SlideShare ist ein Scribd-Unternehmen logo

Risk Health Check

Ljuba Bogdanovich
Ljuba Bogdanovich

Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies

1 von 12
Downloaden Sie, um offline zu lesen
Risk health check When is yours?
2
Rethinking enterprise risk management (ERM) Today’s business leaders understand the importance of risk management – but they still struggle to identify strategies to make it more effective and efficient. Do you know if your risk management practices provide a competitive advantage, given the size and complexity of your organization? Do you know if your ERM framework is aligned with leading standards? As a member of the board or the executive management team, what comfort level do you have around your organization’s risk management activities? Will your risk management program pass muster during regulators’ and rating agencies’ examinations? Have you done a risk health check to both understand your current ERM capabilities and consider next steps in the risk intelligence journey? Asking questions like these, and finding effective answers, is critical to developing the “right” risk management capabilities. 1
ERM in a risk intelligent enterprise Risk Intelligence (RI), Deloitte’s risk management philosophy, focuses on maintaining the right balance between risk and reward. Simply put, organizations create value by taking risks and lose value by failing to manage them. Before considering risk intelligence, however, it is important to understand what enterprise risk management, or ERM, is all about. ERM is the development of a strategic, systematic and illustrative risk management capability across an organization. It includes exercising effective risk governance, establishing customized risk management infrastructure and implementing robust risk management processes. ERM helps organizations achieve strategies and objectives for both value preservation and value creation. Deloitte calls organizations with this advanced risk management capability risk intelligent enterprises. The risk intelligent enterprise understands that calculated risk-taking is essential to value creation. It does not strive to eliminate risk or even necessarily to minimize it – which marks a critical departure from the traditional view of risk as something to avoid. The risk intelligent enterprise seeks instead to manage risk exposures so that it incurs just enough of the right kinds of risk – no more, no less – to effectively pursue its strategic goals. The risk intelligent enterprise understands that calculated risk-taking is essential to value creation 2
To keep risk exposures and business strategy aligned, a risk intelligent enterprise must coordinate across the following three levels of risk management: Risk intelligent enterprise Risk governance Tone at the top Stakeholder Strategy & Risk appetite expectations performance Risk management enablers Framework & Culture & Information & Policies methodology capabilities reporting Technology Risk management processes Risk Risk Risk Risk Escalation & identification measurement assessment response monitoring Integration with the business • Risk governance is led by the board of directors and includes setting the tone at the top, aligning stakeholder expectations, approving the risk appetite and integrating risk management with strategy and performance goals. • Risk management enablers are put in place by executive management and include the development of policies, frameworks and methodologies, culture and capabilities, information, reporting and supporting technology. • Risk management processes are led by the business units and functions and include the identification, measurement, assessment, escalation and monitoring of specific risks, as well as risk response. 3
Why understand your ERM capabilities? Most organizations already have a multitude of ERM practices and processes to address risks in particular organizational areas – functional risks, business unit-specific risks, compliance risks and so on. While this may address targeted risks effectively, the lack of a mature ERM capability can expose risk management gaps and redundancies, and prevent sufficient insight into key risk interdependencies. Organizations typically exhibit varying levels of ERM maturity. To assess this level for individual organizations, Deloitte has developed the ERM maturity model and the ERM diagnostic which are consistent with concepts embodied in the ISO 31000 International Standard on risk management. The maturity model helps organizations understand their current RI situation and identify steps they can take to improve it. As organizations progress along the maturity curve, their risk management activities become steadily more integrated and coordinated. Risk becomes a strategic concern, embedded into leadership’s planning processes and the organization’s day-to-day business activities. Thanks to this functionality, the maturity model can help you answer the following questions: • How capably can the organization manage its risk profile right now? • How capable does it need to be? • How can it achieve its desired state? By when? • How can it leverage existing ERM practices? 4
