IMPLEMENTING RISK INTELLIGENCE GOVERNANCE STRATEGIES

Robertine A Chaderton 2011

IMPLEMENTING RISK INTELLIGENCE GOVERNANCE STRATEGIES

Caribbean Association of Audit Committee Members

Conference 2011


What is risk?

• Def: “The chance that there is some danger or threat; an uncertainty”

• The risks that can affect organisations are liquidity, environmental, reputational, strategic among others

• Risk taking can be considered as a means of value creation , candid communication and collaboration between the board and management


Risk

• Risk like fear can be a good thing; it should keep things in perspective; no fear and you are a danger to yourself; too much fear and you can become paralysed

• Too much risk is irresponsible; being too risk averse nothing is done

• You are encouraged to change risk management from being an exercise in risk avoidance to be something to be considered when every decision, action and activity are undertaken


What is RISK INTELLIGENCE?

• RISK GOVERNANCE – strategic decision making and risk oversight led by the Board of Directors

• RISK INFRASTRUCTURE & MANAGEMENT – designing, implementing and maintaining an effective management program carried out by executive management

• RISK OWNERSHIP – identifying, measuring, monitoring and reporting on specific risks done at the level of business units


GOVERNANCE

• Directors are often so far away from the front line that they cannot foresee the practical issues that give rise to crises

• Good governance hinges on sound decision making

• “Directors should ensure good management , but they should not provide it”


The Caribbean today

• Recovering from the financial crisis of 2008• To implement risk intelligence governance

strategies, we must be prepared to learn lessons from the conventional way of doing business

• We need to create the framework for thinking the unthinkable


PRACTICAL GUIDE TO RISK INTELLIGENT GOVERNANCE

A. Define the Board’s oversight role B. Foster a Risk intelligent cultureC. Help management incorporate risk intelligence

into strategyD. Help define the risk appetiteE. Execute the Risk intelligent governance processF. Benchmark and evaluate the governance

process


A: Questions to ask about risk oversight

• How is risk overseen by our various board committees?

• Is there appropriate coordination & communication? Are we getting the information we need for key decisions?

• What mechanisms does management use to monitor emerging risks? What early warning mechanisms exist? How and how often are they reviewed?

• What is the role of technology in the risk management program?


STEPS USED TO IMPROVE RISK GOVERNANCE

•Revised committee charters to include risk related concerns•Benchmarked their practices against peer companies•Obtained guidance from association of directors•Focused more attention on risk management and its value•Revised ethical guidelines and codes of conduct


B: Questions on organisation culture

• How are we communicating our Risk Intelligence messages?

• Are people comfortable in discussing risk or are they afraid to raise difficult issues?

• How is the compensation package encouraging in appropriate short term risk taking?

• Has the organisation developed a common language around risk that measures and promotes risk awareness in all activities at all levels?


C: Questions on incorporating RiskIntelligence into strategy

• How can we include Risk Intelligence into decisions about capital acquisition, allocation & succession planning?

• How should risk-return trade off be weighed in strategic planning & review sessions?

• What is the process for identifying & evaluating changes in the external environment? How are these findings take into consideration in that strategic planning sessions?


WAYS TO ENCOURAGE THE RISK INTELLIGENCE APPROACH INTO STATEGIC PLANNING

• Increase the frequency of discussions of risk with management•Evaluate the risk appetite and tolerances with management•Identify activities, decisions & transactions (typically by size) that must be brought to the board’s attention


D: Questions on risk appetite

• What size risks or opportunities do we expect management to bring to our attention?

• How does management determine the organisation’s risk appetite? Which risk categories are considered and how do they relate to management’s performance goals and compensation?


E: Questions on Risk Intelligence process

• Are people at all levels actively engaged in risk management? If so, how? If not, why not?

• What criteria does management use to prioritise enterprise risks?

• How is management addressing the major opportunities & risks facing the organisation?

• How often do we discuss risk with management? What issues have been brought to our attention in the past 6-12 months?


F: Questions on benchmarking & evaluating governance process

• How have we gone about assessing our risk governance and management programs?

• To what extent are our compliance, internal audit and risk management teams using Risk Intelligence approaches?

• What value might be derived from bringing an outside entity to assess our organisation against industry standards?


