SlideShare ist ein Scribd-Unternehmen logo

ERM overview

H
Hisham Haridy MBA, PMP®, RMP®, SP®

Enterprise Risk Management Overview

Leadership & Management
1 von 47
Downloaden Sie, um offline zu lesen
EENTERPRISENTERPRISE RRISKISK MMANAGEMENTANAGEMENT December 2017 Hisham Haridy, MBA, PMP, PMI-RMP, PMI-SP
Content Introduction Conceptual Roots What’s Enterprise Risk Management? Risk Risk Management ERM Implementation References ENTERPRISE RISK MANAGEMENT 1
Introduction Traditional risk management formally developed as a field in the 1960s and focused on “pure” risks - Loss/no loss situation – that often could be insured and developed from insurance purchasing area.area. Foreign exchange risk from Bretton Woods agreement in 1972, Commodity price risk from oil price fluctuations of the 1970s, Equity risk from development of option markets in1973, and Interest rate risk from Federal Reserve Board policy shift in 1979 were the new elements of Risk in 1970s. ENTERPRISE RISK MANAGEMENT 2
In 1980s, new risk management was developed to deal with the financial risk (Foreign exchange risk, Interest rate risk, Equity risk, and Commodity price risk), In 1990s, Enterprise Risk Management was developed to initial INTRODUCTIONINTRODUCTION focus on avoiding derivative disasters and developing into optimizing firm value. Enterprise Risk Management (ERM) proposes that firms address all their risks comprehensively and coherently, instead of managing them individually. ENTERPRISE RISK MANAGEMENT 3
Kloman's (1976), “The Risk Management Revolution” many practitioners have advocated a coordinated approach to risk management. Crockford (1980), argued for multidisciplinary risk management Conceptual Roots Crockford (1980), argued for multidisciplinary risk management rather than risk management siloed and “fragmented among a number of sects.” Bannister and Bawcutt (1981), proposed that risk management requires multiple disciplines working together to manage “future uncertainty.” ENTERPRISE RISK MANAGEMENT 4
Titman (1986) discussed the “benefits to integrating risk management activities in a single framework”. Haimes (1992) called for “the evolution toward a more holistic approach,” which Haimes terms, “total risk management.” Kloman (1992), described concepts coming out of Europe from the CONCEPTUAL ROOTSCONCEPTUAL ROOTS Kloman (1992), described concepts coming out of Europe from the mid 70s to the early 80s that we now associate with ERM. Holton (1996), The term Enterprise Risk Management appears. Stulz (1996), proposed that academic theory expand beyond the traditional risk management (TRM) goal of “variance minimization” with its focus on the downside of risk. ENTERPRISE RISK MANAGEMENT 5
Colquitt et al., 1999 called for “integrated risk management,” the first academic papers using the term “Enterprise Risk Management” appeared in 2001. Dickinson (2001) stated that ERM emerged as a corporate concept in the mid-1990s, and defined ERM as a “systematic and integrated CONCEPTUAL ROOTSCONCEPTUAL ROOTS approach of the management of the total risks a company faces.” Brogan (2001) offered one of the first definitions of ERM: “The process by which organizations in all industries assess, control, exploit, finance and monitor risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders”. ENTERPRISE RISK MANAGEMENT 6
Enterprise Risk Management is the process of 1- identifying major risks that confront an organization, 2- forecasting the significance of those risks in business processes, 3-addressing the risks in a systematic What’s ERM? and coordinated plan, 4-implementing the plan, and 5-holding key individuals responsible for managing critical risks within the scope of their responsibilities. ENTERPRISE RISK MANAGEMENT 7 ““ERM provides a framework forERM provides a framework for Risk ManagementRisk Management””
ERM is a strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio, Risk and Insurance Management Society (RIMS) (2011) WHAT’S ERM?WHAT’S ERM? ENTERPRISE RISK MANAGEMENT 8 Governance Risk and Compliance (GRC) Enterprise Risk Management (ERM) Embraces compliance as a separate activity for each business silo. Is concerned with delivering measurable business value by tying front line operational activities to goals across all business units.
Strategic Achieving Organizational objectives “Focus on results” ERM DEFINATION LEVELSERM DEFINATION LEVELS ENTERPRISE RISK MANAGEMENT 9 Functional Activities that reduce risk and seize opportunities. Process Actions undertaken by managers to manage risk
ERM “COMMON RISK ALLOCATION”ERM “COMMON RISK ALLOCATION” Hazard risk Financial risk ENTERPRISE RISK MANAGEMENT 10 Operational risk Strategic risk ERM “Common Risk Allocation”
1. The possibility of suffering harm or loss (American Heritage Dictionary, Houghton Mifflin Co.) RISK ENTERPRISE RISK MANAGEMENT 11 2. Uncertainty of an event which if occurred would result in a negative or positive effect on the project (Project Management Institute).
Uncertainty is a lack of knowledge about an event that reduces confidence in conclusions drawn from the data. The investigation of uncertainties may help identify RISKs. Under certainty, the outcome can be predicted with a high degree UNCERTAINTYUNCERTAINTY Under certainty, the outcome can be predicted with a high degree of confidence. In reality, most decisions are taken without complete information, and therefore give rise to some degree of uncertainty in the outcome. ENTERPRISE RISK MANAGEMENT 12
RISK ATTITUDERISK ATTITUDE Organizations perceive risk as the effect of uncertainty on projects and organizational objectives. Organizations and stakeholders are willing to accept varying degrees of risk depending on their risk attitude. The risk attitudes of both the organization and the stakeholders mayThe risk attitudes of both the organization and the stakeholders may be influenced by a number of factors, which are broadly classified into three themes: 1. Risk appetite 2. Risk tolerance 3. Risk threshold ENTERPRISE RISK MANAGEMENT 13
