SlideShare a Scribd company logo

Risk Management - A Journey

Download as PPTX, PDF
Debashis Gupta
Debashis Gupta
1 of 22
Enterprise Risk Management A Journey January 2014
Contents • Risk Management Concepts • Risk Organization, Process and Terminology • Function Wise Risk Summary • MHC Risk Library • Review frequency • Way Forward
Ask most people why cars have brakes and they’ll say, “So you can slow down.” But the real reason is so you can go faster and still be in control Organizations that are most effective and efficient in managing risks to both existing assets and to future growth will, in the long run, outperform those that are less so. Why do we need risk management?
“Risk is the effect of uncertainty on objectives.” (ISO 31000:2009) What is Risk? The threat of bad things (risk as hazard) The possibility of good things not happening (risk as opportunity) The potential that actual events will not equal anticipated outcomes (risk as uncertainty) e.g. Flood or Fire Major Accidents Natural Disasters e.g. Changes in laws and regulations, Government Interventions e.g. New Technologies, New markets, New products
• Company in Eastern India: Fire incident – Regulatory and operational risk can have a significant financial, strategic (and reputational) impact Case Studies: Snowball effect of risk not assessed and managed effectively Lack of Internal Controls • The Fire System was not operational Company received Memo from Fire Department • Fire system was still not operational Fire Broke Out • 88 Lives Lost • Company sealed • Directors Arrested Financial/Operational Revenue loss due to closure of operations Strategic ? Expansion Plans ? Reputation • Hospital in Noida – Kidney scam happened, after which hospital lost its reputation and has still not been able to compete with current players in market. • Hospital in Bangalore – Lost licenses to carry out transplants due to non transfer of license to operator’s name.
What are managements asking  What are our principal business risks?  Are we taking the right amount of risk?  How effective are our processes for identifying, assessing and managing business risks?  How is risk management coordinated across the organisation ?  How do we integrate risk management with the organization’s strategic direction and plan?  How do we ensure that the organisation is performing according to the business plan and within appropriate risk criteria?  What information about the risks facing the organisation does the Management & Board get to help it fulfil its stewardship and governance responsibilities?  How do we help establish the "tone at the top" that reinforces organisation’s values and promotes a "risk aware culture"?
What is Enterprise Risk Management(ERM)? Prevent Risk Analysis Prepare Practice Recuperate Settle Respond Organize “COSO* recognizes that many organizations are engaged in some aspects of ERM” * Committee of Sponsoring Organizations (COSO) of the Treadway Commission, US
Benefits from ERM  Avoid surprises: Strengthened framework to identify and manage potential issues before they become serious business problems  Better governance due to clarity in following:  Risk Roles and Responsibilities  Risk Communication  Risk Reporting  Timely achievement of business objectives without any setback due to lack of effective risk management.  Enhanced confidence on internal controls for management declaration/ assurance.  Help in preventing potential revenue leakage and effective cost management.
ERM Standards & Frameworks • UK – The Institute of Risk Management - A Risk Management Standard • ISO 31000:2009 • Committee of Sponsoring Organization (COSO) of the Treadway Commission – ‘Enterprise Risk Management – Integrated Framework’ The frameworks provide broadly similar guidance on risk management principles and processes. COSO framework is used across the globe as acommon framework
COSO Framework – Approach and Methodology People & Technology Risk may have to be separately managed
Why ERM is vital in Healthcare
Key Risks faced by Healthcare Providers
