SlideShare ist ein Scribd-Unternehmen logo

Risk Consulting-Putting Risk In The Comfort Zone

Enterprise Security Risk Management
Enterprise Security Risk Management
BusinessWirtschaft & Finanzen
1 von 17
Putting risk in the comfort zone Nine principles for building the Risk Intelligent Enterprise TM
Table of contents Preface 1 Uncomfortable risk 2 A framework is a coat rack 3 Symphonic risk management 4 Follow the same map 5 The mushroom treatment 6 “We manage risk every Friday” 7 Risk lives here 8 The risk support system 9 The comforters 10 Be risk intelligent 11 Nine principles 12 Contacts 13 Disclaimer These materials and the information contained herein are provided by Deloitte Touche Tohmatsu and are intended to provide general information on a particular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting, or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte Touche Tohmatsu makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte Touche Tohmatsu does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte Touche Tohmatsu expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, noninfringement, compatibility, security, and accuracy. Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte Touche Tohmatsu will not be liable for any special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these materials or the information contained therein. If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply.
Preface The publication represents the first installment in Deloitte’s Although this paper is the first in our “Fundamental series on the fundamental principles of Risk Intelligence. Principles” series, it is by no means our initial words on The papers in the series are intended to offer plain- the subject of Risk Intelligence. In fact, we’ve published English descriptions of the foundational elements of a Risk over a dozen related titles as well as numerous podcasts Intelligence program, as well as insights and practical steps and webcasts. You may access all of this material free of you may consider for incorporating the concepts within your charge at www.deloitte.com/RiskIntelligence. own organization. Open communication is a key characteristic of a Risk On each of the following pages, you will find a statement Intelligent Enterprise. Consider sharing this whitepaper describing a single principle of a Risk Intelligence program, with the other executives, board members, and key along with an elaboration on the topic. In aggregate, we managers in your organization. The issues and concepts believe application of these principles will help create what we outlined herein should provide an excellent starting point consider the epitome of enlightened risk management: The for a crucial dialogue on enhancing your organization’s Risk Intelligent Enterprise. Risk Intelligence. Keep in mind that the application of these principles will differ based on your industry practices, regulatory schema, and organizational maturity. For example, in the financial services and energy industries, many of these principles have been discussed for over a decade and thus may seem elementary; but for many other industries, we see these principles just starting to be embraced. Regardless of what industry you are in, the Fundamental Principles still apply.
Uncomfortable risk Like politics and religion, risk can be an uncomfortable topic of conversation. Understandably so, because many people unintentionally limit the parameters of the discussion. You probably think of risk in terms of threats — bad things happening to your business. Not a pleasant subject of conversation. But the discussion can flow freely if you consider the other side of risk, the one that applies to value creation — risk taking for reward. Introducing new products; entering foreign markets; acquiring competitors — all are challenging endeavors, and if you don’t properly manage the associated risks, you may not reap the potential rewards. So consider adopting a more expansive definition of risk, one that gives equal weight to managing the risks related to growth and profitability: Risk is the potential for loss or harm — or the diminished opportunity for gain — that can adversely affect the achievement of an organization’s objectives. Principle #1: In a Risk Intelligent Enterprise, a common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization.
A framework is a coat rack When it comes to keeping your parka off the parquet or your cape off the carpet, the solution may seem deceptively simple: All you need is a hook. But what’s holding up that hook? In fact, the support structure will vary, depending on whether you’re hanging heavy winter gear or gauzy summer fashions. It might be helpful to think of your risk management framework in the same manner: something to hang your risk management program on. A risk framework — such as COSO ERM, Turnbull, and ISO — provides a structure that helps you decide which opportunities to pursue and which hazards to avoid. But the framework must be sturdy enough to support your risk management objectives. It must accommodate your unique strategies, initiatives, and organizational structure. And it must be adaptable to your industry and regulatory requirements. There’s no need to overanalyze. Don’t get snagged on the selection of your risk framework. Just make sure it’s something you can hang your hat on. Principle #2: In a Risk Intelligent Enterprise, a common risk framework supported by appropriate standards is used throughout the organization to manage risks.
Symphonic risk management Done right, risk management is a coordinated effort, as finely tuned as a symphony orchestra. In both risk and music, multiple roles are played simultaneously in often complex arrangements. Of course, some people in your organization may not even realize they are part of the band. Your product development manager, IT supervisor, or deputy vice president responsible for MA probably considers risk management somebody else’s job. Changing that mindset is a precursor to promoting Risk Intelligence in your organization. You’ll need clear messaging at the individual level to convey what Risk Intelligence means; why it is important to the organization collectively and to employees individually; and what your people actually need to do on a daily basis. This effort requires clear communications; a strong risk- focused culture; reward programs that incorporate risk-related objectives; and learning programs to promote intelligent risk management. In sum, it’s needs to be a harmonious collaboration. Here’s what the score looks like: • The board sets the tone (see page 6). • The executive wields the baton (page 7). • The business units play the music (page 8). • Certain functions (HR, finance, IT, legal, tax) support the concert backstage (page 9). • Other functions (internal audit, risk, and compliance) monitor the performance (page 10). Principle #3: In a Risk Intelligent Enterprise, key roles, responsibilities, and authority relating to risk management are clearly defined and delineated within the organization.
Follow the same map Risk specialists tend to behave like any subculture: They stick together. They share similar beliefs, rituals, and habits. They develop their own dialect. But practices that sustain, say, an indigenous people may not be ideally suited to the risk managers of a multinational corporation. Not to say that specialization is unnecessary. Quite the contrary: effective risk management would not be possible without it. Rather, risk specialists just need to poke their heads outside their silos once in a while. Risk doesn’t exist in isolation, so risk managers can’t either. To effectively and efficiently manage risks and reap the rewards, organizational silos must be bridged. The bridging process means creating a common infrastructure; it means that all the business units and functions use the same supporting technologies and processes where possible and practicable. It involves synchronizing — coordinating across institutional boundaries; harmonizing — ensuring that risk managers all speak the same language and define risk in the same manner; and rationalizing — eliminating duplication of effort. Use tools like The Risk Intelligence Map™1 to facilitate your discussions; it may get you thinking and talking about risk in ways you never envisioned. Draw upon your risk framework to help standardize your approach. Develop a risk catalog to inventory your most critical risks. Common technology, metrics, processes, and terminology will transcend your siloed subculture. Principle #4: In a Risk Intelligent Enterprise, a common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities. 1 For information on Deloitte’s Risk Intelligence Map, contact your Deloitte practitioner. See page 13.
