SlideShare ist ein Scribd-Unternehmen logo

Leadership and Risk Management report

FERMA
FERMA

Leadership and Risk Management report

BusinessWirtschaft & Finanzen
1 von 12
Downloaden Sie, um offline zu lesen
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Leadership in Risk Management Sponsored by
ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider with a global network of subsidiaries and offices in Europe, North America, Latin America, Asia-Pacific, the Middle East, and other markets. It offers a wide range of general insurance and life insurance products and services for individuals, small businesses, mid-sized and large companies, and multinational corporations. Zurich employs about 60,000 people serving customers in more than 170 countries. Founded in 1872, the group is headquartered in Zurich, Switzerland. LEARN MORE: www.zurichcorporateforum.com ABOUT FERMA The Federation of European Risk Management Associations (FERMA) brings together 22 national risk management associations in 20 European countries. FERMA has 4,500 individual members representing a wide range of business sectors, from major industrial and commercial companies to financial institutions and local government bodies. These members play a crucial role for their organizations with respect to the management and treatment of complex risks and insurance issues. ABOUT PRIMO The Public Risk Management Organisation (PRIMO) was established with the aim of advancing the knowledge about and use of risk management within the local governmental sector and the public sector at large in Europe. To achieve this purpose PRIMO Europe will provide a comprehensive Web library with risk management information, newsletters, education, and conferences. PRIMO’s long-term aim is to establish risk management as a natural and integral part of good public governance. It comprises a pan-European umbrella organization of independent PRIMO national chapters and other organizations within the public sector from sixteen European countries, covering 16,000 managers.
Leadership in Risk Management Executive Summary THE C-SUITE IS taking a stronger role in leading the risk management effort at major primarily European companies, underscoring the higher priority risk has assumed in the wake of several years of financial SURVEY HIIGHLIGHTS and economic turmoil. Congruently, companies are underscoring the need for strong board involvement to facilitate decision-making regarding strategic and enterprise-wide risks and to encourage acceptance of a culture of risk management further down in the organization. Companies are struggling, however, to create a wider role for the risk function as a participant in strategic planning and transformational initiatives. And European executives express concern about the robustness of their risk management processes and channels of communication. Vast changes in how business is done, sparked by the technology revolution and globalization, are meanwhile raising concerns about company and brand risk. These and other challenges are prompting companies to devote more resources to defining their risk appetite and to tracking, measuring, and analyzing 48% of companies said their chief risk officer plays a role in communicating an affirmative risk culture. risk through such tools as “heat maps,” key risk indicator scorecards, scenario analysis, and loss forecasting. The challenge, however, some executives said, is still to make sure that risk is “owned” at appropriate levels of the organization and that risks are communicated efficiently, such that top management and the board can make timely, fact-based decisions about how to address them. According to a recent Harvard Business Review Analytic Services survey of European companies, sponsored by Zurich, the Federation of European Risk Management Associations (FERMA), and the Public Risk Management Organisation (PRIMO): ■■C-suite supervision of risk management is intensifying. The survey indicates that, at 35% of organiza- tions, either a CRO or a risk manager has direct responsibility for risk management. At 27%, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%. ■■The majority of companies have education and review processes in place that keep the board and the 20% of respondents’ organizations describe the risk function as a tool for making more effective strategic decisions and investments. C-suite informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organizations. ■■Only 17% of respondents described communication between the C-suite and the CRO as being com- prehensive or nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee—despite the crucial role the risk committee plays in making sure risk data are discussed thoroughly and passed on to the board. ■■Companies aspire to forge closer links between risk management and strategic planning. Roughly half said their risk management process is closely or very closely aligned with their overall strategy and budget. ■■Companies are making less progress at bringing the risk function’s resources to bear on transformative business projects such as mergers, however. Only 20% described the risk function as a tool for making 40% of companies have yet to set up a broad-based cross-functional risk committee. more effective strategic decisions and investments. ■■Companies have been slow to adopt risk-based incentives as part of compensation. Only 12% said they align risk management with executive pay. LEADERSHIP IN RISK MANAGEMENT | 1
■■Brand and reputation risk are also rising concerns, cited by nearly two-thirds of companies as an area requiring top management-level attention. ■■Some executives and other experts single out lack of risk management talent as an important area of risk, particularly when the company is entering a new geographic or product market. ■■Processes to define risk appetite are now in place at nearly half of companies. Systemic risk manage- ment tools and analytics that enable them to track and analyze risk, and can then inform risk committee discussions, are in more common use. Introduction: Leadership at the Top Levels Buffeted by global competition, the shocks of the 2007-08 financial crash, and its recession-wracked aftermath, European companies are prioritizing risk management as never before. Increasingly, top management and the board are setting direction and taking tighter control of risk management, integrating with overall company strategy, and inculcating it deeper into the corporate culture. At the same time, they are intensifying their focus on such areas as reputation and IT risk and are acquiring new tools for forecasting and mitigating threats. Reflecting this new prioritization of risk, executives at major companies and leading thinkers on risk management emphasize the board’s and the C-suite’s pivotal role in providing continued leadership and direction. “It’s important that the C-suite be talking as much about risk management as it does about profit, growth, and customers because they are interdependent. The point is that you can’t optimize profit if you do not manage—leverage or mitigate—exposures as appropriate,” said Linda Conrad, Director of Strategic Business Risk at Zurich, at a May 2013 Harvard Business Review webinar. Figure 1 Responsibility for Risk Management QUESTION: WITHIN YOUR ORGANIZATION, WHO HAS DIRECT RESPONSIBILITY FOR RISK MANAGEMENT? 18% Risk manager 17% Chief risk officer CFO/treasurer 14% The board 14% 13% CEO 7% Leadership of individual business units Internal auditor 2% General counsel 2% Compliance officer Other Total exceeds 100% due to rounding. 2 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT 1% 14% 75%