ACTIONS TO CONSIDER IN BENCHMARKING & EVALUATION OF GOVERNANCE PROCESSES

•Use internal monitoring & feedback•Participate in continuing education and updates•Solicit independent viewpoints•Include risk as a topic in the annual board’s self assessment


10 Essential Risk Intelligence lessons to be learnt (1)

1. Counting on false assumptions – Directors have believed that the assumptions they made are true

• Are directors willing to question their assumptions or for that matter the assumptions of others? Chances are that they are not…..directors think they know what they know ….but life is filled with uncertainties. Factors affecting events will change and the events are not mildly random, instead they are wildly random.

2. Failing to exercise vigilance – Directors were not keeping their eyes open to what was happening around them in their organisations


10 Essential Risk Intelligencelessons to be learnt (2)

3. Ignoring velocity and momentum – Directors are not noticing how quickly situations and events are changing.

4. Failing to make key connections and manage complexity- Directors do not realize how interconnected we are and that this inter connection causes decision making to be complex.



5. Failing to imagine failure - if we can imagine what it is like to fail or the worst thing that can happen, then we can take the necessary steps to

prevent it or at least have a back up plan. 6. Relying on unverified sources of information- it is so

very important to double check the source of the information which you intend to use for decision making; we cannot always rely on the media; try to verify from another unrelated source.


Questions to ask about anticipating causes of failure

HANDOUT 1



7. Maintaining inadequate margins of safety - This can be corrected by having a fall back position – a buffer level of resources and assets; it is generally best in turbulent times not to be running flat out.

TURBULENT TIMES COME WITHOUT WARNING

8. Focusing exclusively on the short term – while short termism is attractive, in that you are motivated to complete certain projects or achieve certain targets, it can have the negative impact of excessive risk for short term paybacks; board members need to place emphasis on tactics rather than on strategy and can lose continuity in leadership.



9. Taking the wrong rather than the ‘right’ risks - one of the biggest risks that businesses face is the failure to innovate. Every time someone comes up with a new idea, the persons who are risk averse, kill it. It is not suggested that there be the taking of reckless risks, but there has to be a balance.



10. Abandoning operational discipline -To instill operational discipline and accountability, the Romans insisted that engineers stand under the

arches they had designed when the supporting wooden tussles were taken away. That may explain why the bridges they built have lasted

over 2000 years.


Root causes of a lack of operational discipline (1)

• Lack of ‘felt” leadership and leaders who do not WALK THE WALK

• Insufficient resources to support operation• Employees not engaged in improving the

business• Ineffective lines of communication• Lack of strong teamwork• Lack of shared values


Root causes of a lack of operational discipline (2)

• Outdated documentation• Failure to practice what you preach• A proliferation of short cuts• Poor housekeeping• Lack of pride in the organisation

HOW TO CORRECT THESE ROOT CAUSES1. Question every rule2. Build trust through responsibility3.Thank the messenger4. Promote risk takers


The Voice of Experience

“People don’t see the need for prevention until it’s too late. Obviously when a crisis occurs, everyone recognises the need…….…It ought to obvious that prevention is less expensive and more effective than response and recovery……… Let us make sure we understand the risks that we have in the organisation and the need to take some actions to mitigate the risk,….. understand it……..be more involved “

(A director)


“ The less prudence with which others conduct their

affairs, the greater prudence with which we must conduct our own

affairs”Warren Buffet


Transformation Success Factors (1)

• Create the right tone at the top• Assign Executive ownership• Leverage the best of the existing

organisational culture• Build Risk Intelligence into core business

processes• Adopt a disciplined change management

process



• Link Metrics to Compensation and performance management

• Focus on the “VITAL FEW”, not on the “TRIVIAL MANY”

• Improve cross-functional preparedness and co-ordination

• Demand discipline and accountability in execution



• Insist on reasonable assurance and independent reassurance for the most relevant and highest impact risks

• ACT ON YOUR KNOWLEDGE AND ADAPT

• COMPLETE THE QUESTIONNAIRE TO ASSESS YOUR ENTERPRISE RISK IQ (Handout 2)


References

• “Risk intelligent governance – A practical guide for boards” DELOITTE Risk Intelligence Series Issue No 16

• “Risk Intelligent enterprise management – Running the Risk Intelligent Enterprise ” DELOITTE Risk Intelligence Series Issue No 16 cont’d

• Funston, Frederick and Stephen Wagner (2010) “Surviving and Thriving in Uncertainty: Creating The Risk Intelligent Enterprise” Wiley& Sons

Documents

IMPLEMENTING RISK INTELLIGENCE GOVERNANCE STRATEGIES