RISK APPETITERISK APPETITE Risk appetite is about the pursuit of risk. Organizations have to take some risks and they have to avoid others. Risk appetite is delegated downward (from strategic level) to through the organization using various means such as policies,through the organization using various means such as policies, procedures, training, and supervision. The organization’s risk exposure Risks an organization’s to engage ENTERPRISE RISK MANAGEMENT 14
RISK TOLERANCERISK TOLERANCE Tolerances are the areas of risk that are acceptable or unacceptable OR which is the degree, amount, or volume of risk that an organization or individual will WITHSTAND. Three common classifications used for describing risk tolerance or risk profile are the risk averse (or avoider), risk neutral (orrisk profile are the risk averse (or avoider), risk neutral (or tolerant), or risk seeker (or taker). The organization’s risk exposure Risk an organization could potentially tolerate ENTERPRISE RISK MANAGEMENT 15
RISK THRESHOLDRISK THRESHOLD Refers to measures along the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. A threshold is the point at which a risk becomes unacceptable. Below that risk threshold,Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will NOT tolerate the risk ENTERPRISE RISK MANAGEMENT 16
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact Risk Management ENTERPRISE RISK MANAGEMENT 17 resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities The effect of uncertainty on objectives, defined in ISO31000 Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals.
•Identify the threats/opportunit ies and analyze them to determine potential impact to outcomes and determine appropriate treatment priorities. •Identify the key elements of the risk management Plan Asses RISK MANAGEMENT STEPSRISK MANAGEMENT STEPS •Plan and implement the treatment of the identified risks •Monitor the implementation of risk treatment actions, report on status, and adjust actions according to results. treatment priorities. TreatControl ENTERPRISE RISK MANAGEMENT 18
Risk Assessment Establish Goals & Context Identify Risks Monitor/Review Consultation/Communication RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Identify Risks Analyse Risks Evaluate Risks Treat Risks Monitor/Review Consultation/Communication ENTERPRISE RISK MANAGEMENT 19 Based on ISO 31000
1. Risk Assessment Risk identification establishes the exposure of the organization to risk and uncertainty. This requires an intimate knowledge of the organization, the market RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS ENTERPRISE RISK MANAGEMENT 20 in which it operates, the legal, social, political and cultural environment in which it exists, as well as an understanding of strategic and operational objectives. This will include knowledge of the factors critical to success and the threats and opportunities related to the achievement of objectives.
ENVIROMENTAL SCANENVIROMENTAL SCAN Foreign exchange rate Equity Interest rate Commodity price Financial Risks Strategic Risks Political impediments Technological innovation Regulation Regulation ENTERPRISE RISK MANAGEMENT 21 ERM Foreign exchange rate Employee related Liability Property Pure - loss situations Hazard Risks Operation Risks Product recall Management fraud Labor dispute Information technology Customer satisfaction Political impediments
TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES 1) Brainstorming 2) Interviewing ENTERPRISE RISK MANAGEMENT 22 1) Brainstorming 3) Delphi Technique 2) Interviewing 4) Root Cause Analysis 5) Financial Statements 5) Historical Records
InternalInternal TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 23 InternalInternal ExternalExternal
RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Activities within the organization have been evaluated and all the risks flowing from these activities defined. Risk analysis can be used to produce a risk profile that gives a rating of significance to each risk and provides a tool for prioritizing ENTERPRISE RISK MANAGEMENT 24 risk treatment efforts. This ranks the relative importance of each identified risk. The overall objective of perform Qualitative Risk Analysis and Quantitative Risk Analysis processes is to determine which RISKS warrant a treatment.
TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 25 Key Action Risks you should definitely move into the Perform Quantitative analysis Risk Analysis process and/or the Plan Risk Responses process (High Risks) Risks you might decide to move into the Perform Quantitative Risk Analysis process and/or the Plan Risk Responses process (Medium Risks) Risks to simply document (Low Risks) = WATCHLIST Probability and Impact Matrix (PIM)Probability and Impact Matrix (PIM)
TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES 1) Interviewing 2) Expert Judgment ENTERPRISE RISK MANAGEMENT 26 1) Interviewing Expert Judgment 3) Probability Distribution
TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES Sensitivity Analysis “Tornado Diagram & If-What Scenarios” Expected Monetary Value Analysis (EMV) Decision Tree Analysis Modeling & Simulation “Monte Carlo Simulation” Determines which risks have the most potential impact on the project. Multiplying the value of each outcome by the probability of its occurrence. The overall probable Incorporates probabilities of risks and costs or rewards of each logical path. Future events are not Translates how uncertainties specified in a detailed level of the project may affect its objectives. ENTERPRISE RISK MANAGEMENT 27 The overall probable circumstance will be as a result of the events. Future events are not certain its objectives. Derive overall project risk from individual risks. Completion Date Frequency CumulativeProbability 3/11/31 4/5 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 0.02 0.04 0.06 0.08 0.10 0.12 0.14 0.16
RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS 2. Risk Treatment Risk treatment is presented the activity of selecting and implementing appropriate control measures to modify the risk. Risk treatment includes as its major element, risk control (or ENTERPRISE RISK MANAGEMENT 28 mitigation), but extends further to, for example, risk avoidance, risk transfer and risk financing. Any system of risk treatment should provide efficient and effective internal controls.
TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 29
RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Effectiveness of internal control is the degree to which the risk will either be eliminated or reduced by the proposed control measures. The cost effectiveness of internal control relates to the cost of implementing the control compared to the risk reduction benefits ENTERPRISE RISK MANAGEMENT 30 implementing the control compared to the risk reduction benefits achieved. One method of obtaining financial protection against the impact of risks is through risk financing, including insurance.
RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 31
RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 32
RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 33
RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 34
RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 35
RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS 3. Feedback ISO 31000 recognizes the importance of feedback by way of two mechanisms. 1. Monitoring and review ensures that the organization monitors ENTERPRISE RISK MANAGEMENT 36 risk performance and learns from experience. 2. Communication and consultation is presented in ISO 31000 as part of the risk management process, but it may also be considered to be part of the supporting framework.
Integrate with Project Open and Honest Communication Organizational Commitment Risk Effort Scaled to RISK MANAGEMENT SUCCESS FACTORSRISK MANAGEMENT SUCCESS FACTORS Risk Management Success Value Risk Management Project management Scaled to Project Responsibility ENTERPRISE RISK MANAGEMENT 37
ERM Implementation 1- Planning and designing 2- Implementing ENTERPRISE RISK MANAGEMENT 38 2- Implementing and benchmarking 3- Measuring and monitoring 4- Learning and reporting
ERM IMPLEMENTATIONERM IMPLEMENTATION 1. Planning and designing 1- Identify intended benefits of the enterprise risk management initiative and gain Board mandate • Benefits of ERM • Embedding risk management 2- Plan the scope of the ERM initiative and develop common ENTERPRISE RISK MANAGEMENT 39 2- Plan the scope of the ERM initiative and develop common language of risk • Upside of risk • Stakeholder expectations 3- Establish the risk management strategy, framework, and the roles and responsibilities • Risk management policy • Risk architecture
2. Implementing and Benchmarking 4- Adopt suitable risk assessment procedures and an agreed risk classification system • Risk description • Risk classification systems 5- Establish risk significance benchmarks and undertake risk ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 40 5- Establish risk significance benchmarks and undertake risk assessments • Risk assessment techniques • Benchmark tests of significance 6- Determine risk appetite and risk tolerance levels, and evaluate the existing controls • Risk register • Risk appetite
3. Measuring and monitoring 7- Ensure cost-effectiveness of existing controls and introduce improvements • Risk improvement plans • BCP and DRP ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 41 8- Embed risk aware culture and align risk management with other management tasks • Control environment • Risk communications
4. Learning and reporting 9- Monitor and review risk performance indicators to measure ERM contribution • Risk improvement plans • BCP and DRP ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 42 8- Report risk performance in line with legal and other obligations, and monitor improvement • Risk reporting • Legal requirements
Offers Survival A better chance Provide Stability In creating, distributing, financing, and selling products and services Adds Confidence The board and WHY ERM?WHY ERM? ENTERPRISE RISK MANAGEMENT 43 Why ERM? A better chance to identify, mitigate, avoid, and treat risks that could close us down selling products and services The board and CEO are meeting fiduciary, community, social, and ethical responsibilities Build good relationships with regulators
How ERM Can Increase Firm ValueHow ERM Can Increase Firm Value Process can focus on protecting Value, Cash flows, and Earnings but it Cannot protect all three at once. •Reducing taxes. Earning based Strategy •Insuring to prevent assets from declining.Value based •Hedging to maintain internal funding ENTERPRISE RISK MANAGEMENT 44 So decreasing the volatility of future cash flows can decrease the cost of capital. V = Σ FCFt / (1+WACC)t V : Firm value FCF : Free cash flow WACC : Cost of capital •Hedging to maintain internal funding sources. Cash flow based
1. A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 2. Enterprise Risk Management: Review, Critique, and Research Directions, Philip Bromiley, Michael McShane, Anil Nair, Elzotbek Rustambekov, 2014. References 2014. 3. Strategic Risk Management: Improving Your Organization’s Chances for Success, RIMS Conference 2012, Philadelphia. 4. Enterprise Risk Management: Department of Finance, Steve D’Arcy, March 15, 2005. 5. A guide to the Project Management Body of Knowledge (PMBOK Guide), Fifth Edition. ENTERPRISE RISK MANAGEMENT 45
ENTERPRISE RISK MANAGEMENT 46