The mushroom treatment Some boards of directors are subjected to “The Mushroom Treatment,” an approach that is summarized, in abridged form, below: “Keep ‘em in the dark ...” Such treatment should obviously be avoided. In the U.S., boards have a fiduciary responsibility to ensure that management has appropriate processes in place to manage risk. This duty cannot be executed in the absence of light. To fulfill their responsibilities and to provide value, board members should: • Put risk on the agenda. Make time for risk before risk demands it. Every board meeting is not too often to discuss risk. • Inventory the current risk structure. How are risks managed? Are silos being bridged? • Summon the management team. Engage in periodic risk dialogue. Identify risks that will prevent the organization from executing on its key strategies. • Discuss risk scenarios. Where do the greatest opportunities lie? What could thwart the organization’s strategic objectives? • Check organizational appetite — and diet. Determine how much risk the organization is able to take on. How much is it willing to take on? And how much is it actually taking on? Are these in line? • Get reasonable assurance. Ask management: How confident are you? Why? • Get independent reassurance. Have internal audit or an outside consultant evaluate the effectiveness of the full risk management program. Can management’s assurances be relied upon? Principle #5: In a Risk Intelligent Enterprise, governing bodies (e.g., boards, audit committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities
“We manage risk every Friday” Don’t laugh — that’s an actual quote from a real business executive. And here’s the sobering reality: If you treat risk management as a part-time job, you might soon find yourself looking for one. nage We noted earlier that everyone has responsibility for risk. But Ma k if you’re a member of the executive team, this obligation is ratcheted even higher. You are tasked with tone, direction, design, and metrics. Ris Inherent in your executive role is leadership and authority. And you need to exercise it: To get people thinking about risk taking for reward. To push risk management through all the layers of the organization. To set expectations. To ensure accountability. To engage the board. To drive change. To establish a Risk Intelligent culture. An ambitious agenda, to be sure. How can you get it all done? Here’s a good place to start: Form a Risk Intelligence group — an executive-level risk committee — to bring better risk insights to your management team and help create a Risk Intelligence program. In some organizations, a key member of this executive-level Risk Intelligence group is the chief risk officer. Sitting at the table with other top executives, the CRO helps develop policy and common approaches that are rolled out to business units; communicates and monitors the organization’s risk appetite; and reports risk information to the management and board-level oversight functions. Some organizations may choose a more expansive role. The style of the CRO varies considerably and needs to match that of the organization and its risk philosophy. Some may choose a business partner, some a facilitator, some a traffic cop. Whatever the role, you can be sure: None of them work only on Fridays. Principle #6: In a Risk Intelligent Enterprise, executive management is charged with primary responsibility for designing, implementing, and maintaining an effective risk program.
Risk lives here OK, so everyone’s responsible for risk. But who “owns” it? In our view, the business units hold the title and deed. The ownership question causes plenty of confusion throughout organizations, so it might be helpful to state it in simple terms: If you own the business unit, you own the risk. In other words, if you are accountable for the success of a business unit, you have primary responsibility for the day-to- day management of the risks associated with that unit. (Of course, this does not absolve other members of the business unit from carrying out their risk-related responsibilities.) What does ownership entail? Among other things, risk owners have the responsibility to identify, measure, monitor, control, and report on risks to executive management; promote risk awareness; and reprioritize activities as dictated by effective risk analyses. Yet, just as a property owner must abide by municipal zoning regulations, business unit managers must operate under certain constraints. For example, they don’t choose the framework — they live within it. They don’t determine the organization’s risk appetite — they stick to the diet. And they don’t unilaterally “bet the farm” — they tend to the crops. In fact, if they can place that bet without oversight or limits, you’ve got a serious risk infrastructure issue. Principle #7: In a Risk Intelligent Enterprise, business units (departments, agencies, etc.) are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management.
The risk support system Certain functions, including finance, legal, HR, tax, and IT, differ from the business units in that they don’t just own risk management — they also help support it. The role of these functions is inherently different than either that of the risk “comforters” (described on the next page) or the business units (discussed on the previous page). Like the business units, these functions bear primary responsibility for the risks that originate within their operations. For example, finance takes the lead on Sarbanes-Oxley-related risk, IT on technology-related risk, legal on litigation risk, and HR on talent and human resource risks. At the same time, they also have risk responsibilities that transcend their functions. For example, finance, through its Sarbanes-Oxley role, may have a broad and sophisticated risk assessment capability that can be leveraged. Meanwhile, IT is pervasive and thus can play a role in helping other parts of the business monitor and mitigate their risks. HR may use employee engagement surveys, exit interview results, and other information to identify risk areas of emerging concern. These ubiquitous functions are responsible for developing and enforcing company-wide policies, procedures, and controls that help mitigate risk. They support each business unit and help them understand their requirements for intelligent risk taking for reward. They collect key information for management and perform risk mitigation analyses. It is important that these key functions join the risk team by having articulated roles in the risk framework and by participating in risk committees and other key risk forums. Principle #8: In a Risk Intelligent Enterprise, certain functions (e.g., finance, legal, IT, HR, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program.