How the ERM diagnostic can help The results of the ERM diagnostic can help you: • Determine your organization’s current risk management capabilities in the context of relevant leading risk management practices • Identify and define target risk management capability levels over time • Identify key risk and opportunity areas where improved risk management practices can provide competitive benefits • Clarify and prioritize specific project and change management plans • Understand the relative alignment between key stakeholders’ assessments of the organization’s risk management capabilities • Facilitate more specific conversations with boards, executives and risk owners Summary of comparison of an organization’s current and desired maturity levels with representative attributes by maturity level Desired state Stakeholder value Interim state Current state Initial Stages of ERM capability maturity Initial Fragmented Comprehensive Integrated Strategic • Ad hoc/chaotic • Risk is defined differently • Risk universe is identified • Risk management • Risk discussion is • Enterprise takes at different levels and in • Common risk activities coordinated embedded in strategic minimal risks into different parts of the assessment/response across business areas planning, capital/resource consideration for organization approach developed and • Risk analysis tools allocation, product determining the • Risk is managed in silos adopted developed and development, vendor vulnerability to risks • Limited focus on the • Organization-wide risk communicated selection, etc. • No formal procedures linkage between risks assessment performed, • Enterprise risk • Early warning system to for risk assessment • Limited alignment of risk action plans implemented monitoring, measuring, notify the risks above to strategies in response to high and reporting established threshold to • Disparate monitoring priority risks • Scenario planning board and management and reporting functions • Communication of top • Opportunity risks • Linkage to performance strategic risks to the identified and exploited measures and incentives senior management team • On-going risk assessment • Risk modeling processes 5
Before gaining the ability to reap these rewards, however, your organization must determine its risk management capabilities. A good way to begin is by answering some of the following questions: Risk governance • Do the board of directors, board and management committees have charters that explicitly include their risk management roles and responsibilities? • Have you clearly defined and communicated your ERM philosophy, vision and risk management strategy and made it understood throughout the organization? • Have you defined a framework for clarifying the organization’s attitude to risk taking? • Does strategic planning consider risk appetite, risk assessment results and scenario analyses? Risk management enablers • Does a process exist to “operationalize” risk management policies in communications, training, monitoring and reporting? • Is a customized risk framework and risk management methodology in place to support the organization’s objectives and activities, to meet stakeholder requirements and to facilitate compliance with regulations and standards? • Are risk management competencies assessed across the organization and training programs tailored to address needs? • Do systems exist to integrate risk management activities efficiently? Risk ownership • Do risk measurement processes exist to integrate and aggregate data in support of critical decision-making? • Have you identified risk interdependencies to better understand the cumulative effect of interrelated risk exposures? • Have you developed an integrated first response/recovery plan and tested for all major risks? 6
The Deloitte difference – head and shoulders above the competition Deloitte has been rated by leading independent research firms as the leader in end-to-end risk management services. This external recognition affirms what many Deloitte clients have experienced and know – that we offer a distinct advantage as follows: Deloitte difference Which means Market leadership Our enterprise risk practice is a market By understanding your challenges leader with substantial credentials. and needs, we bring you insightful perspectives combined with practical recommendations. We help you successfully implement customized ERM solutions and benefit from the advanced thinking of our top professionals. Industry and We have a strong, dedicated and We leverage our industry ERM experience highly skilled team of ERM specialists, knowledge, bringing hands-on with significant, in-depth industry experience and demonstrated experience. competence to ERM evaluation. Methodology and tools We have a proven, flexible global We offer innovative approaches and methodology and toolkit that is toolkits that can improve the efficiency aligned with industry standards. and effectiveness of your ERM program. Knowledge sharing/ We combine a collaborative approach We can enhance risk management skills, knowledge transfer with a commitment to sharing leading knowledge and capabilities to sustain risk ERM practices. management within your organization. To learn more, contact your Deloitte practitioner for the latest analyst rating. 7
Contacts To find out how Deloitte can help service organizations prepare for, and benefit from, these changes, please contact: National ERM Leader Susan Hwang 416-601-6653 suhwang@deloitte.ca Alberta Manitoba Steen Skorstengaard David Sachvie 403-503-1351 204-944-3623 sskorstengaard@deloitte.ca dsachvie@deloitte.ca Atlantic National Capital Region Rob Carruthers Keith Davis 902-721-5645 613-751-5308 rcarruthers@deloitte.ca keidavis@deloitte.ca Greater Montreal Area Quebec & Regions Pierre Gignac Sylvian Metivier 514-393-5251 418-624-5382 pgignac@deloitte.ca smetivier@deloitte.ca Greater Toronto Area Saskatchewan Susan Hwang Karen O’Brien 416-601-6653 306-565-5208 suhwang@deloitte.ca kaobrien@deloitte.ca Greater Vancouver Area South West Ontario Jeff Erdman Simon O’Keefe 604-640-3254 905-315-6763 jerdman@deloitte.ca sokeefe@deloitte.ca 8
9
www.deloitte.ca Deloitte, one of Canada’s leading professional services firms, provides audit, tax, consulting, and financial advisory services through more than 7,700 people in 58 offices. Deloitte operates in Québec as Samson Bélair/Deloitte & Touche s.e.n.c.r.l. Deloitte & Touche LLP, an Ontario Limited Liability Partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. © Deloitte & Touche LLP and affiliated entities. 10-649G