Empfohlen

Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
PYA, P.C.
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
NehaKamboj10
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
The importance of risk management in business
The importance of risk management in businessThe importance of risk management in business
The importance of risk management in business
r2financial
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 

Empfohlen

Enterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and PerformanceEnterprise Risk Management - Aligning Risk with Strategy and Performance
Enterprise Risk Management - Aligning Risk with Strategy and Performance
Resolver Inc.
 
Enterprise Risk Management
Enterprise Risk Management Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
PYA, P.C.
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
NehaKamboj10
 
Integrating Strategy and Risk Management
Integrating Strategy and Risk ManagementIntegrating Strategy and Risk Management
Integrating Strategy and Risk Management
Andrew Smart
 
ERM-Enterprise Risk Management
ERM-Enterprise Risk ManagementERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
 
The importance of risk management in business
The importance of risk management in businessThe importance of risk management in business
The importance of risk management in business
r2financial
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
alygale
 
Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
Diane Christina
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
Miyelani Shibambo
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
Segun Ogunwale
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
Towers Perrin
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
International Federation of Accountants
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelines
Mohsen Gharakhani
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk management
Kannan Subbiah
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
 
Risk management
Risk managementRisk management
Risk management
baderali2141
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
Nexus Aid
 
Risk management
Risk managementRisk management
Risk management
Harold Malamion
 
Download risk management workshop
Download risk management workshopDownload risk management workshop
Download risk management workshop
Bestoutcome
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
Manoj Jain
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
Sophia Abigayle
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
Dr. Shiv S Tripathi
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 
Introduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewIntroduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330Overview
TatianaMajor22
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOPiTech
 

Weitere ähnliche Inhalte

Was ist angesagt?

operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
Miyelani Shibambo
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 

Was ist angesagt? (20)

Risk Management Essentials for Bankers
Risk Management Essentials for BankersRisk Management Essentials for Bankers
Risk Management Essentials for Bankers
 
Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)Sharing Practice on Enterprise Risk Management (ERM)
Sharing Practice on Enterprise Risk Management (ERM)
 
operations risk management power point presentation.
operations risk management power point presentation.operations risk management power point presentation.
operations risk management power point presentation.
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practiceEnterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk Appetite
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelines
 
Introduction to risk management
Introduction to risk managementIntroduction to risk management
Introduction to risk management
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Risk management
Risk managementRisk management
Risk management
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management Erm
 
Risk management
Risk managementRisk management
Risk management
 
Download risk management workshop
Download risk management workshopDownload risk management workshop
Download risk management workshop
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
 
COSO ERM
COSO ERMCOSO ERM
COSO ERM
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 
Risk identification
Risk identificationRisk identification
Risk identification
 

Ähnlich wie ERM overview

Introduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewIntroduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330Overview
TatianaMajor22
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
Anu Damodaran
 
I need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docxI need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docx
4934bk
 
I need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docxI need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docx
bkbk37
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Business
paperpublications3
 
Real Challenges of Enterprise Risk Management
Real Challenges of Enterprise Risk ManagementReal Challenges of Enterprise Risk Management
Real Challenges of Enterprise Risk Management
Andrew Koh
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
deeptica
 
46753267 20075325-principles-of-risk-management-and-insurance-f
46753267 20075325-principles-of-risk-management-and-insurance-f46753267 20075325-principles-of-risk-management-and-insurance-f
46753267 20075325-principles-of-risk-management-and-insurance-f
Gaba Florian
 

Ähnlich wie ERM overview (20)

Introduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewIntroduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330Overview
 
ToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_enToTCOOP+i O3 o4 unit-9_final_version_en
ToTCOOP+i O3 o4 unit-9_final_version_en
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
Risks and TCoR
Risks and TCoRRisks and TCoR
Risks and TCoR
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
 
I need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docxI need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docx
 
I need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docxI need a response to the discussion in APA format.docx
I need a response to the discussion in APA format.docx
 
Risk management standard 030820
Risk management standard 030820 Risk management standard 030820
Risk management standard 030820
 
Risk Management Essay
Risk Management EssayRisk Management Essay
Risk Management Essay
 
Risk management
Risk managementRisk management
Risk management
 
Risk Management in Business
Risk Management in BusinessRisk Management in Business
Risk Management in Business
 
Erm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & MethodologyErm Presentation Bsw Approach & Methodology
Erm Presentation Bsw Approach & Methodology
 
Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard Integrating Risk into your Balanced Scorecard
Integrating Risk into your Balanced Scorecard
 
Real Challenges of Enterprise Risk Management
Real Challenges of Enterprise Risk ManagementReal Challenges of Enterprise Risk Management
Real Challenges of Enterprise Risk Management
 
Risk Mgt
Risk Mgt Risk Mgt
Risk Mgt
 
Coso Erm(2)
Coso Erm(2)Coso Erm(2)
Coso Erm(2)
 
Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)Risk Management Maturity Model (RMMM)
Risk Management Maturity Model (RMMM)
 
Risk management in finance
Risk management in financeRisk management in finance
Risk management in finance
 
46753267 20075325-principles-of-risk-management-and-insurance-f
46753267 20075325-principles-of-risk-management-and-insurance-f46753267 20075325-principles-of-risk-management-and-insurance-f
46753267 20075325-principles-of-risk-management-and-insurance-f
 

Mehr von Hisham Haridy MBA, PMP®, RMP®, SP®

Mehr von Hisham Haridy MBA, PMP®, RMP®, SP® (20)

Implication of economic conditions in changing project objectives (how to ada...
Implication of economic conditions in changing project objectives (how to ada...Implication of economic conditions in changing project objectives (how to ada...
Implication of economic conditions in changing project objectives (how to ada...
 