The comforters When it comes to risk management, certain groups carry a unique • Champion: advocating for resources related to risk-taking mandate — namely, the internal audit, compliance, and risk for reward: addressing those risks associated with increasing management functions. One might describe “comfort” as one profitability and increasing shareholder value. major responsibility of these functions: to provide reassurance that • Advocate: drawing attention to and advocating for resources the internal control and risk structure operates effectively (thereby to address risk areas deemed insufficiently covered. helping the executive team and board members sleep at night). • Subject matter resource: providing deep knowledge and This role sets them apart from every other entity within the expertise in key risk areas, such as fraud. organization. These comfort groups are not operational in • Troubleshooter: getting involved in control remediation and nature: They have no responsibility for setting and directing design; helping to conduct and interpret risk assessments. the operations of the business. Rather, they exist to monitor and enhance the effectiveness of the organization’s risk management activities. Of course, specific roles and responsibilities vary from one organization to another. Some groups do far more than provide reassurance; others are more proscribed in their activities. Potential roles that expand the job description include the following: • Visionary: assessing not only the current state of risk management, but peering ahead to help management divine future risks and opportunities. • Dietician: determining whether the organization’s risk diet matches its appetite. • Aggregator: ascertaining whether the organization is appropriately considering how risks interact and cascade. • Efficiency expert: investigating means to eliminate inefficiencies in risk management. Principle #9: In a Risk Intelligent Enterprise, certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management. 0
Be risk intelligent In the recent past, finance and energy industries have been perceived as paragons of sophisticated risk management. Then the subprime crisis swept billions from corporate balance sheets and Katrina knocked platforms and derricks offline in the Gulf. Books have been written on what went wrong. But here’s a quick summary: 1) The potential interaction of multiple risks was underestimated or disregarded. 2) Probabilistic modeling was overemphasized; shortcuts were taken; scenario planning was underutilized; transparency into potential issues was absent. 3) Risk managers were isolated in silos. 4) Warnings were ignored; those who delivered them were dismissed as naysayers or criticized for not being team players. 5) A short-term perspective with a single-minded focus on making the quarterly numbers predominated. 6) Companies lacked a comprehensive approach to firm-wide risk management; authority and responsibility were poorly controlled and defined. 7) Risk management often focused on compliance rather than performance, leading to inadequate assessments and responses. All were significant breakdowns, to be sure, yet it would be an even greater failure if companies responded by turning risk averse. Risk taking for reward is a fundamental precept of capitalism and should be encouraged. But the pursuit of organizational success must be handled skillfully. In other words: It’s time to become Risk Intelligent.
Nine fundamental principles of a Risk Intelligence program 1. In a Risk Intelligent Enterprise, a common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization. 2. In a Risk Intelligent Enterprise, a common risk framework supported by appropriate standards is used throughout the organization to manage risks. 3. In a Risk Intelligent Enterprise, key roles, responsibilities, and authority relating to risk management are clearly defined and delineated within the organization. 4. In a Risk Intelligent Enterprise, a common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities. 5. In a Risk Intelligent Enterprise, governing bodies (e.g., Boards, Audit Committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities. 6. In a Risk Intelligent Enterprise, executive management is charged with primary responsibility for designing, implementing, and maintaining an effective risk program. 7. In a Risk Intelligent Enterprise, business units (departments, agencies, etc.) are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management. 8. In a Risk Intelligent Enterprise, certain functions (e.g., Finance, Legal, IT, HR, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program. 9. In a Risk Intelligent Enterprise, certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management.
U.S. Contacts: National Contacts: Regional Contacts: Henry Ristuccia Eric Hespenheide Mid-America U.S. Leader Partner Bill Kacal Governance Risk Management Global Leader Partner Deloitte Touche LLP Internal Audit Services Deloitte Touche LLP +1 212 436 4244 Deloitte Touche LLP +1 713 982 2517 hristuccia@deloitte.com +1 313 396 3163 bkacal@deloitte.com ehespenheide@deloitte.com Scott Baret Ed Hida Midwest Partner Partner John Peirson Deloitte Touche LLP Global Leader Partner +1 212 436 5456 Risk Capital Management Deloitte Touche LLP sbaret@deloitte.com Deloitte Touche LLP +1 612 397 4714 +1 212 436 4854 jpeirson@deloitte.com ehida@deloitte.com Donna Epps Katy Hollister North Central Partner Partner Brad Carrier Deloitte Financial Advisory Services LLP Deloitte Tax LLP Partner +1 214 840 7363 +1 513 784 7283 Deloitte Touche LLP depps@deloitte.com khollister@deloitte.com +1 313 396 2775 bcarrier@deloitte.com Michael Fuchs Michael Kearney Northeast Principal Partner Henry Ristuccia Deloitte Consulting LLP Assurance and Enterprise Risk Services Innovation Partner +1 212 618 4370 Deloitte Touche LLP Deloitte Touche LLP mfuchs@deloitte.com +1 510 817 2185 +1 212 436 4244 mkearney@deloitte.com hristuccia@deloitte.com Bob Hansen Chris Lee Northern Pacific and Hawaii Principal National Managing Partner Ed Byers Global Leader Security Privacy Services Principal Control Assurance Services Deloitte Touche LLP Deloitte Touche LLP Deloitte Touche LLP +1 408 704 4314 +1 415 783 4402 +1 203 708 4256 chrislee@deloitte.com ebyers@deloitte.com bohansen@deloitte.com Owen Ryan Pacific Southwest Partner Darrin Kelley Deloitte Touche LLP Partner +1 212 436 3992 Deloitte Touche LLP oryan@deloitte.com +1 213 688 5420 darkelley@deloitte.com Steve Wagner Southeast Managing Partner Larry Ishol U.S. Center for Corporate Governance Partner Deloitte Touche LLP Deloitte Touche LLP +1 617 437 2200 +1 202 220 2970 swagner@deloitte.com lishol@deloitte.com
International Contacts: Mark Layton Global Leader Governance Risk Management Deloitte Touche LLP +1 214 840 7979 mlayton@deloitte.com AMERICAS ASIA PACIFIC EMEA Canada China Belgium Eddie Leschiutta Danny Lau Stephan Raemaekers Partner, Enterprise Risk Services Partner , Enterprise Risk Services Managing Partner Deloitte Canada Deloitte China Deloitte Belgium +1 416 601 5841 +852 2852 1015 +32 2 749 5921 eleschiutta@deloitte.ca danlau@deloitte.com.hk sraemaekers@deloitte.be Mexico Commonwealth of Independent States (CIS) France Walter Fraschetto Wayne G. Brandt Damien Leurent Partner Partner Partner Deloitte México Deloitte CIS Deloitte France +52 55 5080 6265 +7 495 787 0600 x2922 +33 1 4088 2969 wfraschetto@deloittemx.com waybrandt@deloitte.ru dleurent@deloitte.fr United States India Germany Henry Ristuccia Abhay Gupte Joerg Engels Partner Partner Partner Deloitte Touche LLP – United States Deloitte India Deloitte Germany +1 212 436 4244 +91 22 6681 0600 +49 211 8772 2376 hristuccia@deloitte.com agupte@deloitte.com jengels@deloitte.de Japan Italy Masahiko Sugiyama Carlo Peschiera Partner, Enterprise Risk Services Partner Deloitte Japan Deloitte Italy +81 3 4218 7283 +39 05 1658 1863 msugiyama@deloitte.com cpeschiera@deloitte.it Singapore Netherlands Uantchern Loh Wim Eysink Partner, Enterprise Risk Services Partner, Enterprise Risk Services Deloitte Singapore Deloitte Netherlands +65 6216 3282 +31 65 141 7099 uloh@deloitte.com weysink@deloitte.nl Spain Alfonso Mur Partner Deloitte Spain + 349 1 514 5000 x2103 amur@deloitte.es United Kingdom Graham Richardson Partner Deloitte United Kingdom +44 20 7007 3349 grrichardson@deloitte.co.uk
#8224 About Deloitte As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries Member of Copyright © 2008 Deloitte Development LLC. All rights reserved. Deloitte Touche Tohmatsu