Three-quarters (75%) of respondents cited the risk function as a channel through which the C-suite gathers information, intelligence, and advice on risk. A recent survey by Harvard Business Review Analytic Services found that direct supervision of risk management is becoming concentrated at the top levels of organizations—either with a chief risk officer (CRO) or in the C-suite or by the board itself. At 35% of organizations, either a CRO or a risk manager has direct responsibility for risk management. At 27% of organizations, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%. Figure 1 Conrad outlined a three-step process, emphasizing the role of top-level executives, that Zurich uses to advise on risk management: ■■Securing an executive sponsor—possibly the CEO—together with “ongoing monitoring” by the board. ■■Defining the scope of risk management and the organization’s risk appetite, prioritizing risks, and communicating these “down into the organization.” ■■“Assessing and reassessing” the company’s risk profile, prioritizing the biggest risks, and identifying triggers that prompt measures to manage risks and assign accountability. To make a structure like Zurich’s work, European companies are particularly emphasizing strong board engagement. “You need the support of the board. If you don’t have the support of the board, it will not work,” said Johan Willaert, Corporate Risk Manager at Agfa-Gevaert NV. The majority of companies in the survey have education and review processes in place that keep the board and the C-suite regularly informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organizations. At more than half (59%) of organizations, the board reviews risk management policies and procedures annually, and at almost three out of four (72%), it reviews top risk exposures and treatment actions at least biannually. More than half (56%) of organizations have increased the resources they devote to risk-related education and training over the past three years, at least for the CRO level and higher. Communication Makes Process Work Making these processes work requires the risk function to serve as a conduit for information flowing between the board, the C-suite, and the rest of the organization. Almost half (48%) of survey respondents said the chief risk officer plays a role in communicating an affirmative “risk culture”—more even than the board (44%) or the C-suite (34%). Three-quarters (75%) of respondents cited the risk function as a channel through which the C-suite gathers information, intelligence, and advice on risk—more than any other. Figure 2 Process does not always translate into embedded knowledge and awareness, however. Only 17% of survey respondents described communication between the C-suite and the CRO as being comprehensive or nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee. This, Willaert said, despite the crucial role that the risk committee—which must be independent and derive its authority from the board to be effective—plays a role in making sure all relevant levels of management discuss the company’s risk profile thoroughly and pass on information that enables the board to make fact-based decisions. LEADERSHIP IN RISK MANAGEMENT | 3
Figure 2 Involvement in Communicating an Affirmative Risk Culture QUESTION: WITHIN YOUR ORGANIZATION, WHO IS INVOLVED IN DEVELOPING AND COMMUNICATING AN AFFIRMATIVE “RISK CULTURE”? 48% Chief risk officer 44% Board 34% C-suite 26% Other No person or group is proactively promoting a positive risk culture 6% 75% Sometimes the process itself breaks down. “As an academic, it often surprises me that, even today, board members and CEOs are not on the same page and are not having that conversation” about risk as an element of corporate strategy, said Paul Walker, Zurich Chair in Enterprise Risk Management at St. John’s University. Sometimes the information that board members receive is less than the unadorned truth. “Last year, I was speaking on this subject,” he said, “and someone at a very large organization came up to me and said, ‘We clean it up before it gets to the board—we cleanse it, we sanitize it, we delete things.’” The good news, Walker said, is that board members themselves are asking questions. “Board members have said to me, ‘We’ve got to get better in doing that,’” said Walker. “Some of the complaints I get from boards are that they don’t get strategy risk information on a timely basis. So they can’t really help the executive team make the right decision, because they feel rushed in some of these situations. Or they see ERM leaders who talk about ERM, but they don’t seem to think broadly enough and they don’t do deep dives, and they don’t connect the dots. Or I’ve heard board members say to me, ‘You say you’re doing ERM, but from our perspective, it looks a lot like silo risk management.’ So they want organizations to try to connect the dots a little bit more, because there’s a lot of value in doing that.” Giving Risk Management a Role in Strategic Planning While many companies still need to get better at communicating about risk and reporting to the board, risk management is assuming a broader and more strategic role at some. Almost two-thirds of survey respondents (63%) said they are concerned or extremely concerned about strategic risks—the threat that some element of their business strategy may be creating new threats. For some organizations, this translates into closer collaboration between the risk function and strategic planning. Just over half (52%) of respondents said their organization’s risk management process is closely or very closely aligned with its overall strategy and budget. More than one in four (27%) said that risk management should help the company leverage upside growth opportunities along with mitigating downside exposures. And 41% said the risk function has a seat during strategy setting, project launches, investment, and other business decisions, while 42% said it has a seat occasionally. That still leaves the bulk of companies yet to be convinced that risk management has a place in strategic planning. “We are still not at that point, but we have progressed,” said Willaert. The CRO plays the pivotal role 4 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
in making the case, said Conrad: “You have to have a vocal CRO to let senior management know that there are tools and techniques used in traditional and enterprise risk management that can benefit the strategic decision-making process.” Several survey respondents said that the risk function takes part regularly in strategy review meetings. Several also said that the risk manager or CRO is brought in whenever a major business investment is considered, including to perform an impact analysis or assessment. Yet only 20% described the risk function as a tool for making more effective strategic decisions and investments, and only 17% described it as a business tool to help drive profitability by facilitating achievement of objectives. Figure 3 To bring a more active role to the risk function, the CRO must dispel a common image as “a person who says no to ideas,” said Walker, and must demonstrate the value of the metrics and other tools at their disposal, often to skeptical officials. Walker cited a recent conversation with a chief strategy officer whose “biggest criticism of ERM was, ‘I need something that’s actionable. You tell me what the risk is, but how do I act upon that?’ So we’ve got to be ready for those difficult questions and have the solutions as well.” Top-level support is crucial, Walker said. The CRO must have “some credibility and some respect and trust from the C-suite and from the board.” It’s also important “to really understand the business model and how the company creates value, makes money, or, if it’s a nonprofit, how it achieves its nonprofit objectives.” The CRO is often “not just someone who’s done ERM his or her whole life,” adds Conrad. “It’s someone who’s been in the business as well and who knows what’s required to be successful.” Creating a Risk Management Culture Creating an internal culture that promotes risk management can be equally challenging. One gauge of progress, said Willaert, is whether successful risk management is regarded within the company merely as a nonnegative, or as “a positive thing, an added value.” Communication is key, he said, and needs to be encouraged in three directions: top-down, bottom-up, and from the audit committee to the board. Figure 3 Corporate Culture’s View on Risk Management QUESTION: WHICH OF THE FOLLOWING BEST DESCRIBES YOUR CORPORATE CULTURE’S VIEW ON RISK MANAGEMENT? 58% A process to proactively encourage risk identification, control, and strategic response Enterprise risk management (ERM) 40% Corporate governance 39% Mitigating downside exposures and leveraging upside growth opportunities A tool for making more effective strategic decisions and investments 27% 20% The audit function 17% A business tool to help drive profitability by facilitating achievement of objectives 17% A matter to be addressed by purchasing insurance 17% LEADERSHIP IN RISK MANAGEMENT | 5