Empfohlen

CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteHassan Zaitoun
 
Grant Thornton - Risk appetite: A market study UK 2012
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton - Risk appetite: A market study UK 2012
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 

Empfohlen

CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Irm Risk Appetite
Irm Risk AppetiteIrm Risk Appetite
Irm Risk AppetiteHassan Zaitoun
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteHassan Zaitoun
 
Grant Thornton - Risk appetite: A market study UK 2012
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton - Risk appetite: A market study UK 2012
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
A Framework for Managing Project Risk
A Framework for Managing Project RiskA Framework for Managing Project Risk
A Framework for Managing Project RiskKnow That / Know How / Know Why
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermDr .Maizar Radjin, SE., M.Ak., QIA., QRMA, CRGP
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk managementQuarterlyEarningsReports2
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management ErmNexus Aid
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for BankersDavid Vu
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Zanders Treasury, Risk and Finance
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementJorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation ProcessColleen Beck-Domanico
 
Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)Michel Rochette
 
Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shcPeter Schellinck
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820minhaj52
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820Vijay Kejriwal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraNik Hasyudeen
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk managementQuarterlyEarningsReports2
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management ErmNexus Aid
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for BankersDavid Vu
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Zanders Treasury, Risk and Finance
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation ProcessColleen Beck-Domanico
 
Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)Michel Rochette
 

Was ist angesagt? (19)

Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
A Framework for Managing Project Risk
A Framework for Managing Project RiskA Framework for Managing Project Risk
A Framework for Managing Project Risk
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 
.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management.credit-suisse Annual Report Part 4 Risk management
.credit-suisse Annual Report Part 4 Risk management
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEI
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
 
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process
 
Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)Risk Appetite Caa Dec08 (1)
Risk Appetite Caa Dec08 (1)
 

Ähnlich wie Risk Health Check

Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820minhaj52
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820Vijay Kejriwal
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820Tim Smith
 
Risk management standard
Risk management standardRisk management standard
Risk management standardLuis Vitiritti
 
Enterprise risk-mgmt[1]
Enterprise risk-mgmt[1]Enterprise risk-mgmt[1]
Enterprise risk-mgmt[1]artipradhan
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCPRon Andrews
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesRahul Bhan (CA, CIA, MBA)
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessEneni Oduwole
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management ProgramAlicia Edwards
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...Finance Network marcus evans
 
Introduction To Risk Management Process
Introduction To Risk Management ProcessIntroduction To Risk Management Process
Introduction To Risk Management Processdavidcurriecia
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOPiTech
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAEWheelhouse Advisors LLC
 

Ähnlich wie Risk Health Check (20)

Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shc
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 
Risk management standard_030820
Risk management standard_030820Risk management standard_030820
Risk management standard_030820
 
Risk management standard
Risk management standardRisk management standard
Risk management standard
 
Enterprise risk-mgmt[1]
Enterprise risk-mgmt[1]Enterprise risk-mgmt[1]
Enterprise risk-mgmt[1]
 
Incorporating Risk Management into BCP
Incorporating Risk Management into BCPIncorporating Risk Management into BCP
Incorporating Risk Management into BCP
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Proposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management ServicesProposal To Chairman For Risk Management Services
Proposal To Chairman For Risk Management Services
 
Integrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning ProcessIntegrating The Output From Risk Workshops Into The Business Planning Process
Integrating The Output From Risk Workshops Into The Business Planning Process
 
Introduction to Risk Governance
Introduction to Risk GovernanceIntroduction to Risk Governance
Introduction to Risk Governance
 
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
 
B322
B322B322
B322
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...
Finance is Risky Business: Monitoring and Managing Your Company’s Risk Appeti...
 