Empfohlen

LEVICK Weekly - Mar 22
LEVICK Weekly - Mar 22LEVICK Weekly - Mar 22
LEVICK Weekly - Mar 22
LEVICK
 
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio DesignAicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
jmiccolis
 
Counterterrorism Calendar 2009
Counterterrorism Calendar 2009Counterterrorism Calendar 2009
Counterterrorism Calendar 2009
Enterprise Security Risk Management
 
Challenging Environment In Asia Requires Emergency Response
Challenging Environment In Asia Requires Emergency ResponseChallenging Environment In Asia Requires Emergency Response
Challenging Environment In Asia Requires Emergency Response
Enterprise Security Risk Management
 
Duty of care and travel risk management: What to do?
Duty of care and travel risk management: What to do?Duty of care and travel risk management: What to do?
Duty of care and travel risk management: What to do?
Enterprise Security Risk Management
 
Skyscraper security and life safety
Skyscraper security and life safetySkyscraper security and life safety
Skyscraper security and life safety
Enterprise Security Risk Management
 
Risk management-workshop-presentation
Risk management-workshop-presentationRisk management-workshop-presentation
Risk management-workshop-presentation
sairatahir5
 
ITS 835Chapter 12Measuring Performance at
ITS 835Chapter 12Measuring Performance at ITS 835Chapter 12Measuring Performance at
ITS 835Chapter 12Measuring Performance at
mariuse18nolet
 

Empfohlen

LEVICK Weekly - Mar 22
LEVICK Weekly - Mar 22LEVICK Weekly - Mar 22
LEVICK Weekly - Mar 22
LEVICK
 
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio DesignAicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
Aicpa Jan 2012 Miccolis State-of-the-Art Portfolio Design
jmiccolis
 
Counterterrorism Calendar 2009
Counterterrorism Calendar 2009Counterterrorism Calendar 2009
Counterterrorism Calendar 2009
Enterprise Security Risk Management
 
Challenging Environment In Asia Requires Emergency Response
Challenging Environment In Asia Requires Emergency ResponseChallenging Environment In Asia Requires Emergency Response
Challenging Environment In Asia Requires Emergency Response
Enterprise Security Risk Management
 
Duty of care and travel risk management: What to do?
Duty of care and travel risk management: What to do?Duty of care and travel risk management: What to do?
Duty of care and travel risk management: What to do?
Enterprise Security Risk Management
 
Skyscraper security and life safety
Skyscraper security and life safetySkyscraper security and life safety
Skyscraper security and life safety
Enterprise Security Risk Management
 
Risk management-workshop-presentation
Risk management-workshop-presentationRisk management-workshop-presentation
Risk management-workshop-presentation
sairatahir5
 
ITS 835Chapter 12Measuring Performance at
ITS 835Chapter 12Measuring Performance at ITS 835Chapter 12Measuring Performance at
ITS 835Chapter 12Measuring Performance at
mariuse18nolet
 
The Storms A Coming Risk Management
The Storms A Coming Risk ManagementThe Storms A Coming Risk Management
The Storms A Coming Risk Management
travismcmurray
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk Management
Turlough Guerin GAICD FGIA
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
JeniceStuckeyoo
 
ERM overview
ERM overviewERM overview
ERM overview
Hisham Haridy MBA, PMP®, RMP®, SP®
 
73 Managing Risk
73 Managing Risk73 Managing Risk
73 Managing Risk
PAVO
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia Affiliate
IRM India Affiliate
 
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Financial Poise
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk Management
Corporater
 
T4 risk taking & resourcing skills-2013
T4 risk taking & resourcing skills-2013T4 risk taking & resourcing skills-2013
T4 risk taking & resourcing skills-2013
Rione Drevale
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docxGandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
shericehewat
 
Rebuilding financial risk management
Rebuilding financial risk managementRebuilding financial risk management
Rebuilding financial risk management
Vincent O'Neil
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
PSD Operational Risk Event - June 2016
PSD Operational Risk Event - June 2016 PSD Operational Risk Event - June 2016
PSD Operational Risk Event - June 2016
PSD Group Ltd
 
FULLCOVER 9 - Enterprise Risk Management
FULLCOVER 9 - Enterprise Risk Management FULLCOVER 9 - Enterprise Risk Management
FULLCOVER 9 - Enterprise Risk Management
MDS Portugal
 
Introduction to risk management & insurance
Introduction to risk management & insuranceIntroduction to risk management & insurance
Introduction to risk management & insurance
Tonderayi Chikanda
 
Role of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based CapitalRole of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based Capital
Sonjai Kumar, SIRM
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
Reading Works Detroit
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
Edgevalue
 
Post Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for TouristsPost Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for Tourists
Enterprise Security Risk Management
 
Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)
Enterprise Security Risk Management
 

Weitere ähnliche Inhalte

Ähnlich wie Risk Consulting-Putting Risk In The Comfort Zone

The Storms A Coming Risk Management
The Storms A Coming Risk ManagementThe Storms A Coming Risk Management
The Storms A Coming Risk Management
travismcmurray
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
JeniceStuckeyoo
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia Affiliate
IRM India Affiliate
 
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Financial Poise
 
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docxGandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
shericehewat
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
Azure Group
 

Ähnlich wie Risk Consulting-Putting Risk In The Comfort Zone (20)

The Storms A Coming Risk Management
The Storms A Coming Risk ManagementThe Storms A Coming Risk Management
The Storms A Coming Risk Management
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk Management
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
 
ERM overview
ERM overviewERM overview
ERM overview
 
73 Managing Risk
73 Managing Risk73 Managing Risk
73 Managing Risk
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia Affiliate
 
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...Understanding Risk Management Basics for Business Owners (Series: Business Pr...
Understanding Risk Management Basics for Business Owners (Series: Business Pr...
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk Management
 
T4 risk taking & resourcing skills-2013
T4 risk taking & resourcing skills-2013T4 risk taking & resourcing skills-2013
T4 risk taking & resourcing skills-2013
 
Wisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LGWisegate_GeekSpeak_LG
Wisegate_GeekSpeak_LG
 
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docxGandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
Gandu Discussion-14COLLAPSETop of FormThe ERM implementati.docx
 
Rebuilding financial risk management
Rebuilding financial risk managementRebuilding financial risk management
Rebuilding financial risk management
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
PSD Operational Risk Event - June 2016
PSD Operational Risk Event - June 2016 PSD Operational Risk Event - June 2016
PSD Operational Risk Event - June 2016
 