Only 12% of respondents said their organization aligns risk management with executive pay. “The top-down part communicates the company’s goals and tools—how we will do it, why we do it—so that everybody knows not only that risk management is supported by the board but also that it is an added value for the group,” said Willaert. Bottom-up communication encourages business and functional leaders to “own” risk, understanding that if they raise an issue within their purview, their action will be seen “not as a reason to blame them but rather as an effort to improve and protect the balance sheet of the company.” The third circuit ensures that risks detected by the audit committee are brought to the board for discussion and possible action. Communication and reporting standards emerged as a significant focus of concern in the survey. More than one-third of respondents expressed concern that proactive communication, potentially preventing or lessening the impact of a crisis, does not take place in a timely manner during daily operations. More than one in four (27%) expressed concern about the impact of both overrides and work-arounds to existing risk management policies and procedures and of a “good news culture” that prevents management from receiving and absorbing counterintuitive, non-consensus information or views on risk (29%). If the process of communication, monitoring, and reporting of risk at every level is the “stick” of risk culture, the “carrot,” Conrad said, is incentives—“tying risk to hitting your targets for that year. There’s obviously a motivation for each person who likes to keep getting a paycheck or a bonus.” Organizations have been slow to adopt risk-based incentives as part of compensation. Only 12% of respondents said their organization aligns risk management with executive pay. Of those that do, some said their company had established compensation assessment periods sufficiently long to ensure that sustainable shareholder value is being created, while others said their organization adds clawback provisions to bonuses in case of underperformance. Incentives work best when the organization can attract and retain staff with risk management capabilities. However, risk accountability is everyone’s responsibility, so it’s essential to provide risk training across business and functional areas, Conrad said. That hands a strong role to human resources. “HR sometimes is one of the biggest risks,” said Walker. “One of the things I hear from boards, after we identify our risks—especially the big ones—is, ‘Do we have the talent in place to help manage that risk?’ If they are going into a new country or a new product, or competing in an area where they haven’t competed before, do they have the right executive-level talent to manage that risk? And that’s, I think, a critical question going forward.” “We also have a lot of awareness activities that are driven by HR. One week will be business continuity management, or internal audit week. And so this awareness keeps risk front and foremost on people’s minds, whether through communication or learning development.” HR can also play a part in communicating and educating about risk. “Often,” said Conrad, “the learning development function is in HR. For example, at Zurich we make available different courses about risk on our intranet.” Focusing on Reputation and IT Risk “Risk to the corporate or brand reputation is likely to become a larger concern for companies—a concern that will have to be addressed directly by senior management,” Conrad said. “Trust in CEOs is at record 6 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
low levels,” she noted. “Pursuing an enterprise-wide risk management agenda is one way that top executives can counteract this image problem,” she argued—“being careful to lead risk management all the way down, from their level into the ranks of the company.” “Top management also needs to take a direct hand in controlling major enterprise exposure such as the closely related area of IT risk,” Conrad said. “Today, you know that every person in the organization has, potentially, a laptop or access to the Internet,” she noted. “So every employee needs to be made aware that he or she has a role to play in managing risk that could impact the company’s overall reputation. Obviously, this is exacerbated by media coverage and social media. Leadership has a role in driving that accountability and that understanding that each person has a role to play. Hopefully, that minimizes work-arounds by people avoiding risk management—because it’s seen as a positive contribution to the company’s profits.” Indeed, survey responses suggest strongly that brand, reputation, and related risks are becoming more significant concerns. A full 42% of respondents cited brand/reputation risk as an area of concern, while slightly less than half (44%) mentioned IT/data privacy and technology (40%), underscoring organizations’ concerns about their exposure both to cyber risks and to potentially damaging communication on the Internet and social media. Figure 4 Figure 4 Level of Concern Over Areas of Risk QUESTION: PLEASE RATE YOUR LEVEL OF CONCERN ABOUT EACH OF THE FOLLOWING AREAS OF RISK. Percentage indicating some level of concern by rating 7, 8, 9 or 10, where 10=extremely concerned 63% Strategic 55% Financial IT/data privacy 44% Legal and regulatory compliance 44% Brand/reputation 42% Market/competitive 42% Technology 41% 37% Systemic 35% Political/geopolitical 33% Workforce Natural disasters Terrorism/violence 20% 10% LEADERSHIP IN RISK MANAGEMENT | 7
Forecasting and Mitigating Risk “One of the advantages of creating a risk committee,” said Willaert, is that “it’s much easier to have extended discussions in respect to risk appetite, risk tolerance. Then you can come with a proposal to the board, and it’s much easier to make decisions on the basis of the complete facts.” At nearly half (47%) of companies, the C-suite has developed a process for determining the organization’s risk appetite, and, of these, over half (59%) say this is clearly communicated to all levels of the organization. Systemic risk management tools and analytics that enable companies to track and analyze risk and then inform risk committee discussions are becoming more commonplace. More than half (56%) of survey respondents said their organization has increased its use of analytics for risk management in the past three years. Among the tools most often cited are risk “heat maps” (41%), key risk indicator scorecards (36%), maps to identify risks inherent in the organization’s strategy (30%), scenario analysis and war-gaming (25%), loss forecasting (25%), and loss simulation (24%). At Zurich, for example, a heat map is created each month, circulated to the business and functional owners of risk, and then reported up to senior management once a month and to the board once a quarter. But while “models should drive decision-making, they should not make up our minds for us,” Conrad cautioned, “so we use these tools to inform our decisions rather than to actually draw a line in the sand.” Walker, too, warned against overreliance on data tools. “A common mistake I see is that people generate a risk map or a risk profile or a risk register, and then they go back and categorize certain things as strategic risks as opposed to financial or IT risks. That doesn’t really mean that you’ve identified strategic risk. Labeling some of the risk you’ve identified as strategic is not the same as doing serious strategic risk identification.” What’s most important, said Conrad, is that appropriate metrics are set at the appropriate level of the organization: “KPIs are set depending on what objective we’re trying to meet. They may be set by the executive level if they’re longer term, or they may be set at the individual business or product level. Each group will have different types of KPIs, depending on what they’re measuring. This is where you start to dig a little bit deeper in assigning those key risk indicators that can drive your success or failure.” ZURICH CASE STUDY Over the past five years, Zurich’s operational risk capital efficiency has improved through a strengthening of its ERM process, which includes the introduction of an operational risk management framework. This framework provides Zurich with risk management tools to specifically identify, assess, manage, and quantify operational risks. Through this framework and the wider ERM process, Zurich increases its ability to achieve efficiency and effectiveness gains. This allows Zurich to better focus on optimizing company resources and in turn decide what opportunities to fund. For example, one business unit experienced a reduction of 21.7% in operational risk-based capital consumption when Zurich moved from an asset-based approach to its current, risk-based approach for operational risk quantification. The business unit management then identified areas of high-risk exposure, performed a deeper assessment, and developed measures to mitigate the exposures. As a result, in the following year the unit experienced an additional reduction of 28.9% in operational risk capital consumption. The operational risk capital not consumed was then available to fund profitable growth for Zurich. 8 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
WHO PARTICIPATED IN THE SURVEY All but three of the 217 respondents to the survey (98%) work for organizations based in Europe. Over half—53%—of respondents said they are involved in decision-making regarding risk management for their organization, while another 22% are responsible for making decisions regarding the entire range of risk management within their organization. Sixty percent of respondents are either CROs or risk managers—by far the largest category in the survey. Twelve percent are top corporate officials: board members, owners/partners, CEOs or other chief executives, CFOs, treasurers, and comptrollers. Seventy percent work for companies employing 1,000 or more people, and 34% work for companies employing more than 10,000 people.
FOR MORE INFORMATION ON HARVARD BUSINESS REVIEW ANALYTIC SERVICES: hbr.org/hbr-analytic-services