The journey to implement an ERM framework  ERM Champion designated and Functional Risk Owners identified  Risk identification exercise to identify risks across all the functions and at an enterprise level. Draft Risk registers created.  Risks identified to be assessed/rated by the functional heads on the basis of their impact, likelihood of occurrence and mitigation plan effectiveness, prioritised and mitigation/action plans implemented.  Key enterprise level risks to be reviewed by the senior leadership team on a periodic basis.  Risk Organisation Structure at implementation and governance levels set up.  On-going monitoring and inculcating ERM culture in day to day operations.
A sample Risk Organization Structure To include EC members and Head – Legal and Head – Internal Audit Audit Committee Risk and Controls Steering Committee Chief Risk Officer : Non Medical Chief Risk Officer : Medical Risk Champions / Risk Owners Risk Champions / Risk Owners Risk Chanpions / Risk Owners Risk Champions / Risk Owners Clinical Director will be CRO Medical CFO will be CRO Non- Medical Medical Excellence Committee Service Excellence Committee
Sample Risk Ranking Mechanism • Risk Rating = I * P * E • Impact, Probability & Effectiveness are measured on a scale of 1-4 Risk Rating Effect Cause Control Function/ Business Process/ Event Impact Probability Mitigation Plan Effectiveness Risk Priority Action Plan
Risk Terminology Term Explanation Risk owner Person with the accountability and authority to manage a risk Risk Category Strategic, People, Technology, Compliance, Operations, Financial & Reporting Probability Likely-Risks which are almost certain to occur Possible-Risks whose likelihood of occurrence is high Unlikely-Risks with a moderate likelihood of occurrence Remote-Risks with an extremely low probability of occurrence Impact Category Occurrence of the risk could have an impact in the following areas - Financial, Brand, Legal & Regulatory and People Severity of Impact Extreme- Loss of ability to sustain ongoing operations Major-Significant impact on the achievement of objectives Material- Limited effect on achievement of objectives Minor-Minimal impact on achievement of objectives Risk Rating Very High, High, Medium & Low
Function Risk Owner Risk Category Probability Impact Category Severity of Impact Risk Rating Mitigation Plan S.No. Activity Closure Date 1 2 Risk Description : Risk Register Template
Risk Responses Impact Probability Treat Terminate TransferTake Once risks have been identified & assessed, the next step is to manage the risk based on the risk criteria of the organization
19 Frequency of review Impact Probability Grid I Grid II Grid III Grid IV Grid V Grid VI Grid IXGrid VIIIGrid VII High impact, Low probability & Medium effectiveness Low impact, Low probability & High effectiveness Medium impact, Low probability & Medium effectiveness High impact, high probability & Low effectiveness High impact, Medium probability & Low effectiveness Medium impact, Medium probability & Medium effectiveness Medium impact, High probability & Medium effectiveness Low impact, Medium probability & High effectiveness Low impact. High probability & Medium effectiveness Maybe reviewed every quarter Maybe reviewed every six month Maybe reviewed annually Needs quarterly review with real time monitoring Maybe reviewed every six month Maybe reviewed every quarter Maybe reviewed annually Maybe reviewed every six month Needs quarterly review with on line monitoring
Possible Roadblocks  Sub-committee oversight of specific risk areas such as credit risk, market risk, operational risk, and compliance risk.  Clear expression of risk criteria.  Loose linkage between business strategy and risk criteria.  Lack of documentation on Policies and Procedures, and Roles and Responsibilities.  Lack of consistent approach followed for identifying and managing risks across the organization.  Inadequate communication between Risk Takers and Risk Managers/facilitators.  Inefficient support to the needs of robust Risk Management.
• Final risk registers to be validated by leadership team for probability of occurrence of risks, their impact, adequacy of mitigation plans & timelines and residual risk ratings • 15 key risks to be identified by leadership team, to be taken up for rigorous risk management. The owners of these risks to co-opt people from other departments and develop elaborate Risk Mitigation Strategy and Plans • Mitigation progress of the 15 key risks to be reviewed in monthly leadership team meetings. CEO to chair these meetings • Risk Polarization Survey to be conducted on half yearly basis Way forward
Risk Management - A Journey