Implication of economic conditions in changing project objectives
Implication of economic conditions in changing project objectivesImplication of economic conditions in changing project objectives
Implication of economic conditions in changing project objectives
 
Practical project risk management implementation challenges in saudi arabia
Practical project risk management implementation challenges in saudi arabiaPractical project risk management implementation challenges in saudi arabia
Practical project risk management implementation challenges in saudi arabia
 
2_Project Scope Management
2_Project Scope Management2_Project Scope Management
2_Project Scope Management
 
1_Project Management Foundation
1_Project Management Foundation1_Project Management Foundation
1_Project Management Foundation
 
CCP_SEC6_Economic Analysis Statistics and Probability and Risk
CCP_SEC6_Economic Analysis Statistics and Probability and RiskCCP_SEC6_Economic Analysis Statistics and Probability and Risk
CCP_SEC6_Economic Analysis Statistics and Probability and Risk
 
PMP_Project Integration Management
PMP_Project Integration ManagementPMP_Project Integration Management
PMP_Project Integration Management
 
1_PMI-RMP_Project Risk Management Plan
1_PMI-RMP_Project Risk Management Plan1_PMI-RMP_Project Risk Management Plan
1_PMI-RMP_Project Risk Management Plan
 
CCP_SEC5_ Project Management
CCP_SEC5_ Project ManagementCCP_SEC5_ Project Management
CCP_SEC5_ Project Management
 
CCP_SEC4_Progress and Cost Control
CCP_SEC4_Progress and Cost ControlCCP_SEC4_Progress and Cost Control
CCP_SEC4_Progress and Cost Control
 
CCP_SEC3_Planning and Scheduling
CCP_SEC3_Planning and SchedulingCCP_SEC3_Planning and Scheduling
CCP_SEC3_Planning and Scheduling
 
CCP_SEC2_ Cost Estimating
CCP_SEC2_ Cost EstimatingCCP_SEC2_ Cost Estimating
CCP_SEC2_ Cost Estimating
 
CCP_SEC1_Cost
CCP_SEC1_CostCCP_SEC1_Cost
CCP_SEC1_Cost
 
CCP_introduction
CCP_introductionCCP_introduction
CCP_introduction
 
PMP_Economic Selection Criteria
PMP_Economic Selection CriteriaPMP_Economic Selection Criteria
PMP_Economic Selection Criteria
 
PMP_Professional and Social Responsibility
PMP_Professional and Social ResponsibilityPMP_Professional and Social Responsibility
PMP_Professional and Social Responsibility
 
PMP_Project Stakeholder Management
PMP_Project Stakeholder ManagementPMP_Project Stakeholder Management
PMP_Project Stakeholder Management
 
PMP_Project Procurement Management
PMP_Project Procurement ManagementPMP_Project Procurement Management
PMP_Project Procurement Management
 
PMP_Project Risk Management
PMP_Project Risk ManagementPMP_Project Risk Management
PMP_Project Risk Management
 
PMP_Project Communication Management
PMP_Project Communication ManagementPMP_Project Communication Management
PMP_Project Communication Management
 

Kürzlich hochgeladen

GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
dollysharma2066
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
alinstan901
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
PPMA - Public Sector People Managers' Association
 

Kürzlich hochgeladen (20)

Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024
 
Empowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdfEmpowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdf
 
Continuous Improvement Posters for Learning
Continuous Improvement Posters for LearningContinuous Improvement Posters for Learning
Continuous Improvement Posters for Learning
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Continuous Improvement Infographics for Learning
Continuous Improvement Infographics for LearningContinuous Improvement Infographics for Learning
Continuous Improvement Infographics for Learning
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote SpeakerLeadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Disrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfDisrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdf
 
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg PartnershipUnlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
 
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdfImagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
LoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner CircleLoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner Circle
 
situational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima Ssituational leadership theory by Misba Fathima S
situational leadership theory by Misba Fathima S
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdfImagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 