Empfohlen

Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinar
FERMA
 
Risk culture presentation
Risk culture presentationRisk culture presentation
Risk culture presentation
Benjamin Kpodo
 
Discover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliDiscover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad Fheili
Mohammad Ibrahim Fheili
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
Simone Luca Giargia
 
The Effects of Risk Culture on Organisation Performance
The Effects of Risk Culture on Organisation PerformanceThe Effects of Risk Culture on Organisation Performance
The Effects of Risk Culture on Organisation Performance
Benjamin Kpodo
 
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Resolver Inc.
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19
chungarisk
 
2014_Risk culture series_Risk culture
2014_Risk culture series_Risk culture2014_Risk culture series_Risk culture
2014_Risk culture series_Risk culture
Neal Writer
 

Empfohlen

Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinar
FERMA
 
Risk culture presentation
Risk culture presentationRisk culture presentation
Risk culture presentation
Benjamin Kpodo
 
Discover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad FheiliDiscover Risk Culture with Mohammad Fheili
Discover Risk Culture with Mohammad Fheili
Mohammad Ibrahim Fheili
 
Risk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITIRisk culture - IRM PROTIVITI
Risk culture - IRM PROTIVITI
Simone Luca Giargia
 
The Effects of Risk Culture on Organisation Performance
The Effects of Risk Culture on Organisation PerformanceThe Effects of Risk Culture on Organisation Performance
The Effects of Risk Culture on Organisation Performance
Benjamin Kpodo
 
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Resolver Inc.
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19
chungarisk
 
2014_Risk culture series_Risk culture
2014_Risk culture series_Risk culture2014_Risk culture series_Risk culture
2014_Risk culture series_Risk culture
Neal Writer
 
Risk Culture Maturity Monitor Brochure
Risk Culture Maturity Monitor BrochureRisk Culture Maturity Monitor Brochure
Risk Culture Maturity Monitor Brochure
chungarisk
 
Risk Culture, Risk What?
Risk Culture, Risk What?Risk Culture, Risk What?
Risk Culture, Risk What?
Ian Rich
 
Risk Culture – Under the microscope
Risk Culture – Under the microscopeRisk Culture – Under the microscope
Risk Culture – Under the microscope
TPP Recruitment
 
Julia graham@bdm2014
Julia graham@bdm2014Julia graham@bdm2014
Julia graham@bdm2014
bdm2014
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
Ian-Edward Stafrace
 
Risk Management Enterprise and A Case Study on Starbucks
Risk Management Enterprise and A Case Study on StarbucksRisk Management Enterprise and A Case Study on Starbucks
Risk Management Enterprise and A Case Study on Starbucks
Karen Ning
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
Alexei Sidorenko, CRMP
 
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
ThistlePraxis Consulting Limited
 
2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation
FERMA
 
Risk Culture & Risk Appetite
Risk Culture & Risk AppetiteRisk Culture & Risk Appetite
Risk Culture & Risk Appetite
László Árvai
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
PECB
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conference
FERMA
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3
Chris Mandel, RF, ARM-E
 
Holistic risk management
Holistic risk managementHolistic risk management
Holistic risk management
The Economist Media Businesses
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Resolver Inc.
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
Hassan Zaitoun
 
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
Marc Ronez
 
ABC of risk culture. Dr David Hillson
ABC of risk culture. Dr David HillsonABC of risk culture. Dr David Hillson
ABC of risk culture. Dr David Hillson
Association for Project Management
 
Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryManaging Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
FindWhitePapers
 
Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012
Kym Jaeger
 
Culture examples
Culture examplesCulture examples
Culture examples
gurpreetsaini13
 
Paradiso Galaxy SaaS Applications Suite
Paradiso Galaxy SaaS Applications SuiteParadiso Galaxy SaaS Applications Suite
Paradiso Galaxy SaaS Applications Suite
Paradiso LMS
 

Weitere ähnliche Inhalte

Was ist angesagt?

Julia graham@bdm2014
Julia graham@bdm2014Julia graham@bdm2014
Julia graham@bdm2014
bdm2014
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
PECB
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Resolver Inc.
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
Hassan Zaitoun
 

Was ist angesagt? (19)

Risk Culture Maturity Monitor Brochure
Risk Culture Maturity Monitor BrochureRisk Culture Maturity Monitor Brochure
Risk Culture Maturity Monitor Brochure
 
Risk Culture, Risk What?
Risk Culture, Risk What?Risk Culture, Risk What?
Risk Culture, Risk What?
 
Risk Culture – Under the microscope
Risk Culture – Under the microscopeRisk Culture – Under the microscope
Risk Culture – Under the microscope
 
Julia graham@bdm2014
Julia graham@bdm2014Julia graham@bdm2014
Julia graham@bdm2014
 
Risk Culture
Risk CultureRisk Culture
Risk Culture
 
Risk Management Enterprise and A Case Study on Starbucks
Risk Management Enterprise and A Case Study on StarbucksRisk Management Enterprise and A Case Study on Starbucks
Risk Management Enterprise and A Case Study on Starbucks
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
 
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
Tackling the Corporate Governance Debacle & Institutionalising BUsiness Ethic...
 
2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation2014.03.20 BDM Transport Insurance Seminar presentation
2014.03.20 BDM Transport Insurance Seminar presentation
 
Risk Culture & Risk Appetite
Risk Culture & Risk AppetiteRisk Culture & Risk Appetite
Risk Culture & Risk Appetite
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conference
 
DRIDeckFinalMar3
DRIDeckFinalMar3DRIDeckFinalMar3
DRIDeckFinalMar3
 
Holistic risk management
Holistic risk managementHolistic risk management
Holistic risk management
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
 
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
CFO Asia Exchange Singapore 2015 Refocusing your ERM strategy and practices -...
 
