Upload
ferma
View
90
Download
1
Tags:
Embed Size (px)
DESCRIPTION
FERMA presentation at Athens conference
Citation preview
Enterprise Governance, Risk and ComplianceAthens 12 November 2014
Living and Working in a Riskier World
Julia Graham President of FERMA
Where we are22 member associations in 20 countries
Over 4300 individual members who are responsible for risk management and/or insurance in their organisations
Our member associations
? ? ?
FERMA is 40
Our focus
The 10 risks of highest concern to respondents are:
1. Fiscal crises in key economies2. Structurally high unemployment/underemployment3. Water crises4. Severe income disparity5. Failure of climate change mitigation and adaptation6. Greater incidence of extreme weather events7. Global governance failure8. Food crises9. Failure of a major financial mechanism/institution10. Profound political and social instability
World Economic Forum – Global Risk Report 2014
Source: World Economic Forum, Global Risks 2014
The 10 risks of highest concern to respondents are:
1.Economic slow down / slow recovery
2.Regulatory / legislative changes
3.Increasing competition
4.Damage to reputation / brand
5.Failure to attract or retain top talent
6.Failure to innovate / meet customer needs
7.Business interruption
8.Commodity price risk
9.Cash flow / liquidity risk
10.Political risk / uncertainties
Which of these risks appear on corporate risk maps?
Source: Aon Global Risk Management Survey 2013 / Underrated threats? 2013
The 10 risks of highest concern to respondents are:
1.Economic slow down / slow recovery
2.Regulatory / legislative changes
3.Increasing competition
4.Damage to reputation / brand
5.Failure to attract or retain top talent
6.Failure to innovate / meet customer needs
7.Business interruption….?
8.Commodity price risk
9.Cash flow / liquidity risk
10.Political risk / uncertainties
Which of these risks appear on corporate risk maps?
Source: Aon Global Risk Management Survey 2013 / Underrated threats? 2013
• Cyber • Interdependency of risk• Pandemic / health risk• Pension scheme funding risk• Terrorism risk• Creativity in the insurance industry• increased focus on risk management spend• Failure to attract top talent
• Unethical behaviour
• Supply chain?
Directors of Captives – sense check
Source: Aon - Underrated threats? 2013
Cyber no longer on the horizon
Innovation often comes from the producer not the customer
increased risk complexity and connectivity adds to the challenge for risk managers
Travel increased from 683m to 1bn in a decade – yet pandemic off the radar … then came Ebola
No risk is an island
10
We live and work in a riskier world
Graphic to be replaced
Change ComplexityConnection
Source: World Economic Forum, - Global Risks 2014
• Corporate risk maps tend to focus on risk where the company has some control
• These risks are big and catastrophic
• It is not clear how Boards should tackle these risks
• Do they have the know-how?
• Yet the Board is best placed to manage them
Global risks are beyond normal Board activities
• Focus on impacts, outcomes and consequences for your operations, not the risks themselves
• Check critical dependencies
• Check and reinforce contingency planning and crisis management capabilities
• Improve your risk radar throughout your extended network
• Focus on agility
Managing Global Risks
A broader approach to resilience
Resilience is about opportunity, adaptation and evolution as well as managing disruptions and crises
• Less resilient organisations are prone to failure
• Organisations are more complex, impacts materialise faster
• Can’t be expected to address all risks
• Resilience for many means focussing on operational issues, missing the more strategic ones
Source: AIRMIC and others - Roads to Resilience 2014
Roads to Resilience
Resilient companies have exceptional risk radar to detect changes in the external and internal situation 1
Resilient companies have diversified resources and assets to facilitate alternative approaches and adaptation to change 2
Resilient companies build strong relationships and networks, both internally and externally 3
Resilient companies have the ability to respond rapidly and decisively to an emerging crisis 4
Resilient companies review and adapt based on experience and changing circumstances5
Source: PWC 2014
Resilience – three key messages
16
Resilience is about long-term surviving and thriving
Resilience is generated (and lost) by who we are, what we know, what we do and how we do it
Well understood resilience can be measured, manipulated and leveraged
Source: PWC 2014
Risk Managers are White Swans
FERMA – Strategic Actions
Top 10 2014 2012 Mitigation level Satisfaction level
1. Political – Government intervention, legal & regulatory changes
2. Reputation and brand
3. Compliance with regulation and legislation
4. Competition n.c*
5. Economic n.c*
6. Market strategy, client n.c*
7. Planning and execution of strategy
8. Human resources / key people, social security (labour)
9. Quality (design, safety & liability of products & servides)
10. Debt, cash flow n.c*
The 2014 FERMA Risk Map
High Medium Low*n.c not comparable
• Insurance management and claims handling and insurable loss prevention
• Development of risk maps
• Assistance to other functional areas in contract negotiation, project management, acquisitions and investments
• Design and implementation of risk controls / prevention
Embedded activities
SEMINAR 2014 20
Trend
• Development and embedding of business continuity management
• Alignment and integration of risk management as part of business strategy
• Development and integration of risk culture across the organization
Planned activities
SEMINAR 2014 21
Trend
Knowledge and Skills required
22
Three Lines of Defense
Source: Audit and Risk Committees - News from EU Legislation and Best Practices 2014
1. Review risk management systems
2. CRO or equivalent
3. External audit
4. Relationship and coordination
5. Report annually on the effectiveness and efficiency of risk management in the organization
6. Review annually the performance and terms of reference of the Committee in order to determine whether it is functioning effectively by reference to best practices
7. Oversee the integrity of the financial reporting process and financial reports
8. Review the efficiency of internal control and risk management systems
9. Review and appraise the audit activities: independence, objectivity and effectiveness of the audit process
10. Supervise the internal audit function
Risk and Audit Committee responsibilitiesAudit and Risk CommitteesNews from EU Legislation and Best Practices
Risk Language and Standards are important
Foundations – our profession
COSO ISO 31000
Lengthy vs. Short
Focused on ERM vs. General approach to managing risk
One cube vs. Framework and process
Skewed to negative vs. Risk can be positive or negative
Risk already exists vs. Risk tied to achieving objectives
Risk & opportunities vs. Opportunities also source of risk
More sequential process vs. More iterative process
Many use COSO ERM and ISO 31000
… Concepts not aligned
Standards or Frameworks Used
Source: RIMS 2013 Benchmark Survey - Produced by Advisen
ISO 31000 up 5% from 2011
COSO up 2% from 2011
ISO 3100 adopts a management system Plan - Do - Check - Act
ISO 31000 published in November 2009 Technical Committee and Working Group
ISO Experts for risk management Responsible for ISO 31000 and its maintenance and further
development Represents the opinion of countries and cultures
Undertaking a limited revision of ISO 31000 in the short term, following the principle of continual improvement Including the human and cultural factors in risk management
Determine in the long run a more fundamental technical revision This work will take into consideration the global development of risk
management
ISO 31000 Development
FERMA Certification – our profession
• A frequently used word at cocktail parties • Innovation is not invention• We live and work in a riskier world• Organizations need solutions for the conventional and unconventional• Are insurers up to the challenge?• Are brokers up to the challenge?• Are we up to the challenge?
Innovation – our needs
"It’s about the people you have, how you are led, and how much you get it"Steve Jobs
• Managing Diversity makes business sense: – 78% risk managers are over 45 years old– 73% risk managers are male
• Diversity demands:– Leadership by Top Management– Leadership by example– Action not just words
• Sustainable change not a project • Diversity is more than gender
– Culture– Gender– Age– Ethnicity
Diversity – our assets
Come and join us!
Any Questions?
33