FULLCOVER 9 - Enterprise Risk Management
FULLCOVER 9 - Enterprise Risk Management FULLCOVER 9 - Enterprise Risk Management
FULLCOVER 9 - Enterprise Risk Management
 
Introduction to risk management & insurance
Introduction to risk management & insuranceIntroduction to risk management & insurance
Introduction to risk management & insurance
 
Role of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based CapitalRole of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based Capital
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
 
Riskpro SCRAY whitepaper
Riskpro SCRAY whitepaperRiskpro SCRAY whitepaper
Riskpro SCRAY whitepaper
 

Mehr von Enterprise Security Risk Management

Post Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for TouristsPost Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for Tourists
Enterprise Security Risk Management
 
Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)
Enterprise Security Risk Management
 
Critical Infrastructure & Systems of National Significance: Security Risk Man...
Critical Infrastructure & Systems of National Significance: Security Risk Man...Critical Infrastructure & Systems of National Significance: Security Risk Man...
Critical Infrastructure & Systems of National Significance: Security Risk Man...
Enterprise Security Risk Management
 

Mehr von Enterprise Security Risk Management (20)

Post Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for TouristsPost Pandemic Travel: Terrorism and Security Risks for Tourists
Post Pandemic Travel: Terrorism and Security Risks for Tourists
 
Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)Critical Infrastructure and Systems of National Significance (Australia)
Critical Infrastructure and Systems of National Significance (Australia)
 
Critical Infrastructure & Systems of National Significance: Security Risk Man...
Critical Infrastructure & Systems of National Significance: Security Risk Man...Critical Infrastructure & Systems of National Significance: Security Risk Man...
Critical Infrastructure & Systems of National Significance: Security Risk Man...
 
Why drunk driving, untested medicines and wild guesses are SAFER then your tr...
Why drunk driving, untested medicines and wild guesses are SAFER then your tr...Why drunk driving, untested medicines and wild guesses are SAFER then your tr...
Why drunk driving, untested medicines and wild guesses are SAFER then your tr...
 
Sydney terrorism.media fear and facts.security risk management. tony ridley. ...
Sydney terrorism.media fear and facts.security risk management. tony ridley. ...Sydney terrorism.media fear and facts.security risk management. tony ridley. ...
Sydney terrorism.media fear and facts.security risk management. tony ridley. ...
 
Security risk management as a sport.tony ridley.security consultant
Security risk management as a sport.tony ridley.security consultantSecurity risk management as a sport.tony ridley.security consultant
Security risk management as a sport.tony ridley.security consultant
 
Security regulation, standards and governance.security risk management.tony r...
Security regulation, standards and governance.security risk management.tony r...Security regulation, standards and governance.security risk management.tony r...
Security regulation, standards and governance.security risk management.tony r...
 
Security expert witness.what is it.tony ridley.security risk mangement.securi...
Security expert witness.what is it.tony ridley.security risk mangement.securi...Security expert witness.what is it.tony ridley.security risk mangement.securi...
Security expert witness.what is it.tony ridley.security risk mangement.securi...
 
Security expert witness.preparations.enquiries.tony ridley.security risk mana...
Security expert witness.preparations.enquiries.tony ridley.security risk mana...Security expert witness.preparations.enquiries.tony ridley.security risk mana...
Security expert witness.preparations.enquiries.tony ridley.security risk mana...
 
Security and risk management. from subject matter expert to business leader.t...
Security and risk management. from subject matter expert to business leader.t...Security and risk management. from subject matter expert to business leader.t...
Security and risk management. from subject matter expert to business leader.t...
 
Security and risk management in emerging and developing markets.tony ridley.s...
Security and risk management in emerging and developing markets.tony ridley.s...Security and risk management in emerging and developing markets.tony ridley.s...
Security and risk management in emerging and developing markets.tony ridley.s...
 
8 security masters degrees compared.security risk management.tony ridley.se...
8 security masters degrees compared.security risk management.tony ridley.se...8 security masters degrees compared.security risk management.tony ridley.se...
8 security masters degrees compared.security risk management.tony ridley.se...
 
Appreciation process.time critical decision making.security risk management.t...
Appreciation process.time critical decision making.security risk management.t...Appreciation process.time critical decision making.security risk management.t...
Appreciation process.time critical decision making.security risk management.t...
 
Cheap and nasty.security certification.tony ridley.security consultant
Cheap and nasty.security certification.tony ridley.security consultantCheap and nasty.security certification.tony ridley.security consultant
Cheap and nasty.security certification.tony ridley.security consultant
 
Educational levels of professionals.a guide.tony ridley.security risk managem...
Educational levels of professionals.a guide.tony ridley.security risk managem...Educational levels of professionals.a guide.tony ridley.security risk managem...
Educational levels of professionals.a guide.tony ridley.security risk managem...
 
Fat tail distribution hypothesis.tony ridley.security risk management.securit...
Fat tail distribution hypothesis.tony ridley.security risk management.securit...Fat tail distribution hypothesis.tony ridley.security risk management.securit...
Fat tail distribution hypothesis.tony ridley.security risk management.securit...
 
Forecastings.intelligence.predictions.experts.accuracy.security science.risk ...
Forecastings.intelligence.predictions.experts.accuracy.security science.risk ...Forecastings.intelligence.predictions.experts.accuracy.security science.risk ...
Forecastings.intelligence.predictions.experts.accuracy.security science.risk ...
 
Get to the point..faster.tony ridley.security risk management
Get to the point..faster.tony ridley.security risk managementGet to the point..faster.tony ridley.security risk management
Get to the point..faster.tony ridley.security risk management
 
Educational levels of professionals.a guide.tony ridley.security risk managem...
Educational levels of professionals.a guide.tony ridley.security risk managem...Educational levels of professionals.a guide.tony ridley.security risk managem...
Educational levels of professionals.a guide.tony ridley.security risk managem...
 
Takes a thief to catch a thief.security ethics.tony ridley.security risk mana...
Takes a thief to catch a thief.security ethics.tony ridley.security risk mana...Takes a thief to catch a thief.security ethics.tony ridley.security risk mana...
Takes a thief to catch a thief.security ethics.tony ridley.security risk mana...
 