ABC of risk culture. Dr David Hillson
ABC of risk culture. Dr David HillsonABC of risk culture. Dr David Hillson
ABC of risk culture. Dr David Hillson
 
Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate RecoveryManaging Risk in Perilous Times- Practical Steps to Accelerate Recovery
Managing Risk in Perilous Times- Practical Steps to Accelerate Recovery
 

Andere mochten auch

Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012
Kym Jaeger
 
Enterprise Risk Management: Culture, Vision, Performance
Enterprise Risk Management: Culture, Vision, PerformanceEnterprise Risk Management: Culture, Vision, Performance
Enterprise Risk Management: Culture, Vision, Performance
Guidon Performance Solutions
 
Enterprise Risk Management Framework
Enterprise Risk Management FrameworkEnterprise Risk Management Framework
Enterprise Risk Management Framework
Nigel Tebbutt
 
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIGIncreased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
FERMA
 

Andere mochten auch (10)

Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012Risk culture a5_web15_oct_2012
Risk culture a5_web15_oct_2012
 
Culture examples
Culture examplesCulture examples
Culture examples
 
Paradiso Galaxy SaaS Applications Suite
Paradiso Galaxy SaaS Applications SuiteParadiso Galaxy SaaS Applications Suite
Paradiso Galaxy SaaS Applications Suite
 
Enterprise Risk Management: Culture, Vision, Performance
Enterprise Risk Management: Culture, Vision, PerformanceEnterprise Risk Management: Culture, Vision, Performance
Enterprise Risk Management: Culture, Vision, Performance
 
Asset Mgmt Private Equity & Hedge Funds
Asset Mgmt Private Equity & Hedge Funds Asset Mgmt Private Equity & Hedge Funds
Asset Mgmt Private Equity & Hedge Funds
 
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ InovastraEnterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
 
Fraud Risk
Fraud RiskFraud Risk
Fraud Risk
 
Enterprise Risk Management Framework
Enterprise Risk Management FrameworkEnterprise Risk Management Framework
Enterprise Risk Management Framework
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIGIncreased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG
 

Ähnlich wie Leadership and Risk Management report

Deloitte es grc_sostenibilidad-reputation-survey
Deloitte es grc_sostenibilidad-reputation-surveyDeloitte es grc_sostenibilidad-reputation-survey
Deloitte es grc_sostenibilidad-reputation-survey
Bluemap Consulting Group
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
Andrew Smart
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Tim Leech
 

Ähnlich wie Leadership and Risk Management report (20)

FERMA Press Release "Risk Leadership Survey release"
FERMA Press Release "Risk Leadership Survey release"FERMA Press Release "Risk Leadership Survey release"
FERMA Press Release "Risk Leadership Survey release"
 
Ferma European Risk Manager Report 2018
Ferma European Risk Manager Report 2018Ferma European Risk Manager Report 2018
Ferma European Risk Manager Report 2018
 
FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016FERMA European Risk and Insurance Report (ERIR) 2016
FERMA European Risk and Insurance Report (ERIR) 2016
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
 
View from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risksView from the top. A board-level perspective of current business risks
View from the top. A board-level perspective of current business risks
 
Dtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth EditionDtt Fsi Global Risk Management Survey Fifth Edition
Dtt Fsi Global Risk Management Survey Fifth Edition
 
Emergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer functionEmergence of the Chief Risk Officer function
Emergence of the Chief Risk Officer function
 
FERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium ConferenceFERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium Conference
 
Executive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management WebinarExecutive Summary on Leadership in Risk Management Webinar
Executive Summary on Leadership in Risk Management Webinar
 
Deloitte es grc_sostenibilidad-reputation-survey
Deloitte es grc_sostenibilidad-reputation-surveyDeloitte es grc_sostenibilidad-reputation-survey
Deloitte es grc_sostenibilidad-reputation-survey
 
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
European Risk and Insurance Report: Executive Summary of the FERMA Risk Manag...
 
Strategically+Speaking+October+2015
Strategically+Speaking+October+2015Strategically+Speaking+October+2015
Strategically+Speaking+October+2015
 
FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agenda
 
The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights The risk executive agenda -- A compendium of Deloitte insights
The risk executive agenda -- A compendium of Deloitte insights
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
FERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA European Risk Management Benchmarking Survey 2012 – Brochure
FERMA European Risk Management Benchmarking Survey 2012 – Brochure
 
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
 
1. Fraud risk asessment (rev).pptx
1. Fraud risk asessment (rev).pptx1. Fraud risk asessment (rev).pptx
1. Fraud risk asessment (rev).pptx
 
How to Hire a Great CRO
How to Hire a Great CROHow to Hire a Great CRO
How to Hire a Great CRO
 

Mehr von FERMA

Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
FERMA
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
FERMA
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
FERMA
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
FERMA
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
FERMA
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
FERMA
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA
 

Mehr von FERMA (20)

The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilience
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland Water
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
 
Ferma PwC European Risk Manager Report_ full set results 2018
Ferma PwC European Risk Manager Report_ full set results 2018Ferma PwC European Risk Manager Report_ full set results 2018
Ferma PwC European Risk Manager Report_ full set results 2018
 

Kürzlich hochgeladen

Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 

Kürzlich hochgeladen (20)

Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

Leadership and Risk Management report

  • 1. A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Leadership in Risk Management Sponsored by
  • 2. ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider with a global network of subsidiaries and offices in Europe, North America, Latin America, Asia-Pacific, the Middle East, and other markets. It offers a wide range of general insurance and life insurance products and services for individuals, small businesses, mid-sized and large companies, and multinational corporations. Zurich employs about 60,000 people serving customers in more than 170 countries. Founded in 1872, the group is headquartered in Zurich, Switzerland. LEARN MORE: www.zurichcorporateforum.com ABOUT FERMA The Federation of European Risk Management Associations (FERMA) brings together 22 national risk management associations in 20 European countries. FERMA has 4,500 individual members representing a wide range of business sectors, from major industrial and commercial companies to financial institutions and local government bodies. These members play a crucial role for their organizations with respect to the management and treatment of complex risks and insurance issues. ABOUT PRIMO The Public Risk Management Organisation (PRIMO) was established with the aim of advancing the knowledge about and use of risk management within the local governmental sector and the public sector at large in Europe. To achieve this purpose PRIMO Europe will provide a comprehensive Web library with risk management information, newsletters, education, and conferences. PRIMO’s long-term aim is to establish risk management as a natural and integral part of good public governance. It comprises a pan-European umbrella organization of independent PRIMO national chapters and other organizations within the public sector from sixteen European countries, covering 16,000 managers.
  • 3. Leadership in Risk Management Executive Summary THE C-SUITE IS taking a stronger role in leading the risk management effort at major primarily European companies, underscoring the higher priority risk has assumed in the wake of several years of financial SURVEY HIIGHLIGHTS and economic turmoil. Congruently, companies are underscoring the need for strong board involvement to facilitate decision-making regarding strategic and enterprise-wide risks and to encourage acceptance of a culture of risk management further down in the organization. Companies are struggling, however, to create a wider role for the risk function as a participant in strategic planning and transformational initiatives. And European executives express concern about the robustness of their risk management processes and channels of communication. Vast changes in how business is done, sparked by the technology revolution and globalization, are meanwhile raising concerns about company and brand risk. These and other challenges are prompting companies to devote more resources to defining their risk appetite and to tracking, measuring, and analyzing 48% of companies said their chief risk officer plays a role in communicating an affirmative risk culture. risk through such tools as “heat maps,” key risk indicator scorecards, scenario analysis, and loss forecasting. The challenge, however, some executives said, is still to make sure that risk is “owned” at appropriate levels of the organization and that risks are communicated efficiently, such that top management and the board can make timely, fact-based decisions about how to address them. According to a recent Harvard Business Review Analytic Services survey of European companies, sponsored by Zurich, the Federation of European Risk Management Associations (FERMA), and the Public Risk Management Organisation (PRIMO): ■■C-suite supervision of risk management is intensifying. The survey indicates that, at 35% of organiza- tions, either a CRO or a risk manager has direct responsibility for risk management. At 27%, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%. ■■The majority of companies have education and review processes in place that keep the board and the 20% of respondents’ organizations describe the risk function as a tool for making more effective strategic decisions and investments. C-suite informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organizations. ■■Only 17% of respondents described communication between the C-suite and the CRO as being com- prehensive or nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee—despite the crucial role the risk committee plays in making sure risk data are discussed thoroughly and passed on to the board. ■■Companies aspire to forge closer links between risk management and strategic planning. Roughly half said their risk management process is closely or very closely aligned with their overall strategy and budget. ■■Companies are making less progress at bringing the risk function’s resources to bear on transformative business projects such as mergers, however. Only 20% described the risk function as a tool for making 40% of companies have yet to set up a broad-based cross-functional risk committee. more effective strategic decisions and investments. ■■Companies have been slow to adopt risk-based incentives as part of compensation. Only 12% said they align risk management with executive pay. LEADERSHIP IN RISK MANAGEMENT | 1
  • 4. ■■Brand and reputation risk are also rising concerns, cited by nearly two-thirds of companies as an area requiring top management-level attention. ■■Some executives and other experts single out lack of risk management talent as an important area of risk, particularly when the company is entering a new geographic or product market. ■■Processes to define risk appetite are now in place at nearly half of companies. Systemic risk manage- ment tools and analytics that enable them to track and analyze risk, and can then inform risk committee discussions, are in more common use. Introduction: Leadership at the Top Levels Buffeted by global competition, the shocks of the 2007-08 financial crash, and its recession-wracked aftermath, European companies are prioritizing risk management as never before. Increasingly, top management and the board are setting direction and taking tighter control of risk management, integrating with overall company strategy, and inculcating it deeper into the corporate culture. At the same time, they are intensifying their focus on such areas as reputation and IT risk and are acquiring new tools for forecasting and mitigating threats. Reflecting this new prioritization of risk, executives at major companies and leading thinkers on risk management emphasize the board’s and the C-suite’s pivotal role in providing continued leadership and direction. “It’s important that the C-suite be talking as much about risk management as it does about profit, growth, and customers because they are interdependent. The point is that you can’t optimize profit if you do not manage—leverage or mitigate—exposures as appropriate,” said Linda Conrad, Director of Strategic Business Risk at Zurich, at a May 2013 Harvard Business Review webinar. Figure 1 Responsibility for Risk Management QUESTION: WITHIN YOUR ORGANIZATION, WHO HAS DIRECT RESPONSIBILITY FOR RISK MANAGEMENT? 18% Risk manager 17% Chief risk officer CFO/treasurer 14% The board 14% 13% CEO 7% Leadership of individual business units Internal auditor 2% General counsel 2% Compliance officer Other Total exceeds 100% due to rounding. 2 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT 1% 14% 75%
  • 5. Three-quarters (75%) of respondents cited the risk function as a channel through which the C-suite gathers information, intelligence, and advice on risk. A recent survey by Harvard Business Review Analytic Services found that direct supervision of risk management is becoming concentrated at the top levels of organizations—either with a chief risk officer (CRO) or in the C-suite or by the board itself. At 35% of organizations, either a CRO or a risk manager has direct responsibility for risk management. At 27% of organizations, either the CEO or the CFO/treasurer has direct responsibility, while the board itself is responsible at 14%. Figure 1 Conrad outlined a three-step process, emphasizing the role of top-level executives, that Zurich uses to advise on risk management: ■■Securing an executive sponsor—possibly the CEO—together with “ongoing monitoring” by the board. ■■Defining the scope of risk management and the organization’s risk appetite, prioritizing risks, and communicating these “down into the organization.” ■■“Assessing and reassessing” the company’s risk profile, prioritizing the biggest risks, and identifying triggers that prompt measures to manage risks and assign accountability. To make a structure like Zurich’s work, European companies are particularly emphasizing strong board engagement. “You need the support of the board. If you don’t have the support of the board, it will not work,” said Johan Willaert, Corporate