Upload
st-knight
View
221
Download
0
Embed Size (px)
Citation preview
7/25/2019 Using the RIMS ERM Starter Kit 2013
1/12
Copyright 2013 Risk and Insurance Management Society, Inc. 1
Using the RIMS ERM
Starter Kit
RIMS ERM Trajectory of Success
The five stages of RIMS ERM Trajectory of Success are designed to take an
organization from its initial commitment through design, activation, monitoring and
improving its ERM discipline.
The starter kit is provided to help you overcome the initial hurdles for commitment
and design by providing you with basic ERM materials that other risk professionalshave used successfully.
For more information and training on the RIMS ERM Trajectory of Success, contact
[email protected] our RIMSAccelerating ERM workshop.
Contents of the Starter Kit
Commit
ERM Program Mini Readiness Checklist
ERM Risk Council Charter
RIMS Risk Maturity Model Assessment (link)
Design
Sample Risk Register
Sample ERM Preparatory Interview Worksheet
Risk Log Template
Risk Mapping Using Impact and Likelihood
Risk Ranking Tool
Demo of Risk Ranking Tool (Auto Risks)
Risk Training for Nonprofessionals Template
ERM Executive Report Template (simple)
Sample Annual Report (extended)
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
RIMS thanks the following contributors to the starter kit:
Grace Crickette, University of California
Radu Demian, University Hospitals
Carol Fox, RIMS
Rupak Mazumdar, George Weston Ltd.
mailto:[email protected]:[email protected]7/25/2019 Using the RIMS ERM Starter Kit 2013
2/12
Copyright 2013 Risk and Insurance Management Society, Inc. 2
Using the RIMS ERM
Starter Kit
Starting with Commitment
Commit
ERM Program Mini Readiness Checklist
Use the checklist to gauge your starting point.When considering your assessment, think aboutwhether the requirements are imposedinternally by management or externally by
regulators, shareholders or others.
Many organizations, whether regulated or not,use an internationally recognized voluntarystandard such as ISO 31000 as a requirementsguide. Others subscribe to other recognizedframeworks. See RIMS Executive Report onWidely Used Standards and Frameworks foradditional background.
The readiness checklist may reveal that youalready have a good start, or it may reveal thatyou have significant work to do.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
3/12
Copyright 2013 Risk and Insurance Management Society, Inc. 3
Using the RIMS ERM
Starter Kit
Starting with Commitment
Commit
ERM Risk Council Charter
An important part of the commitment stage is to
articulate the purpose, principles, governance and
strategy for your ERM program. Often this takes the
form of a mandate or charter when establishing an
internal risk committee or council. A charter generally
Establishes a purposeand value outcome for the
enterprise
Establishes the guiding principlesby understanding
and acknowledging the organizations risk
philosophy, setting the foundation of risk practices
within the organizational context
Establishes a risk governance model that fits your
unique organization, and finally Determines an ERM strategy that will get the
organization where it wants to go
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
4/12
Copyright 2013 Risk and Insurance Management Society, Inc. 4
Using the RIMS ERM
Starter Kit
RIMS Risk Maturity Model for ERM
Access at: http://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspx
Starting with Commitment
Commit
RIMS Risk Maturity Model Assessment
With this free assessment, you can evaluate your
organizations risk maturity levels, and determine
where your program can improve.
The assessment is broken down into seven
sections, each focusing on a different core
attribute of ERM. The assessment takes about
fifteen to thirty minutes to complete.
Over 2,000 organizations have already base-lined
their risk maturity levels with the RIMS RMM.
Many come back periodically for a re-assessment
to gauge progress. The assessment iscomplimentary, and your results are kept private.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
http://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspxhttp://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspxhttp://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspx7/25/2019 Using the RIMS ERM Starter Kit 2013
5/12
Copyright 2013 Risk and Insurance Management Society, Inc. 5
Using the RIMS ERM
Starter Kit
Framing the Conversation
Risk registers can be extremely simple to quite lengthy. Often, the risks are sorted by
categories.
This particular sample is organized under two broad categories: Context Risks and
Resource Risks. Context Risks relate to internal and external factors that impact the
environment in which the organization operates or the way business processes are
conducted. Resource Risks relate to the resources used by the organization toaccomplish its objectives.
Designing a Program
Design
Sample Risk Register
Risk registers are valuable tools to identify, define
and list risks that may positively or negatively
impact an organizations objectives.
When initially starting an ERM program, it is
helpful to have a frame of reference for those
being asked to assess the risks.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
6/12
Copyright 2013 Risk and Insurance Management Society, Inc. 6
Using the RIMS ERM
Starter Kit
Engaging the Experts
The preparatory interview worksheet included in the starter kit assumes that
definitions and ratings have been designed. The worksheets purpose is to provide
your experts with food for thought before the interview / voting process begins.
Designing a Program
Design
Sample ERM Preparatory Interview Worksheet
Who best understands the risks that your organizationmay be facing? There are a number of differenttechniques you may use to gather assessmentinformation from these individuals.
Two of the most commonly used are:
The Delphi method entails a group of experts whoreply anonymously to questionnaires andsubsequently receive feedback in the form of astatistical representation of the "group response,"after which the process repeats itself. The goal is toreduce the range of responses and arrive at somethingcloser to expert consensus.