Introduction To Risk Management Process
Introduction To Risk Management ProcessIntroduction To Risk Management Process
Introduction To Risk Management Process
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_Riskmanagement
 

Risk Health Check

  • 2. 2
  • 3. Rethinking enterprise risk management (ERM) Today’s business leaders understand the importance of risk management – but they still struggle to identify strategies to make it more effective and efficient. Do you know if your risk management practices provide a competitive advantage, given the size and complexity of your organization? Do you know if your ERM framework is aligned with leading standards? As a member of the board or the executive management team, what comfort level do you have around your organization’s risk management activities? Will your risk management program pass muster during regulators’ and rating agencies’ examinations? Have you done a risk health check to both understand your current ERM capabilities and consider next steps in the risk intelligence journey? Asking questions like these, and finding effective answers, is critical to developing the “right” risk management capabilities. 1
  • 4. ERM in a risk intelligent enterprise Risk Intelligence (RI), Deloitte’s risk management philosophy, focuses on maintaining the right balance between risk and reward. Simply put, organizations create value by taking risks and lose value by failing to manage them. Before considering risk intelligence, however, it is important to understand what enterprise risk management, or ERM, is all about. ERM is the development of a strategic, systematic and illustrative risk management capability across an organization. It includes exercising effective risk governance, establishing customized risk management infrastructure and implementing robust risk management processes. ERM helps organizations achieve strategies and objectives for both value preservation and value creation. Deloitte calls organizations with this advanced risk management capability risk intelligent enterprises. The risk intelligent enterprise understands that calculated risk-taking is essential to value creation. It does not strive to eliminate risk or even necessarily to minimize it – which marks a critical departure from the traditional view of risk as something to avoid. The risk intelligent enterprise seeks instead to manage risk exposures so that it incurs just enough of the right kinds of risk – no more, no less – to effectively pursue its strategic goals. The risk intelligent enterprise understands that calculated risk-taking is essential to value creation 2
  • 5. To keep risk exposures and business strategy aligned, a risk intelligent enterprise must coordinate across the following three levels of risk management: Risk intelligent enterprise Risk governance Tone at the top Stakeholder Strategy & Risk appetite expectations performance Risk management enablers Framework & Culture & Information & Policies methodology capabilities reporting Technology Risk management processes Risk Risk Risk Risk Escalation & identification measurement assessment response monitoring Integration with the business • Risk governance is led by the board of directors and includes setting the tone at the top, aligning stakeholder expectations, approving the risk appetite and integrating risk management with strategy and performance goals. • Risk management enablers are put in place by executive management and include the development of policies, frameworks and methodologies, culture and capabilities, information, reporting and supporting technology. • Risk management processes are led by the business units and functions and include the identification, measurement, assessment, escalation and monitoring of specific risks, as well as risk response. 3
  • 6. Why understand your ERM capabilities? Most organizations already have a multitude of ERM practices and processes to address risks in particular organizational areas – functional risks, business unit-specific risks, compliance risks and so on. While this may address targeted risks effectively, the lack of a mature ERM capability can expose risk management gaps and redundancies, and prevent sufficient insight into key risk interdependencies. Organizations typically exhibit varying levels of ERM maturity. To assess this level for individual organizations, Deloitte has developed the ERM maturity model and the ERM diagnostic which are consistent with concepts embodied in the ISO 31000 International Standard on risk management. The maturity model helps organizations understand their current RI situation and identify steps they can take to improve it. As organizations progress along the maturity curve, their risk management activities become steadily more integrated and coordinated. Risk becomes a strategic concern, embedded into leadership’s planning processes and the organization’s day-to-day business activities. Thanks to this functionality, the maturity model can help you answer the following questions: • How capably can the organization manage its risk profile right now? • How capable does it need to be? • How can it achieve its desired state? By when? • How can it leverage existing ERM practices? 4