Risk Manager at Agfa-Gevaert NV. The majority of companies in the survey have education and review processes in place that keep the board and the C-suite regularly informed about their risk exposures. Key risks are communicated to the C-suite regularly at 70% of organizations. At more than half (59%) of organizations, the board reviews risk management policies and procedures annually, and at almost three out of four (72%), it reviews top risk exposures and treatment actions at least biannually. More than half (56%) of organizations have increased the resources they devote to risk-related education and training over the past three years, at least for the CRO level and higher. Communication Makes Process Work Making these processes work requires the risk function to serve as a conduit for information flowing between the board, the C-suite, and the rest of the organization. Almost half (48%) of survey respondents said the chief risk officer plays a role in communicating an affirmative “risk culture”—more even than the board (44%) or the C-suite (34%). Three-quarters (75%) of respondents cited the risk function as a channel through which the C-suite gathers information, intelligence, and advice on risk—more than any other. Figure 2 Process does not always translate into embedded knowledge and awareness, however. Only 17% of survey respondents described communication between the C-suite and the CRO as being comprehensive or nearly so. And 40% said their organization has not yet set up a broad-based, cross-functional risk committee. This, Willaert said, despite the crucial role that the risk committee—which must be independent and derive its authority from the board to be effective—plays a role in making sure all relevant levels of management discuss the company’s risk profile thoroughly and pass on information that enables the board to make fact-based decisions. LEADERSHIP IN RISK MANAGEMENT | 3
  • 6. Figure 2 Involvement in Communicating an Affirmative Risk Culture QUESTION: WITHIN YOUR ORGANIZATION, WHO IS INVOLVED IN DEVELOPING AND COMMUNICATING AN AFFIRMATIVE “RISK CULTURE”? 48% Chief risk officer 44% Board 34% C-suite 26% Other No person or group is proactively promoting a positive risk culture 6% 75% Sometimes the process itself breaks down. “As an academic, it often surprises me that, even today, board members and CEOs are not on the same page and are not having that conversation” about risk as an element of corporate strategy, said Paul Walker, Zurich Chair in Enterprise Risk Management at St. John’s University. Sometimes the information that board members receive is less than the unadorned truth. “Last year, I was speaking on this subject,” he said, “and someone at a very large organization came up to me and said, ‘We clean it up before it gets to the board—we cleanse it, we sanitize it, we delete things.’” The good news, Walker said, is that board members themselves are asking questions. “Board members have said to me, ‘We’ve got to get better in doing that,’” said Walker. “Some of the complaints I get from boards are that they don’t get strategy risk information on a timely basis. So they can’t really help the executive team make the right decision, because they feel rushed in some of these situations. Or they see ERM leaders who talk about ERM, but they don’t seem to think broadly enough and they don’t do deep dives, and they don’t connect the dots. Or I’ve heard board members say to me, ‘You say you’re doing ERM, but from our perspective, it looks a lot like silo risk management.’ So they want organizations to try to connect the dots a little bit more, because there’s a lot of value in doing that.” Giving Risk Management a Role in Strategic Planning While many companies still need to get better at communicating about risk and reporting to the board, risk management is assuming a broader and more strategic role at some. Almost two-thirds of survey respondents (63%) said they are concerned or extremely concerned about strategic risks—the threat that some element of their business strategy may be creating new threats. For some organizations, this translates into closer collaboration between the risk function and strategic planning. Just over half (52%) of respondents said their organization’s risk management process is closely or very closely aligned with its overall strategy and budget. More than one in four (27%) said that risk management should help the company leverage upside growth opportunities along with mitigating downside exposures. And 41% said the risk function has a seat during strategy setting, project launches, investment, and other business decisions, while 42% said it has a seat occasionally. That still leaves the bulk of companies yet to be convinced that risk management has a place in strategic planning. “We are still not at that point, but we have progressed,” said Willaert. The CRO plays the pivotal role 4 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
  • 7. in making the case, said Conrad: “You have to have a vocal CRO to let senior management know that there are tools and techniques used in traditional and enterprise risk management that can benefit the strategic decision-making process.” Several survey respondents said that the risk function takes part regularly in strategy review meetings. Several also said that the risk manager or CRO is brought in whenever a major business investment is considered, including to perform an impact analysis or assessment. Yet only 20% described the risk function as a tool for making more effective strategic decisions and investments, and only 17% described it as a business tool to help drive profitability by facilitating achievement of objectives. Figure 3 To bring a more active role to the risk function, the CRO must dispel a common image as “a person who says no to ideas,” said Walker, and must demonstrate the value of the metrics and other tools at their disposal, often to skeptical officials. Walker cited a recent conversation with a chief strategy officer whose “biggest criticism of ERM was, ‘I need something that’s actionable. You tell me what the risk is, but how do I act upon that?’ So we’ve got to be ready for those difficult questions and have the solutions as well.” Top-level support is crucial, Walker said. The CRO must have “some credibility and some respect and trust from the C-suite and from the board.” It’s also important “to really understand the business model and how the company creates value, makes money, or, if it’s a nonprofit, how it achieves its nonprofit objectives.” The CRO is often “not just someone who’s done ERM his or her whole life,” adds Conrad. “It’s someone who’s been in the business as well and who knows what’s required to be successful.” Creating a Risk Management Culture Creating an internal culture that promotes risk management can be equally challenging. One gauge of progress, said Willaert, is whether successful risk management is regarded within the company merely as a nonnegative, or as “a positive thing, an added value.” Communication is key, he said, and needs to be encouraged in three directions: top-down, bottom-up, and from the audit committee to the board. Figure 3 Corporate Culture’s View on Risk Management QUESTION: WHICH OF THE FOLLOWING BEST DESCRIBES YOUR CORPORATE CULTURE’S VIEW ON RISK MANAGEMENT? 58% A process to proactively encourage risk identification, control, and strategic response Enterprise risk management (ERM) 40% Corporate governance 39% Mitigating downside exposures and leveraging upside growth opportunities A tool for making more effective strategic decisions and investments 27% 20% The audit function 17% A business tool to help drive profitability by facilitating achievement of objectives 17% A matter to be addressed by purchasing insurance 17% LEADERSHIP IN RISK MANAGEMENT | 5