Expert elicitation is a structured process to elicitsubjective judgments from experts. It is widely used inquantitative risk analysis to quantify uncertainties incases where there are no or too few direct empiricaldata available to infer on uncertainty.
Both methods require you to prepare the experts toengage in the interview process.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
7/12
Copyright 2013 Risk and Insurance Management Society, Inc. 7
Using the RIMS ERM
Starter Kit
Keeping a Risk Log
Documenting assessments and who is accountable for doing what by when keeps your
ERM program from becoming a periodic exercise. Unless you have tracking software at
your disposal, this template may help to organize risk activities based on priorities. This
approach can be particularly helpful when assessing risks associated with new
initiatives, projects or launches.
Designing a Program
Design
Risk Log Template
The Risk Log Template provided can be used as
an inventory of risks as they are assessed, and as
decisions are made whether to accept, avoid,transfer, mitigate and/or exploit the risk.
This is particularly useful in the initial stages of
organizational project or initiative plans, where
the actual treatment plans are as yet
undeveloped. Assignments (accountability) can
be made and monitored for rollout.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
8/12
Copyright 2013 Risk and Insurance Management Society, Inc. 8
Using the RIMS ERM
Starter Kit
Depicting Risk Assessments
Once risk registers have been completed and the risks have been assessed, commonly
the next step is to map risks into a grid highlighting those that require the greatest
management attention. Most commonly, this is done based on impact (severity) and
likelihood (or probability).
The risk mapping document in the starter kit takes you through a sample, providing
possible definitions for each of these two criteria.
Designing a Program
Design
Risk Mapping Using Impact and Likelihood
Impact and likelihood are two of many criteria
that may be used to map risks. Other qualitative
measures to consider might include:
Timing (speed to onset, trigger, duration )
Capacity
Controllability
Visibility (for monitoring)
Interdependencies
Readiness
Degree of confidence
See RIMS Strategic Risk Management Implementation Guide
2012 for other possible approaches.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
9/12
Copyright 2013 Risk and Insurance Management Society, Inc. 9
Using the RIMS ERM
Starter Kit
Beyond Frequency and
Severity
In addition to the blank template, we have
included a demo of the Risk Ranking Tool
for consideration of auto risks in the RIMS
ERM Start Kit. This demo illustrates how thetool might be used for consideration of
specific risks.
The tools have been provided as is, in
accordance to their original development
and use within the UC system. You may
need to modify the tool somewhat to meet
your organizations terminology and
descriptions.
Designing a Program
Design
Risk Ranking Tool
Demo of Risk Ranking Tool (Auto Risks)
The Risk Ranking Tool used at the University of
California is an Excel workbook that includes
macros to assess potential risks, likelihood, time,financial and reputation severity. The tool
provides a summary worksheet and a chart of
events.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
10/12
Copyright 2013 Risk and Insurance Management Society, Inc. 10
Using the RIMS ERM
Starter Kit
Explaining Risk Management and ERM to Others
For more information and training on ERM and specific techniques , [email protected] our RIMS Techniques of Risk Management: Gaining a Competitive
Advantage.
Designing a Program
Design
Risk Training for Nonprofessionals Template
One of the keys to building risk management
capabilities within an organization is to provide
some basic training.
A simple 20-slide power point presentation is
included in our starter kit to explain risk
management - and the risk management process
- to others in your organization. The training can
be delivered in 30-45 minutes.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
mailto:[email protected]:[email protected]7/25/2019 Using the RIMS ERM Starter Kit 2013
11/12
Copyright 2013 Risk and Insurance Management Society, Inc. 11
Using the RIMS ERM
Starter Kit
Reporting on Risk
Designing a Program
Design
ERM Executive Report Template (simple)
Sample Annual Report (extended)
As part of the risk management process, risks and
controls should be monitored , reviewed and reported
on a regular basis to verify that
assumptions about risks remain valid;
assumptions on which risk assessments are based,
including the external and internal context, remain
valid;
expected results are being achieved within the
organizations risk appetite and tolerance levels;
selected risk treatments are effective;
the appropriate risk information is shared.
Two examples are provided in the starter kit. One is a
template that you can modify for your own purposes.
The other an example extended report from the
University of Californias Office of Risk Services.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
7/25/2019 Using the RIMS ERM Starter Kit 2013
12/12
Copyright 2013 Risk and Insurance Management Society, Inc. 12
Using the RIMS ERM
Starter Kit
RIMS ERM Trajectory of Success
The five stages of RIMS ERM Trajectory of Success are designed to take an
organization from its initial commitment through design, activation, monitoring and
improving its ERM discipline.
The starter kit is provided to help you overcome the initial hurdles for commitment
and design by providing you with basic ERM materials that other risk professionals
have used successfully.
For more information and training, contact [email protected].
In Conclusion
Other RIMS Resources for Getting Started
Be sure to check out RIMS Strategic and
Enterprise Risk Center for practical articles,
reports, tips, tools and templates successfully
used by leading risk professionals to advance
your organizations risk capabilities.
Materials are meant for educational and informational purposes. The examples have been provided by knowledgeable individuals. RIMS makes no representations or warranties,
expressed or implied, regarding the materials. Individuals should consult their advisors regarding specific risk management issues.
mailto:[email protected]:[email protected]