ERM overview

  • 1. EENTERPRISENTERPRISE RRISKISK MMANAGEMENTANAGEMENT December 2017 Hisham Haridy, MBA, PMP, PMI-RMP, PMI-SP
  • 2. Content Introduction Conceptual Roots What’s Enterprise Risk Management? Risk Risk Management ERM Implementation References ENTERPRISE RISK MANAGEMENT 1
  • 3. Introduction Traditional risk management formally developed as a field in the 1960s and focused on “pure” risks - Loss/no loss situation – that often could be insured and developed from insurance purchasing area.area. Foreign exchange risk from Bretton Woods agreement in 1972, Commodity price risk from oil price fluctuations of the 1970s, Equity risk from development of option markets in1973, and Interest rate risk from Federal Reserve Board policy shift in 1979 were the new elements of Risk in 1970s. ENTERPRISE RISK MANAGEMENT 2
  • 4. In 1980s, new risk management was developed to deal with the financial risk (Foreign exchange risk, Interest rate risk, Equity risk, and Commodity price risk), In 1990s, Enterprise Risk Management was developed to initial INTRODUCTIONINTRODUCTION focus on avoiding derivative disasters and developing into optimizing firm value. Enterprise Risk Management (ERM) proposes that firms address all their risks comprehensively and coherently, instead of managing them individually. ENTERPRISE RISK MANAGEMENT 3
  • 5. Kloman's (1976), “The Risk Management Revolution” many practitioners have advocated a coordinated approach to risk management. Crockford (1980), argued for multidisciplinary risk management Conceptual Roots Crockford (1980), argued for multidisciplinary risk management rather than risk management siloed and “fragmented among a number of sects.” Bannister and Bawcutt (1981), proposed that risk management requires multiple disciplines working together to manage “future uncertainty.” ENTERPRISE RISK MANAGEMENT 4
  • 6. Titman (1986) discussed the “benefits to integrating risk management activities in a single framework”. Haimes (1992) called for “the evolution toward a more holistic approach,” which Haimes terms, “total risk management.” Kloman (1992), described concepts coming out of Europe from the CONCEPTUAL ROOTSCONCEPTUAL ROOTS Kloman (1992), described concepts coming out of Europe from the mid 70s to the early 80s that we now associate with ERM. Holton (1996), The term Enterprise Risk Management appears. Stulz (1996), proposed that academic theory expand beyond the traditional risk management (TRM) goal of “variance minimization” with its focus on the downside of risk. ENTERPRISE RISK MANAGEMENT 5
  • 7. Colquitt et al., 1999 called for “integrated risk management,” the first academic papers using the term “Enterprise Risk Management” appeared in 2001. Dickinson (2001) stated that ERM emerged as a corporate concept in the mid-1990s, and defined ERM as a “systematic and integrated CONCEPTUAL ROOTSCONCEPTUAL ROOTS approach of the management of the total risks a company faces.” Brogan (2001) offered one of the first definitions of ERM: “The process by which organizations in all industries assess, control, exploit, finance and monitor risks from all sources for the purpose of increasing the organization's short- and long-term value to its stakeholders”. ENTERPRISE RISK MANAGEMENT 6
  • 8. Enterprise Risk Management is the process of 1- identifying major risks that confront an organization, 2- forecasting the significance of those risks in business processes, 3-addressing the risks in a systematic What’s ERM? and coordinated plan, 4-implementing the plan, and 5-holding key individuals responsible for managing critical risks within the scope of their responsibilities. ENTERPRISE RISK MANAGEMENT 7 ““ERM provides a framework forERM provides a framework for Risk ManagementRisk Management””
  • 9. ERM is a strategic business discipline that supports the achievement of an organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio, Risk and Insurance Management Society (RIMS) (2011) WHAT’S ERM?WHAT’S ERM? ENTERPRISE RISK MANAGEMENT 8 Governance Risk and Compliance (GRC) Enterprise Risk Management (ERM) Embraces compliance as a separate activity for each business silo. Is concerned with delivering measurable business value by tying front line operational activities to goals across all business units.
  • 10. Strategic Achieving Organizational objectives “Focus on results” ERM DEFINATION LEVELSERM DEFINATION LEVELS ENTERPRISE RISK MANAGEMENT 9 Functional Activities that reduce risk and seize opportunities. Process Actions undertaken by managers to manage risk
  • 11. ERM “COMMON RISK ALLOCATION”ERM “COMMON RISK ALLOCATION” Hazard risk Financial risk ENTERPRISE RISK MANAGEMENT 10 Operational risk Strategic risk ERM “Common Risk Allocation”
  • 12. 1. The possibility of suffering harm or loss (American Heritage Dictionary, Houghton Mifflin Co.) RISK ENTERPRISE RISK MANAGEMENT 11 2. Uncertainty of an event which if occurred would result in a negative or positive effect on the project (Project Management Institute).
  • 13. Uncertainty is a lack of knowledge about an event that reduces confidence in conclusions drawn from the data. The investigation of uncertainties may help identify RISKs. Under certainty, the outcome can be predicted with a high degree UNCERTAINTYUNCERTAINTY Under certainty, the outcome can be predicted with a high degree of confidence. In reality, most decisions are taken without complete information, and therefore give rise to some degree of uncertainty in the outcome. ENTERPRISE RISK MANAGEMENT 12
  • 14. RISK ATTITUDERISK ATTITUDE Organizations perceive risk as the effect of uncertainty on projects and organizational objectives. Organizations and stakeholders are willing to accept varying degrees of risk depending on their risk attitude. The risk attitudes of both the organization and the stakeholders mayThe risk attitudes of both the organization and the stakeholders may be influenced by a number of factors, which are broadly classified into three themes: 1. Risk appetite 2. Risk tolerance 3. Risk threshold ENTERPRISE RISK MANAGEMENT 13
