From RIMS-CRMP Handbook

Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.

Risks related

to goals and

objectives

30

The Role of a Risk Management Professional

Enterprise-wide risk

management professionals and practices

Safety and Health

Information Security

Business continuity

Insurance

Environmental

Risk management professionals [across multiple specialties] lead the development and implementation of risk management practices that enable an organization to make risk-effective decisions that create and sustain value.

- From RIMS-CRMP Handbook

What’s new?

Focus on decision-making and enterprise performance

31

Is Your Brand Evolving?• Risk management is evolving from “a second line of defense only”

to playing “offense and defense”.

• The board expects information - not just data - focused on strategic

risks that can either improve or worsen the organization’s position.

• The new breed of risk professional must act as risk leader,

capability architect and strategic advisor.

• Forging “strategic alliances” throughout the organization helps in

avoiding shipwrecks.

• Broader competencies (i.e., an evolving skill set) translate into

higher compensation levels.

32

33

Demonstrates insight and leadership

Exhibits integrity and honesty

Communicates effectively

Actively listens and comprehends simple and complex issues

Fosters a collaborative and consultative environment

Applies technical and business knowledge areas to needs of the organizationC

OR

E C

OM

PE

TE

NC

IES

34

Challenge: Modifying Your BrandHigh appetite

for risk

Low tolerance

for risk

Risk profile

Tactical Strategic

Organizational mind-set

Image makers Adventuresome visionaries

Daily operators Operational leaders

Risk Manager

Internal Auditor

Controller

CRO

CIO

COO

CFO

Sales

Marketing Line Executive

CEO

Strategist

Source: IBM Global Business Services, The Global CFO Study 2008

35

CERTIFICATION

OF RISK

MANAGEMENT

PROFESSIONALS

36

With the accreditation of the RIMS-CRMP by the American National Standards Institute (ANSI) under

the rigorous ISO/IEC 17024:2012 certification of individuals requirements:

• RIMS is the only risk management certification to currently have earned such status;

• RIMS-CRMP conforms to ISO international standard requirements;

• RIMS is one of the youngest programs to earn ANSI accreditation in any industry;

• An independent third-party has evaluated and approved the RIMS-CRMP certification program, its

processes and procedures;

• RIMS commitment to continuous quality reviews and improvements is validated.

37

Risk Management Proficiency Domains

Analyzing the Business Model

Designing Organizational Risk Strategies

Implementing the Risk Process

Developing Organizational Risk Competency

Supporting Decision Making

√

√

√

√

√

38

Education and/or Experience

Competencies Tested

Continuing Education Requirements

Uphold Professional Code of Ethics

Periodic Recertification

CE

RT

IFIC

AT

ION

CO

MP

ON

EN

TS

39

Risk management has evolved to fundamentally

change the way organizations think about

risk.

Risk management can change future outcomes

… for the better.

Risk management enables better overall decision-

making and performance.

Risk management professionals possess the knowledge, education and experience to successfully

manage risk and create value for their organizations.

40

RIMS MISSION:

To educate, engage

and advocate for the

global risk

community