Kürzlich hochgeladen

BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
dlhescort
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 

Kürzlich hochgeladen (20)

Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 

Risk Consulting-Putting Risk In The Comfort Zone

  • 1. Putting risk in the comfort zone Nine principles for building the Risk Intelligent Enterprise TM
  • 2. Table of contents Preface 1 Uncomfortable risk 2 A framework is a coat rack 3 Symphonic risk management 4 Follow the same map 5 The mushroom treatment 6 “We manage risk every Friday” 7 Risk lives here 8 The risk support system 9 The comforters 10 Be risk intelligent 11 Nine principles 12 Contacts 13 Disclaimer These materials and the information contained herein are provided by Deloitte Touche Tohmatsu and are intended to provide general information on a particular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting, or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte Touche Tohmatsu makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte Touche Tohmatsu does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte Touche Tohmatsu expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, noninfringement, compatibility, security, and accuracy. Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte Touche Tohmatsu will not be liable for any special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these materials or the information contained therein. If any of the foregoing is not fully enforceable for any reason, the remainder shall nonetheless continue to apply.
  • 3. Preface The publication represents the first installment in Deloitte’s Although this paper is the first in our “Fundamental series on the fundamental principles of Risk Intelligence. Principles” series, it is by no means our initial words on The papers in the series are intended to offer plain- the subject of Risk Intelligence. In fact, we’ve published English descriptions of the foundational elements of a Risk over a dozen related titles as well as numerous podcasts Intelligence program, as well as insights and practical steps and webcasts. You may access all of this material free of you may consider for incorporating the concepts within your charge at www.deloitte.com/RiskIntelligence. own organization. Open communication is a key characteristic of a Risk On each of the following pages, you will find a statement Intelligent Enterprise. Consider sharing this whitepaper describing a single principle of a Risk Intelligence program, with the other executives, board members, and key along with an elaboration on the topic. In aggregate, we managers in your organization. The issues and concepts believe application of these principles will help create what we outlined herein should provide an excellent starting point consider the epitome of enlightened risk management: The for a crucial dialogue on enhancing your organization’s Risk Intelligent Enterprise. Risk Intelligence. Keep in mind that the application of these principles will differ based on your industry practices, regulatory schema, and organizational maturity. For example, in the financial services and energy industries, many of these principles have been discussed for over a decade and thus may seem elementary; but for many other industries, we see these principles just starting to be embraced. Regardless of what industry you are in, the Fundamental Principles still apply.
  • 4. Uncomfortable risk Like politics and religion, risk can be an uncomfortable topic of conversation. Understandably so, because many people unintentionally limit the parameters of the discussion. You probably think of risk in terms of threats — bad things happening to your business. Not a pleasant subject of conversation. But the discussion can flow freely if you consider the other side of risk, the one that applies to value creation — risk taking for reward. Introducing new products; entering foreign markets; acquiring competitors — all are challenging endeavors, and if you don’t properly manage the associated risks, you may not reap the potential rewards. So consider adopting a more expansive definition of risk, one that gives equal weight to managing the risks related to growth and profitability: Risk is the potential for loss or harm — or the diminished opportunity for gain — that can adversely affect the achievement of an organization’s objectives. Principle #1: In a Risk Intelligent Enterprise, a common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization.
  • 5. A framework is a coat rack When it comes to keeping your parka off the parquet or your cape off the carpet, the solution may seem deceptively simple: All you need is a hook. But what’s holding up that hook? In fact, the support structure will vary, depending on whether you’re hanging heavy winter gear or gauzy summer fashions. It might be helpful to think of your risk management framework in the same manner: something to hang your risk management program on. A risk framework — such as COSO ERM, Turnbull, and ISO — provides a structure that helps you decide which opportunities to pursue and which hazards to avoid. But the framework must be sturdy enough to support your risk management objectives. It must accommodate your unique strategies, initiatives, and organizational structure. And it must be adaptable to your industry and regulatory requirements. There’s no need to overanalyze. Don’t get snagged on the selection of your risk framework. Just make sure it’s something you can hang your hat on. Principle #2: In a Risk Intelligent Enterprise, a common risk framework supported by appropriate standards is used throughout the organization to manage risks.
  • 6. Symphonic risk management Done right, risk management is a coordinated effort, as finely tuned as a symphony orchestra. In both risk and music, multiple roles are played simultaneously in often complex arrangements. Of course, some people in your organization may not even realize they are part of the band. Your product development manager, IT supervisor, or deputy vice president responsible for MA probably considers risk management somebody else’s job. Changing that mindset is a precursor to promoting Risk Intelligence in your organization. You’ll need clear messaging at the individual level to convey what Risk Intelligence means; why it is important to the organization collectively and to employees individually; and what your people actually need to do on a daily basis. This effort requires clear communications; a strong risk- focused culture; reward programs that incorporate risk-related objectives; and learning programs to promote intelligent risk management. In sum, it’s needs to be a harmonious collaboration. Here’s what the score looks like: • The board sets the tone (see page 6). • The executive wields the baton (page 7). • The business units play the music (page 8). • Certain functions (HR, finance, IT, legal, tax) support the concert backstage (page 9). • Other functions (internal audit, risk, and compliance) monitor the performance (page 10). Principle #3: In a Risk Intelligent Enterprise, key roles, responsibilities, and authority relating to risk management are clearly defined and delineated within the organization.
  • 7. Follow the same map Risk specialists tend to behave like any subculture: They stick together. They share similar beliefs, rituals, and habits. They develop their own dialect. But practices that sustain, say, an indigenous people may not be ideally suited to the risk managers of a multinational corporation. Not to say that specialization is unnecessary. Quite the contrary: effective risk management would not be possible without it. Rather, risk specialists just need to poke their heads outside their silos once in a while. Risk doesn’t exist in isolation, so risk managers can’t either. To effectively and efficiently manage risks and reap the rewards, organizational silos must be bridged. The bridging process means creating a common infrastructure; it means that all the business units and functions use the same supporting technologies and processes where possible and practicable. It involves synchronizing — coordinating across institutional boundaries; harmonizing — ensuring that risk managers all speak the same language and define risk in the same manner; and rationalizing — eliminating duplication of effort. Use tools like The Risk Intelligence Map™1 to facilitate your discussions; it may get you thinking and talking about risk in ways you never envisioned. Draw upon your risk framework to help standardize your approach. Develop a risk catalog to inventory your most critical risks. Common technology, metrics, processes, and terminology will transcend your siloed subculture. Principle #4: In a Risk Intelligent Enterprise, a common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities. 1 For information on Deloitte’s Risk Intelligence Map, contact your Deloitte practitioner. See page 13.