Recommended

Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
Risk description training 22_dec12
Risk description training 22_dec12Risk description training 22_dec12
Risk description training 22_dec12umar farooq
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
Step by step guide on project risk management
Step by step guide on project risk managementStep by step guide on project risk management
Step by step guide on project risk managementPMC Mentor
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 

Recommended

Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewJIGNESH PADIA
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsEMAC Consulting Group
 
Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
Introduction to Risk Management
Introduction to Risk ManagementIntroduction to Risk Management
Introduction to Risk ManagementFAA Safety Team Central Florida
 
Risk description training 22_dec12
Risk description training 22_dec12Risk description training 22_dec12
Risk description training 22_dec12umar farooq
 
A Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementA Board Perspective on Enterprise Risk Management
A Board Perspective on Enterprise Risk ManagementTurlough Guerin GAICD FGIA
 
Step by step guide on project risk management
Step by step guide on project risk managementStep by step guide on project risk management
Step by step guide on project risk managementPMC Mentor
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Turlough Guerin GAICD FGIA
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk-management
Risk-management Risk-management
Risk-managementUmesh Gupta
 
Risk Management
Risk ManagementRisk Management
Risk ManagementIbrahem Soltan
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Risk management
Risk managementRisk management
Risk managementSazzad Hossain, ITP, MBA, CSCA™
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentationchristianaegerter1
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentalsmikaelastafrace
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 
Risk management
Risk managementRisk management
Risk managementBabasab Patil
 
Erm tm 10
Erm tm 10Erm tm 10
Erm tm 10Mulyadi Yusuf
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 

More Related Content

What's hot

StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingNathan Ives
 
Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Turlough Guerin GAICD FGIA
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk managementKannan Subbiah
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Adnan Naseem
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk-management
Risk-management Risk-management
Risk-managementUmesh Gupta
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Andrew Smart
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentationRaven Morgan
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Diane Christina
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesSlideTeam
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentalsmikaelastafrace
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Andrew Smart
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Processregio12
 

What's hot (20)

StrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance MappingStrategyDriven Risk Assurance Mapping
StrategyDriven Risk Assurance Mapping
 
Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute Risk Management for Directors - Governance Institute
Risk Management for Directors - Governance Institute
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk management
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Risk-management
Risk-management Risk-management
Risk-management
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011Integrating Risk Appetite With Strategy Feb 14 2011
Integrating Risk Appetite With Strategy Feb 14 2011
 
Risk strategies presentation
Risk strategies presentationRisk strategies presentation
Risk strategies presentation
 
Risk management
Risk managementRisk management
Risk management
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentation
 
Introduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation SlidesIntroduction To Risk Management Powerpoint Presentation Slides
Introduction To Risk Management Powerpoint Presentation Slides
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
Risk Management Fundamentals
Risk Management FundamentalsRisk Management Fundamentals
Risk Management Fundamentals
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
 
Risk management
Risk managementRisk management
Risk management
 

Similar to Risk Management - A Journey

1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - complianceNeeraj Verma
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)deeptica
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption RiskDr Darren O'Connell AGIA
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementStephen Ong
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningEneni Oduwole
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOPiTech
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973NATHAN Consulting
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceLou DiSerafino
 
ERM-STANDARD PPT.pptx
ERM-STANDARD PPT.pptxERM-STANDARD PPT.pptx
ERM-STANDARD PPT.pptxChazzyfChazzy
 

Similar to Risk Management - A Journey (20)

Erm tm 10
Erm tm 10Erm tm 10
Erm tm 10
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
mr neeraj - day 1 - compliance
mr neeraj - day 1 - compliancemr neeraj - day 1 - compliance
mr neeraj - day 1 - compliance
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk2016 - IQPC - Understanding and Assessing Corruption Risk
2016 - IQPC - Understanding and Assessing Corruption Risk
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Bcu msc cg week 4 risk management
Bcu msc cg week 4 risk managementBcu msc cg week 4 risk management
Bcu msc cg week 4 risk management
 
Operational Risk Management & Strategic Planning
Operational Risk Management & Strategic PlanningOperational Risk Management & Strategic Planning
Operational Risk Management & Strategic Planning
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Hoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO ConferenceHoover.2016 Texas Bankers CFO Conference
Hoover.2016 Texas Bankers CFO Conference
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
Enterprise risk-management1973
Enterprise risk-management1973Enterprise risk-management1973
Enterprise risk-management1973
 
DiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conferenceDiSerafino - ORSA_insurance_conference
DiSerafino - ORSA_insurance_conference
 
ERM-STANDARD PPT.pptx
ERM-STANDARD PPT.pptxERM-STANDARD PPT.pptx
ERM-STANDARD PPT.pptx
 

Risk Management - A Journey

  • 1. Enterprise Risk Management A Journey January 2014
  • 2. Contents • Risk Management Concepts • Risk Organization, Process and Terminology • Function Wise Risk Summary • MHC Risk Library • Review frequency • Way Forward
  • 3. Ask most people why cars have brakes and they’ll say, “So you can slow down.” But the real reason is so you can go faster and still be in control Organizations that are most effective and efficient in managing risks to both existing assets and to future growth will, in the long run, outperform those that are less so. Why do we need risk management?
  • 4. “Risk is the effect of uncertainty on objectives.” (ISO 31000:2009) What is Risk? The threat of bad things (risk as hazard) The possibility of good things not happening (risk as opportunity) The potential that actual events will not equal anticipated outcomes (risk as uncertainty) e.g. Flood or Fire Major Accidents Natural Disasters e.g. Changes in laws and regulations, Government Interventions e.g. New Technologies, New markets, New products
  • 5. • Company in Eastern India: Fire incident – Regulatory and operational risk can have a significant financial, strategic (and reputational) impact Case Studies: Snowball effect of risk not assessed and managed effectively Lack of Internal Controls • The Fire System was not operational Company received Memo from Fire Department • Fire system was still not operational Fire Broke Out • 88 Lives Lost • Company sealed • Directors Arrested Financial/Operational Revenue loss due to closure of operations Strategic ? Expansion Plans ? Reputation • Hospital in Noida – Kidney scam happened, after which hospital lost its reputation and has still not been able to compete with current players in market. • Hospital in Bangalore – Lost licenses to carry out transplants due to non transfer of license to operator’s name.
  • 6. What are managements asking  What are our principal business risks?  Are we taking the right amount of risk?  How effective are our processes for identifying, assessing and managing business risks?  How is risk management coordinated across the organisation ?  How do we integrate risk management with the organization’s strategic direction and plan?  How do we ensure that the organisation is performing according to the business plan and within appropriate risk criteria?  What information about the risks facing the organisation does the Management & Board get to help it fulfil its stewardship and governance responsibilities?  How do we help establish the "tone at the top" that reinforces organisation’s values and promotes a "risk aware culture"?
  • 7. What is Enterprise Risk Management(ERM)? Prevent Risk Analysis Prepare Practice Recuperate Settle Respond Organize “COSO* recognizes that many organizations are engaged in some aspects of ERM” * Committee of Sponsoring Organizations (COSO) of the Treadway Commission, US
  • 8. Benefits from ERM  Avoid surprises: Strengthened framework to identify and manage potential issues before they become serious business problems  Better governance due to clarity in following:  Risk Roles and Responsibilities  Risk Communication  Risk Reporting  Timely achievement of business objectives without any setback due to lack of effective risk management.  Enhanced confidence on internal controls for management declaration/ assurance.  Help in preventing potential revenue leakage and effective cost management.
  • 9. ERM Standards & Frameworks • UK – The Institute of Risk Management - A Risk Management Standard • ISO 31000:2009 • Committee of Sponsoring Organization (COSO) of the Treadway Commission – ‘Enterprise Risk Management – Integrated Framework’ The frameworks provide broadly similar guidance on risk management principles and processes. COSO framework is used across the globe as acommon framework
  • 10. COSO Framework – Approach and Methodology People & Technology Risk may have to be separately managed
  • 11. Why ERM is vital in Healthcare
  • 12. Key Risks faced by Healthcare Providers