  • 15. RISK APPETITERISK APPETITE Risk appetite is about the pursuit of risk. Organizations have to take some risks and they have to avoid others. Risk appetite is delegated downward (from strategic level) to through the organization using various means such as policies,through the organization using various means such as policies, procedures, training, and supervision. The organization’s risk exposure Risks an organization’s to engage ENTERPRISE RISK MANAGEMENT 14
  • 16. RISK TOLERANCERISK TOLERANCE Tolerances are the areas of risk that are acceptable or unacceptable OR which is the degree, amount, or volume of risk that an organization or individual will WITHSTAND. Three common classifications used for describing risk tolerance or risk profile are the risk averse (or avoider), risk neutral (orrisk profile are the risk averse (or avoider), risk neutral (or tolerant), or risk seeker (or taker). The organization’s risk exposure Risk an organization could potentially tolerate ENTERPRISE RISK MANAGEMENT 15
  • 17. RISK THRESHOLDRISK THRESHOLD Refers to measures along the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. A threshold is the point at which a risk becomes unacceptable. Below that risk threshold,Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will NOT tolerate the risk ENTERPRISE RISK MANAGEMENT 16
  • 18. Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact Risk Management ENTERPRISE RISK MANAGEMENT 17 resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities The effect of uncertainty on objectives, defined in ISO31000 Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals.
  • 19. •Identify the threats/opportunit ies and analyze them to determine potential impact to outcomes and determine appropriate treatment priorities. •Identify the key elements of the risk management Plan Asses RISK MANAGEMENT STEPSRISK MANAGEMENT STEPS •Plan and implement the treatment of the identified risks •Monitor the implementation of risk treatment actions, report on status, and adjust actions according to results. treatment priorities. TreatControl ENTERPRISE RISK MANAGEMENT 18
  • 20. Risk Assessment Establish Goals & Context Identify Risks Monitor/Review Consultation/Communication RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Identify Risks Analyse Risks Evaluate Risks Treat Risks Monitor/Review Consultation/Communication ENTERPRISE RISK MANAGEMENT 19 Based on ISO 31000
  • 21. 1. Risk Assessment Risk identification establishes the exposure of the organization to risk and uncertainty. This requires an intimate knowledge of the organization, the market RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS ENTERPRISE RISK MANAGEMENT 20 in which it operates, the legal, social, political and cultural environment in which it exists, as well as an understanding of strategic and operational objectives. This will include knowledge of the factors critical to success and the threats and opportunities related to the achievement of objectives.
  • 22. ENVIROMENTAL SCANENVIROMENTAL SCAN Foreign exchange rate Equity Interest rate Commodity price Financial Risks Strategic Risks Political impediments Technological innovation Regulation Regulation ENTERPRISE RISK MANAGEMENT 21 ERM Foreign exchange rate Employee related Liability Property Pure - loss situations Hazard Risks Operation Risks Product recall Management fraud Labor dispute Information technology Customer satisfaction Political impediments
  • 23. TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES 1) Brainstorming 2) Interviewing ENTERPRISE RISK MANAGEMENT 22 1) Brainstorming 3) Delphi Technique 2) Interviewing 4) Root Cause Analysis 5) Financial Statements 5) Historical Records
  • 24. InternalInternal TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 23 InternalInternal ExternalExternal
  • 25. RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Activities within the organization have been evaluated and all the risks flowing from these activities defined. Risk analysis can be used to produce a risk profile that gives a rating of significance to each risk and provides a tool for prioritizing ENTERPRISE RISK MANAGEMENT 24 risk treatment efforts. This ranks the relative importance of each identified risk. The overall objective of perform Qualitative Risk Analysis and Quantitative Risk Analysis processes is to determine which RISKS warrant a treatment.
  • 26. TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 25 Key Action Risks you should definitely move into the Perform Quantitative analysis Risk Analysis process and/or the Plan Risk Responses process (High Risks) Risks you might decide to move into the Perform Quantitative Risk Analysis process and/or the Plan Risk Responses process (Medium Risks) Risks to simply document (Low Risks) = WATCHLIST Probability and Impact Matrix (PIM)Probability and Impact Matrix (PIM)
  • 27. TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES 1) Interviewing 2) Expert Judgment ENTERPRISE RISK MANAGEMENT 26 1) Interviewing Expert Judgment 3) Probability Distribution
  • 28. TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES Sensitivity Analysis “Tornado Diagram & If-What Scenarios” Expected Monetary Value Analysis (EMV) Decision Tree Analysis Modeling & Simulation “Monte Carlo Simulation” Determines which risks have the most potential impact on the project. Multiplying the value of each outcome by the probability of its occurrence. The overall probable Incorporates probabilities of risks and costs or rewards of each logical path. Future events are not Translates how uncertainties specified in a detailed level of the project may affect its objectives. ENTERPRISE RISK MANAGEMENT 27 The overall probable circumstance will be as a result of the events. Future events are not certain its objectives. Derive overall project risk from individual risks. Completion Date Frequency CumulativeProbability 3/11/31 4/5 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 0.02 0.04 0.06 0.08 0.10 0.12 0.14 0.16