  • 8. The mushroom treatment Some boards of directors are subjected to “The Mushroom Treatment,” an approach that is summarized, in abridged form, below: “Keep ‘em in the dark ...” Such treatment should obviously be avoided. In the U.S., boards have a fiduciary responsibility to ensure that management has appropriate processes in place to manage risk. This duty cannot be executed in the absence of light. To fulfill their responsibilities and to provide value, board members should: • Put risk on the agenda. Make time for risk before risk demands it. Every board meeting is not too often to discuss risk. • Inventory the current risk structure. How are risks managed? Are silos being bridged? • Summon the management team. Engage in periodic risk dialogue. Identify risks that will prevent the organization from executing on its key strategies. • Discuss risk scenarios. Where do the greatest opportunities lie? What could thwart the organization’s strategic objectives? • Check organizational appetite — and diet. Determine how much risk the organization is able to take on. How much is it willing to take on? And how much is it actually taking on? Are these in line? • Get reasonable assurance. Ask management: How confident are you? Why? • Get independent reassurance. Have internal audit or an outside consultant evaluate the effectiveness of the full risk management program. Can management’s assurances be relied upon? Principle #5: In a Risk Intelligent Enterprise, governing bodies (e.g., boards, audit committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities
  • 9. “We manage risk every Friday” Don’t laugh — that’s an actual quote from a real business executive. And here’s the sobering reality: If you treat risk management as a part-time job, you might soon find yourself looking for one. nage We noted earlier that everyone has responsibility for risk. But Ma k if you’re a member of the executive team, this obligation is ratcheted even higher. You are tasked with tone, direction, design, and metrics. Ris Inherent in your executive role is leadership and authority. And you need to exercise it: To get people thinking about risk taking for reward. To push risk management through all the layers of the organization. To set expectations. To ensure accountability. To engage the board. To drive change. To establish a Risk Intelligent culture. An ambitious agenda, to be sure. How can you get it all done? Here’s a good place to start: Form a Risk Intelligence group — an executive-level risk committee — to bring better risk insights to your management team and help create a Risk Intelligence program. In some organizations, a key member of this executive-level Risk Intelligence group is the chief risk officer. Sitting at the table with other top executives, the CRO helps develop policy and common approaches that are rolled out to business units; communicates and monitors the organization’s risk appetite; and reports risk information to the management and board-level oversight functions. Some organizations may choose a more expansive role. The style of the CRO varies considerably and needs to match that of the organization and its risk philosophy. Some may choose a business partner, some a facilitator, some a traffic cop. Whatever the role, you can be sure: None of them work only on Fridays. Principle #6: In a Risk Intelligent Enterprise, executive management is charged with primary responsibility for designing, implementing, and maintaining an effective risk program.
  • 10. Risk lives here OK, so everyone’s responsible for risk. But who “owns” it? In our view, the business units hold the title and deed. The ownership question causes plenty of confusion throughout organizations, so it might be helpful to state it in simple terms: If you own the business unit, you own the risk. In other words, if you are accountable for the success of a business unit, you have primary responsibility for the day-to- day management of the risks associated with that unit. (Of course, this does not absolve other members of the business unit from carrying out their risk-related responsibilities.) What does ownership entail? Among other things, risk owners have the responsibility to identify, measure, monitor, control, and report on risks to executive management; promote risk awareness; and reprioritize activities as dictated by effective risk analyses. Yet, just as a property owner must abide by municipal zoning regulations, business unit managers must operate under certain constraints. For example, they don’t choose the framework — they live within it. They don’t determine the organization’s risk appetite — they stick to the diet. And they don’t unilaterally “bet the farm” — they tend to the crops. In fact, if they can place that bet without oversight or limits, you’ve got a serious risk infrastructure issue. Principle #7: In a Risk Intelligent Enterprise, business units (departments, agencies, etc.) are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management.
  • 11. The risk support system Certain functions, including finance, legal, HR, tax, and IT, differ from the business units in that they don’t just own risk management — they also help support it. The role of these functions is inherently different than either that of the risk “comforters” (described on the next page) or the business units (discussed on the previous page). Like the business units, these functions bear primary responsibility for the risks that originate within their operations. For example, finance takes the lead on Sarbanes-Oxley-related risk, IT on technology-related risk, legal on litigation risk, and HR on talent and human resource risks. At the same time, they also have risk responsibilities that transcend their functions. For example, finance, through its Sarbanes-Oxley role, may have a broad and sophisticated risk assessment capability that can be leveraged. Meanwhile, IT is pervasive and thus can play a role in helping other parts of the business monitor and mitigate their risks. HR may use employee engagement surveys, exit interview results, and other information to identify risk areas of emerging concern. These ubiquitous functions are responsible for developing and enforcing company-wide policies, procedures, and controls that help mitigate risk. They support each business unit and help them understand their requirements for intelligent risk taking for reward. They collect key information for management and perform risk mitigation analyses. It is important that these key functions join the risk team by having articulated roles in the risk framework and by participating in risk committees and other key risk forums. Principle #8: In a Risk Intelligent Enterprise, certain functions (e.g., finance, legal, IT, HR, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program.