  • 13. The journey to implement an ERM framework  ERM Champion designated and Functional Risk Owners identified  Risk identification exercise to identify risks across all the functions and at an enterprise level. Draft Risk registers created.  Risks identified to be assessed/rated by the functional heads on the basis of their impact, likelihood of occurrence and mitigation plan effectiveness, prioritised and mitigation/action plans implemented.  Key enterprise level risks to be reviewed by the senior leadership team on a periodic basis.  Risk Organisation Structure at implementation and governance levels set up.  On-going monitoring and inculcating ERM culture in day to day operations.
  • 14. A sample Risk Organization Structure To include EC members and Head – Legal and Head – Internal Audit Audit Committee Risk and Controls Steering Committee Chief Risk Officer : Non Medical Chief Risk Officer : Medical Risk Champions / Risk Owners Risk Champions / Risk Owners Risk Chanpions / Risk Owners Risk Champions / Risk Owners Clinical Director will be CRO Medical CFO will be CRO Non- Medical Medical Excellence Committee Service Excellence Committee
  • 15. Sample Risk Ranking Mechanism • Risk Rating = I * P * E • Impact, Probability & Effectiveness are measured on a scale of 1-4 Risk Rating Effect Cause Control Function/ Business Process/ Event Impact Probability Mitigation Plan Effectiveness Risk Priority Action Plan
  • 16. Risk Terminology Term Explanation Risk owner Person with the accountability and authority to manage a risk Risk Category Strategic, People, Technology, Compliance, Operations, Financial & Reporting Probability Likely-Risks which are almost certain to occur Possible-Risks whose likelihood of occurrence is high Unlikely-Risks with a moderate likelihood of occurrence Remote-Risks with an extremely low probability of occurrence Impact Category Occurrence of the risk could have an impact in the following areas - Financial, Brand, Legal & Regulatory and People Severity of Impact Extreme- Loss of ability to sustain ongoing operations Major-Significant impact on the achievement of objectives Material- Limited effect on achievement of objectives Minor-Minimal impact on achievement of objectives Risk Rating Very High, High, Medium & Low
  • 17. Function Risk Owner Risk Category Probability Impact Category Severity of Impact Risk Rating Mitigation Plan S.No. Activity Closure Date 1 2 Risk Description : Risk Register Template
  • 18. Risk Responses Impact Probability Treat Terminate TransferTake Once risks have been identified & assessed, the next step is to manage the risk based on the risk criteria of the organization
  • 19. 19 Frequency of review Impact Probability Grid I Grid II Grid III Grid IV Grid V Grid VI Grid IXGrid VIIIGrid VII High impact, Low probability & Medium effectiveness Low impact, Low probability & High effectiveness Medium impact, Low probability & Medium effectiveness High impact, high probability & Low effectiveness High impact, Medium probability & Low effectiveness Medium impact, Medium probability & Medium effectiveness Medium impact, High probability & Medium effectiveness Low impact, Medium probability & High effectiveness Low impact. High probability & Medium effectiveness Maybe reviewed every quarter Maybe reviewed every six month Maybe reviewed annually Needs quarterly review with real time monitoring Maybe reviewed every six month Maybe reviewed every quarter Maybe reviewed annually Maybe reviewed every six month Needs quarterly review with on line monitoring
  • 20. Possible Roadblocks  Sub-committee oversight of specific risk areas such as credit risk, market risk, operational risk, and compliance risk.  Clear expression of risk criteria.  Loose linkage between business strategy and risk criteria.  Lack of documentation on Policies and Procedures, and Roles and Responsibilities.  Lack of consistent approach followed for identifying and managing risks across the organization.  Inadequate communication between Risk Takers and Risk Managers/facilitators.  Inefficient support to the needs of robust Risk Management.
  • 21. • Final risk registers to be validated by leadership team for probability of occurrence of risks, their impact, adequacy of mitigation plans & timelines and residual risk ratings • 15 key risks to be identified by leadership team, to be taken up for rigorous risk management. The owners of these risks to co-opt people from other departments and develop elaborate Risk Mitigation Strategy and Plans • Mitigation progress of the 15 key risks to be reviewed in monthly leadership team meetings. CEO to chair these meetings • Risk Polarization Survey to be conducted on half yearly basis Way forward

Editor's Notes

  1. 7