  • 7. How the ERM diagnostic can help The results of the ERM diagnostic can help you: • Determine your organization’s current risk management capabilities in the context of relevant leading risk management practices • Identify and define target risk management capability levels over time • Identify key risk and opportunity areas where improved risk management practices can provide competitive benefits • Clarify and prioritize specific project and change management plans • Understand the relative alignment between key stakeholders’ assessments of the organization’s risk management capabilities • Facilitate more specific conversations with boards, executives and risk owners Summary of comparison of an organization’s current and desired maturity levels with representative attributes by maturity level Desired state Stakeholder value Interim state Current state Initial Stages of ERM capability maturity Initial Fragmented Comprehensive Integrated Strategic • Ad hoc/chaotic • Risk is defined differently • Risk universe is identified • Risk management • Risk discussion is • Enterprise takes at different levels and in • Common risk activities coordinated embedded in strategic minimal risks into different parts of the assessment/response across business areas planning, capital/resource consideration for organization approach developed and • Risk analysis tools allocation, product determining the • Risk is managed in silos adopted developed and development, vendor vulnerability to risks • Limited focus on the • Organization-wide risk communicated selection, etc. • No formal procedures linkage between risks assessment performed, • Enterprise risk • Early warning system to for risk assessment • Limited alignment of risk action plans implemented monitoring, measuring, notify the risks above to strategies in response to high and reporting established threshold to • Disparate monitoring priority risks • Scenario planning board and management and reporting functions • Communication of top • Opportunity risks • Linkage to performance strategic risks to the identified and exploited measures and incentives senior management team • On-going risk assessment • Risk modeling processes 5
  • 8. Before gaining the ability to reap these rewards, however, your organization must determine its risk management capabilities. A good way to begin is by answering some of the following questions: Risk governance • Do the board of directors, board and management committees have charters that explicitly include their risk management roles and responsibilities? • Have you clearly defined and communicated your ERM philosophy, vision and risk management strategy and made it understood throughout the organization? • Have you defined a framework for clarifying the organization’s attitude to risk taking? • Does strategic planning consider risk appetite, risk assessment results and scenario analyses? Risk management enablers • Does a process exist to “operationalize” risk management policies in communications, training, monitoring and reporting? • Is a customized risk framework and risk management methodology in place to support the organization’s objectives and activities, to meet stakeholder requirements and to facilitate compliance with regulations and standards? • Are risk management competencies assessed across the organization and training programs tailored to address needs? • Do systems exist to integrate risk management activities efficiently? Risk ownership • Do risk measurement processes exist to integrate and aggregate data in support of critical decision-making? • Have you identified risk interdependencies to better understand the cumulative effect of interrelated risk exposures? • Have you developed an integrated first response/recovery plan and tested for all major risks? 6
  • 9. The Deloitte difference – head and shoulders above the competition Deloitte has been rated by leading independent research firms as the leader in end-to-end risk management services. This external recognition affirms what many Deloitte clients have experienced and know – that we offer a distinct advantage as follows: Deloitte difference Which means Market leadership Our enterprise risk practice is a market By understanding your challenges leader with substantial credentials. and needs, we bring you insightful perspectives combined with practical recommendations. We help you successfully implement customized ERM solutions and benefit from the advanced thinking of our top professionals. Industry and We have a strong, dedicated and We leverage our industry ERM experience highly skilled team of ERM specialists, knowledge, bringing hands-on with significant, in-depth industry experience and demonstrated experience. competence to ERM evaluation. Methodology and tools We have a proven, flexible global We offer innovative approaches and methodology and toolkit that is toolkits that can improve the efficiency aligned with industry standards. and effectiveness of your ERM program. Knowledge sharing/ We combine a collaborative approach We can enhance risk management skills, knowledge transfer with a commitment to sharing leading knowledge and capabilities to sustain risk ERM practices. management within your organization. To learn more, contact your Deloitte practitioner for the latest analyst rating. 7
  • 10. Contacts To find out how Deloitte can help service organizations prepare for, and benefit from, these changes, please contact: National ERM Leader Susan Hwang 416-601-6653 suhwang@deloitte.ca Alberta Manitoba Steen Skorstengaard David Sachvie 403-503-1351 204-944-3623 sskorstengaard@deloitte.ca dsachvie@deloitte.ca Atlantic National Capital Region Rob Carruthers Keith Davis 902-721-5645 613-751-5308 rcarruthers@deloitte.ca keidavis@deloitte.ca Greater Montreal Area Quebec & Regions Pierre Gignac Sylvian Metivier 514-393-5251 418-624-5382 pgignac@deloitte.ca smetivier@deloitte.ca Greater Toronto Area Saskatchewan Susan Hwang Karen O’Brien 416-601-6653 306-565-5208 suhwang@deloitte.ca kaobrien@deloitte.ca Greater Vancouver Area South West Ontario Jeff Erdman Simon O’Keefe 604-640-3254 905-315-6763 jerdman@deloitte.ca sokeefe@deloitte.ca 8
  • 11. 9
  • 12. www.deloitte.ca Deloitte, one of Canada’s leading professional services firms, provides audit, tax, consulting, and financial advisory services through more than 7,700 people in 58 offices. Deloitte operates in Québec as Samson Bélair/Deloitte & Touche s.e.n.c.r.l. Deloitte & Touche LLP, an Ontario Limited Liability Partnership, is the Canadian member firm of Deloitte Touche Tohmatsu Limited. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. © Deloitte & Touche LLP and affiliated entities. 10-649G