  • 29. RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS 2. Risk Treatment Risk treatment is presented the activity of selecting and implementing appropriate control measures to modify the risk. Risk treatment includes as its major element, risk control (or ENTERPRISE RISK MANAGEMENT 28 mitigation), but extends further to, for example, risk avoidance, risk transfer and risk financing. Any system of risk treatment should provide efficient and effective internal controls.
  • 30. TOOLS AND TECHNIQUESTOOLS AND TECHNIQUES ENTERPRISE RISK MANAGEMENT 29
  • 31. RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS Effectiveness of internal control is the degree to which the risk will either be eliminated or reduced by the proposed control measures. The cost effectiveness of internal control relates to the cost of implementing the control compared to the risk reduction benefits ENTERPRISE RISK MANAGEMENT 30 implementing the control compared to the risk reduction benefits achieved. One method of obtaining financial protection against the impact of risks is through risk financing, including insurance.
  • 32. RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 31
  • 33. RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 32
  • 34. RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 33
  • 35. RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 34
  • 36. RISK REGISTER SAMPLE AND OUTPUTSRISK REGISTER SAMPLE AND OUTPUTS ENTERPRISE RISK MANAGEMENT 35
  • 37. RISK MANAGEMENT PROCESSRISK MANAGEMENT PROCESS 3. Feedback ISO 31000 recognizes the importance of feedback by way of two mechanisms. 1. Monitoring and review ensures that the organization monitors ENTERPRISE RISK MANAGEMENT 36 risk performance and learns from experience. 2. Communication and consultation is presented in ISO 31000 as part of the risk management process, but it may also be considered to be part of the supporting framework.
  • 38. Integrate with Project Open and Honest Communication Organizational Commitment Risk Effort Scaled to RISK MANAGEMENT SUCCESS FACTORSRISK MANAGEMENT SUCCESS FACTORS Risk Management Success Value Risk Management Project management Scaled to Project Responsibility ENTERPRISE RISK MANAGEMENT 37
  • 39. ERM Implementation 1- Planning and designing 2- Implementing ENTERPRISE RISK MANAGEMENT 38 2- Implementing and benchmarking 3- Measuring and monitoring 4- Learning and reporting
  • 40. ERM IMPLEMENTATIONERM IMPLEMENTATION 1. Planning and designing 1- Identify intended benefits of the enterprise risk management initiative and gain Board mandate • Benefits of ERM • Embedding risk management 2- Plan the scope of the ERM initiative and develop common ENTERPRISE RISK MANAGEMENT 39 2- Plan the scope of the ERM initiative and develop common language of risk • Upside of risk • Stakeholder expectations 3- Establish the risk management strategy, framework, and the roles and responsibilities • Risk management policy • Risk architecture
  • 41. 2. Implementing and Benchmarking 4- Adopt suitable risk assessment procedures and an agreed risk classification system • Risk description • Risk classification systems 5- Establish risk significance benchmarks and undertake risk ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 40 5- Establish risk significance benchmarks and undertake risk assessments • Risk assessment techniques • Benchmark tests of significance 6- Determine risk appetite and risk tolerance levels, and evaluate the existing controls • Risk register • Risk appetite
  • 42. 3. Measuring and monitoring 7- Ensure cost-effectiveness of existing controls and introduce improvements • Risk improvement plans • BCP and DRP ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 41 8- Embed risk aware culture and align risk management with other management tasks • Control environment • Risk communications
  • 43. 4. Learning and reporting 9- Monitor and review risk performance indicators to measure ERM contribution • Risk improvement plans • BCP and DRP ERM IMPLEMENTATIONERM IMPLEMENTATION ENTERPRISE RISK MANAGEMENT 42 8- Report risk performance in line with legal and other obligations, and monitor improvement • Risk reporting • Legal requirements
  • 44. Offers Survival A better chance Provide Stability In creating, distributing, financing, and selling products and services Adds Confidence The board and WHY ERM?WHY ERM? ENTERPRISE RISK MANAGEMENT 43 Why ERM? A better chance to identify, mitigate, avoid, and treat risks that could close us down selling products and services The board and CEO are meeting fiduciary, community, social, and ethical responsibilities Build good relationships with regulators
  • 45. How ERM Can Increase Firm ValueHow ERM Can Increase Firm Value Process can focus on protecting Value, Cash flows, and Earnings but it Cannot protect all three at once. •Reducing taxes. Earning based Strategy •Insuring to prevent assets from declining.Value based •Hedging to maintain internal funding ENTERPRISE RISK MANAGEMENT 44 So decreasing the volatility of future cash flows can decrease the cost of capital. V = Σ FCFt / (1+WACC)t V : Firm value FCF : Free cash flow WACC : Cost of capital •Hedging to maintain internal funding sources. Cash flow based
  • 46. 1. A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 2. Enterprise Risk Management: Review, Critique, and Research Directions, Philip Bromiley, Michael McShane, Anil Nair, Elzotbek Rustambekov, 2014. References 2014. 3. Strategic Risk Management: Improving Your Organization’s Chances for Success, RIMS Conference 2012, Philadelphia. 4. Enterprise Risk Management: Department of Finance, Steve D’Arcy, March 15, 2005. 5. A guide to the Project Management Body of Knowledge (PMBOK Guide), Fifth Edition. ENTERPRISE RISK MANAGEMENT 45