  • 8. Only 12% of respondents said their organization aligns risk management with executive pay. “The top-down part communicates the company’s goals and tools—how we will do it, why we do it—so that everybody knows not only that risk management is supported by the board but also that it is an added value for the group,” said Willaert. Bottom-up communication encourages business and functional leaders to “own” risk, understanding that if they raise an issue within their purview, their action will be seen “not as a reason to blame them but rather as an effort to improve and protect the balance sheet of the company.” The third circuit ensures that risks detected by the audit committee are brought to the board for discussion and possible action. Communication and reporting standards emerged as a significant focus of concern in the survey. More than one-third of respondents expressed concern that proactive communication, potentially preventing or lessening the impact of a crisis, does not take place in a timely manner during daily operations. More than one in four (27%) expressed concern about the impact of both overrides and work-arounds to existing risk management policies and procedures and of a “good news culture” that prevents management from receiving and absorbing counterintuitive, non-consensus information or views on risk (29%). If the process of communication, monitoring, and reporting of risk at every level is the “stick” of risk culture, the “carrot,” Conrad said, is incentives—“tying risk to hitting your targets for that year. There’s obviously a motivation for each person who likes to keep getting a paycheck or a bonus.” Organizations have been slow to adopt risk-based incentives as part of compensation. Only 12% of respondents said their organization aligns risk management with executive pay. Of those that do, some said their company had established compensation assessment periods sufficiently long to ensure that sustainable shareholder value is being created, while others said their organization adds clawback provisions to bonuses in case of underperformance. Incentives work best when the organization can attract and retain staff with risk management capabilities. However, risk accountability is everyone’s responsibility, so it’s essential to provide risk training across business and functional areas, Conrad said. That hands a strong role to human resources. “HR sometimes is one of the biggest risks,” said Walker. “One of the things I hear from boards, after we identify our risks—especially the big ones—is, ‘Do we have the talent in place to help manage that risk?’ If they are going into a new country or a new product, or competing in an area where they haven’t competed before, do they have the right executive-level talent to manage that risk? And that’s, I think, a critical question going forward.” “We also have a lot of awareness activities that are driven by HR. One week will be business continuity management, or internal audit week. And so this awareness keeps risk front and foremost on people’s minds, whether through communication or learning development.” HR can also play a part in communicating and educating about risk. “Often,” said Conrad, “the learning development function is in HR. For example, at Zurich we make available different courses about risk on our intranet.” Focusing on Reputation and IT Risk “Risk to the corporate or brand reputation is likely to become a larger concern for companies—a concern that will have to be addressed directly by senior management,” Conrad said. “Trust in CEOs is at record 6 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
  • 9. low levels,” she noted. “Pursuing an enterprise-wide risk management agenda is one way that top executives can counteract this image problem,” she argued—“being careful to lead risk management all the way down, from their level into the ranks of the company.” “Top management also needs to take a direct hand in controlling major enterprise exposure such as the closely related area of IT risk,” Conrad said. “Today, you know that every person in the organization has, potentially, a laptop or access to the Internet,” she noted. “So every employee needs to be made aware that he or she has a role to play in managing risk that could impact the company’s overall reputation. Obviously, this is exacerbated by media coverage and social media. Leadership has a role in driving that accountability and that understanding that each person has a role to play. Hopefully, that minimizes work-arounds by people avoiding risk management—because it’s seen as a positive contribution to the company’s profits.” Indeed, survey responses suggest strongly that brand, reputation, and related risks are becoming more significant concerns. A full 42% of respondents cited brand/reputation risk as an area of concern, while slightly less than half (44%) mentioned IT/data privacy and technology (40%), underscoring organizations’ concerns about their exposure both to cyber risks and to potentially damaging communication on the Internet and social media. Figure 4 Figure 4 Level of Concern Over Areas of Risk QUESTION: PLEASE RATE YOUR LEVEL OF CONCERN ABOUT EACH OF THE FOLLOWING AREAS OF RISK. Percentage indicating some level of concern by rating 7, 8, 9 or 10, where 10=extremely concerned 63% Strategic 55% Financial IT/data privacy 44% Legal and regulatory compliance 44% Brand/reputation 42% Market/competitive 42% Technology 41% 37% Systemic 35% Political/geopolitical 33% Workforce Natural disasters Terrorism/violence 20% 10% LEADERSHIP IN RISK MANAGEMENT | 7
  • 10. Forecasting and Mitigating Risk “One of the advantages of creating a risk committee,” said Willaert, is that “it’s much easier to have extended discussions in respect to risk appetite, risk tolerance. Then you can come with a proposal to the board, and it’s much easier to make decisions on the basis of the complete facts.” At nearly half (47%) of companies, the C-suite has developed a process for determining the organization’s risk appetite, and, of these, over half (59%) say this is clearly communicated to all levels of the organization. Systemic risk management tools and analytics that enable companies to track and analyze risk and then inform risk committee discussions are becoming more commonplace. More than half (56%) of survey respondents said their organization has increased its use of analytics for risk management in the past three years. Among the tools most often cited are risk “heat maps” (41%), key risk indicator scorecards (36%), maps to identify risks inherent in the organization’s strategy (30%), scenario analysis and war-gaming (25%), loss forecasting (25%), and loss simulation (24%). At Zurich, for example, a heat map is created each month, circulated to the business and functional owners of risk, and then reported up to senior management once a month and to the board once a quarter. But while “models should drive decision-making, they should not make up our minds for us,” Conrad cautioned, “so we use these tools to inform our decisions rather than to actually draw a line in the sand.” Walker, too, warned against overreliance on data tools. “A common mistake I see is that people generate a risk map or a risk profile or a risk register, and then they go back and categorize certain things as strategic risks as opposed to financial or IT risks. That doesn’t really mean that you’ve identified strategic risk. Labeling some of the risk you’ve identified as strategic is not the same as doing serious strategic risk identification.” What’s most important, said Conrad, is that appropriate metrics are set at the appropriate level of the organization: “KPIs are set depending on what objective we’re trying to meet. They may be set by the executive level if they’re longer term, or they may be set at the individual business or product level. Each group will have different types of KPIs, depending on what they’re measuring. This is where you start to dig a little bit deeper in assigning those key risk indicators that can drive your success or failure.” ZURICH CASE STUDY Over the past five years, Zurich’s operational risk capital efficiency has improved through a strengthening of its ERM process, which includes the introduction of an operational risk management framework. This framework provides Zurich with risk management tools to specifically identify, assess, manage, and quantify operational risks. Through this framework and the wider ERM process, Zurich increases its ability to achieve efficiency and effectiveness gains. This allows Zurich to better focus on optimizing company resources and in turn decide what opportunities to fund. For example, one business unit experienced a reduction of 21.7% in operational risk-based capital consumption when Zurich moved from an asset-based approach to its current, risk-based approach for operational risk quantification. The business unit management then identified areas of high-risk exposure, performed a deeper assessment, and developed measures to mitigate the exposures. As a result, in the following year the unit experienced an additional reduction of 28.9% in operational risk capital consumption. The operational risk capital not consumed was then available to fund profitable growth for Zurich. 8 | A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT
  • 11. WHO PARTICIPATED IN THE SURVEY All but three of the 217 respondents to the survey (98%) work for organizations based in Europe. Over half—53%—of respondents said they are involved in decision-making regarding risk management for their organization, while another 22% are responsible for making decisions regarding the entire range of risk management within their organization. Sixty percent of respondents are either CROs or risk managers—by far the largest category in the survey. Twelve percent are top corporate officials: board members, owners/partners, CEOs or other chief executives, CFOs, treasurers, and comptrollers. Seventy percent work for companies employing 1,000 or more people, and 34% work for companies employing more than 10,000 people.
  • 12. FOR MORE INFORMATION ON HARVARD BUSINESS REVIEW ANALYTIC SERVICES: hbr.org/hbr-analytic-services