  • 12. The comforters When it comes to risk management, certain groups carry a unique • Champion: advocating for resources related to risk-taking mandate — namely, the internal audit, compliance, and risk for reward: addressing those risks associated with increasing management functions. One might describe “comfort” as one profitability and increasing shareholder value. major responsibility of these functions: to provide reassurance that • Advocate: drawing attention to and advocating for resources the internal control and risk structure operates effectively (thereby to address risk areas deemed insufficiently covered. helping the executive team and board members sleep at night). • Subject matter resource: providing deep knowledge and This role sets them apart from every other entity within the expertise in key risk areas, such as fraud. organization. These comfort groups are not operational in • Troubleshooter: getting involved in control remediation and nature: They have no responsibility for setting and directing design; helping to conduct and interpret risk assessments. the operations of the business. Rather, they exist to monitor and enhance the effectiveness of the organization’s risk management activities. Of course, specific roles and responsibilities vary from one organization to another. Some groups do far more than provide reassurance; others are more proscribed in their activities. Potential roles that expand the job description include the following: • Visionary: assessing not only the current state of risk management, but peering ahead to help management divine future risks and opportunities. • Dietician: determining whether the organization’s risk diet matches its appetite. • Aggregator: ascertaining whether the organization is appropriately considering how risks interact and cascade. • Efficiency expert: investigating means to eliminate inefficiencies in risk management. Principle #9: In a Risk Intelligent Enterprise, certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management. 0
  • 13. Be risk intelligent In the recent past, finance and energy industries have been perceived as paragons of sophisticated risk management. Then the subprime crisis swept billions from corporate balance sheets and Katrina knocked platforms and derricks offline in the Gulf. Books have been written on what went wrong. But here’s a quick summary: 1) The potential interaction of multiple risks was underestimated or disregarded. 2) Probabilistic modeling was overemphasized; shortcuts were taken; scenario planning was underutilized; transparency into potential issues was absent. 3) Risk managers were isolated in silos. 4) Warnings were ignored; those who delivered them were dismissed as naysayers or criticized for not being team players. 5) A short-term perspective with a single-minded focus on making the quarterly numbers predominated. 6) Companies lacked a comprehensive approach to firm-wide risk management; authority and responsibility were poorly controlled and defined. 7) Risk management often focused on compliance rather than performance, leading to inadequate assessments and responses. All were significant breakdowns, to be sure, yet it would be an even greater failure if companies responded by turning risk averse. Risk taking for reward is a fundamental precept of capitalism and should be encouraged. But the pursuit of organizational success must be handled skillfully. In other words: It’s time to become Risk Intelligent.
  • 14. Nine fundamental principles of a Risk Intelligence program 1. In a Risk Intelligent Enterprise, a common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization. 2. In a Risk Intelligent Enterprise, a common risk framework supported by appropriate standards is used throughout the organization to manage risks. 3. In a Risk Intelligent Enterprise, key roles, responsibilities, and authority relating to risk management are clearly defined and delineated within the organization. 4. In a Risk Intelligent Enterprise, a common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities. 5. In a Risk Intelligent Enterprise, governing bodies (e.g., Boards, Audit Committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities. 6. In a Risk Intelligent Enterprise, executive management is charged with primary responsibility for designing, implementing, and maintaining an effective risk program. 7. In a Risk Intelligent Enterprise, business units (departments, agencies, etc.) are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management. 8. In a Risk Intelligent Enterprise, certain functions (e.g., Finance, Legal, IT, HR, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program. 9. In a Risk Intelligent Enterprise, certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management.
  • 15. U.S. Contacts: National Contacts: Regional Contacts: Henry Ristuccia Eric Hespenheide Mid-America U.S. Leader Partner Bill Kacal Governance Risk Management Global Leader Partner Deloitte Touche LLP Internal Audit Services Deloitte Touche LLP +1 212 436 4244 Deloitte Touche LLP +1 713 982 2517 hristuccia@deloitte.com +1 313 396 3163 bkacal@deloitte.com ehespenheide@deloitte.com Scott Baret Ed Hida Midwest Partner Partner John Peirson Deloitte Touche LLP Global Leader Partner +1 212 436 5456 Risk Capital Management Deloitte Touche LLP sbaret@deloitte.com Deloitte Touche LLP +1 612 397 4714 +1 212 436 4854 jpeirson@deloitte.com ehida@deloitte.com Donna Epps Katy Hollister North Central Partner Partner Brad Carrier Deloitte Financial Advisory Services LLP Deloitte Tax LLP Partner +1 214 840 7363 +1 513 784 7283 Deloitte Touche LLP depps@deloitte.com khollister@deloitte.com +1 313 396 2775 bcarrier@deloitte.com Michael Fuchs Michael Kearney Northeast Principal Partner Henry Ristuccia Deloitte Consulting LLP Assurance and Enterprise Risk Services Innovation Partner +1 212 618 4370 Deloitte Touche LLP Deloitte Touche LLP mfuchs@deloitte.com +1 510 817 2185 +1 212 436 4244 mkearney@deloitte.com hristuccia@deloitte.com Bob Hansen Chris Lee Northern Pacific and Hawaii Principal National Managing Partner Ed Byers Global Leader Security Privacy Services Principal Control Assurance Services Deloitte Touche LLP Deloitte Touche LLP Deloitte Touche LLP +1 408 704 4314 +1 415 783 4402 +1 203 708 4256 chrislee@deloitte.com ebyers@deloitte.com bohansen@deloitte.com Owen Ryan Pacific Southwest Partner Darrin Kelley Deloitte Touche LLP Partner +1 212 436 3992 Deloitte Touche LLP oryan@deloitte.com +1 213 688 5420 darkelley@deloitte.com Steve Wagner Southeast Managing Partner Larry Ishol U.S. Center for Corporate Governance Partner Deloitte Touche LLP Deloitte Touche LLP +1 617 437 2200 +1 202 220 2970 swagner@deloitte.com lishol@deloitte.com
  • 16. International Contacts: Mark Layton Global Leader Governance Risk Management Deloitte Touche LLP +1 214 840 7979 mlayton@deloitte.com AMERICAS ASIA PACIFIC EMEA Canada China Belgium Eddie Leschiutta Danny Lau Stephan Raemaekers Partner, Enterprise Risk Services Partner , Enterprise Risk Services Managing Partner Deloitte Canada Deloitte China Deloitte Belgium +1 416 601 5841 +852 2852 1015 +32 2 749 5921 eleschiutta@deloitte.ca danlau@deloitte.com.hk sraemaekers@deloitte.be Mexico Commonwealth of Independent States (CIS) France Walter Fraschetto Wayne G. Brandt Damien Leurent Partner Partner Partner Deloitte México Deloitte CIS Deloitte France +52 55 5080 6265 +7 495 787 0600 x2922 +33 1 4088 2969 wfraschetto@deloittemx.com waybrandt@deloitte.ru dleurent@deloitte.fr United States India Germany Henry Ristuccia Abhay Gupte Joerg Engels Partner Partner Partner Deloitte Touche LLP – United States Deloitte India Deloitte Germany +1 212 436 4244 +91 22 6681 0600 +49 211 8772 2376 hristuccia@deloitte.com agupte@deloitte.com jengels@deloitte.de Japan Italy Masahiko Sugiyama Carlo Peschiera Partner, Enterprise Risk Services Partner Deloitte Japan Deloitte Italy +81 3 4218 7283 +39 05 1658 1863 msugiyama@deloitte.com cpeschiera@deloitte.it Singapore Netherlands Uantchern Loh Wim Eysink Partner, Enterprise Risk Services Partner, Enterprise Risk Services Deloitte Singapore Deloitte Netherlands +65 6216 3282 +31 65 141 7099 uloh@deloitte.com weysink@deloitte.nl Spain Alfonso Mur Partner Deloitte Spain + 349 1 514 5000 x2103 amur@deloitte.es United Kingdom Graham Richardson Partner Deloitte United Kingdom +44 20 7007 3349 grrichardson@deloitte.co.uk
  • 17. #8224 About Deloitte As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries Member of Copyright © 2008 Deloitte Development LLC. All rights reserved. Deloitte Touche Tohmatsu