1. Common Risk Management failures &
how to avoid them
Presented by: Internal Audit Department
2. Goals of this presentation
What can hold To make
back an management
organization aware of the key
from success factors
successfully for ERM as an
implementing effective tool for
ERM?– sustainable
common growth
mistakes & how
to avoid them
4. Existence without risk!
“A ship is safe in a harbor, but that's not what ships are for.” -
“Salt from my attic” by John Augustus Shedd, USA
How many organizations have prospered without taking risks?
How many great discoveries have taken pace without taking risks?
How many governments run without facing risks?
How many of our jobs does not depend on risk?
Is there a life that is without risk?
….Life is all about taking risks, face challenges and overcoming them
5. Why ERM is so important?
Stakeholder involvement
Changes in customer preference
Board & Audit Committee Commodity price changes
responsibilities Technology obsolescence
Executive management Adverse changes to laws & regulations
responsibilities Cyber security & privacy protection
External risk reporting Business discontinuities / supply disruptions
responsibilities Failed acquisitions
Changes in Federal
laws and regulations
Company
reputation risk
Highly visible
litigation
Growing media
attention
Executive
compensation
Shareholder involvement
7. Global study snapshot
The Accenture 2011 Global Risk Management Study
is based on a quantitative survey of executives from
397 companies across ten industries. All
respondents were C-level executives involved in risk
management decisions at their companies;
One of the largest risk management organizations were split primarily among Europe,
surveys of its kind, the Accenture 2011 North America, Latin America and Asia Pacific.
Different-sized companies were also represented:
Global Risk Management Study finds about half the companies represented had annual
that advanced risk management revenues over US$5 billion; one-fourth had revenues
between US$1 billion and US$5 billion; the
capabilities are high on the executive remaining quarter had revenues between US$500
agenda and now seen as a critical million and US $1 billion.
business driver and source of
sustained growth and long-term
competitive advantage.
8. ERM: Why a hot topic today?
Holistic capabilities Clear maturity witnessed over
Executive mindset is broadening, and risk management is the last four years in the risk
becoming both more comprehensive and more integrated— management capabilities
in decision making, in formalizing ERM programs or in the
restructuring of the RM organization and its leadership.
across all industries—a rapid
march up the business value
chain and the development of
governance and organizational
Leading practices structures that give risk a voice
The gap between the ―best and the rest‖ when it comes to at the executive table.
positioning, leveraging and executing risk management is
increasing.
Survey results indicate: Risk
management capabilities are
Industry specificity more critical, more connected,
Executives want to compare and contrast their experiences more strategic and overall
with peers from many types of companies, but especially
more valuable to enterprises
with leaders within their own industry.
as they execute their business
plans. As a result, companies
Pragmatism are spending more time and
One message heard loud and clear is the need to identify effort advancing their risk
practical steps that can be taken to address the risk management capabilities as a
management capability gaps which may exist within an
organization.
business priority.
9. Enabler of long-term competitive advantage : from
reactive to proactive
Risk management as a source of competitive advantage
Beyond the immediate pressures of global markets, more demanding
customers and dramatic industry change is a growing recognition that
companies have an opportunity to drive competitive advantage from their risk
management capabilities, enabling long-term profitable growth and sustained
future profitability.
This means that risk management at the top-performing companies is now
more closely integrated with strategic planning and is conducted proactively,
with an eye on how such capabilities might help a company move into new
markets faster or pursue other evolving growth strategies. At its best, risk
management is a matter of balance—the balance between a company’s
appetite for risks and its ability to manage them.
Meeting the coming challenges
Surveyed executives also noted that stiff challenges lie ahead when it comes to
developing risk management capabilities that are adequate to the needs of the
business in the future.
10. Enabler of long-term competitive advantage
Source: 2011 Global Risk Management Study, Accenture
12. Major challenges faced in establishing ERM
The types of risks to which Despite major investments to improve risk
companies are exposed, as well as capabilities, critical exposures persist,
their severity, are growing according especially given companies’ inability to
to surveyed executives. Companies improve their risk measurement capabilities
are increasingly concerned about the sufficiently. Risk management needs to
spectrum of risks - from supply chain support positive business growth, not only
to operations to regulation to protect against negative occurrences, so
reputation. Financial fraud and crime companies need a better way to assess their
are on the rise. risk-bearing capacity.
Performance gaps exist between
Organizational silos and outdated companies’ expectations for risk
information systems prevent many management and what is actually achieved.
enterprises from adequately
sharing information that could
Cost pressures continue unabated -
mitigate risks more effectively.
requiring effective management both in
Better organizational
terms of cost of operations and in terms of
structures and underpinning
investment decisions.
systems are essential if the
challenge of integration is to be
met.
14. Improving Risk Management Capabilities
As the importance of risk
management expands, and as
companies increasingly view the
risk management function not only
as a preventive capability but also
as a performance enabler, one
would expect spending levels to
rise accordingly.
Source: 2011 Global Risk Management Study, Accenture
15. Focus categories of risks
In the rapid and
continuously
changing
environment, there
are growing
concerns about a
broader spectrum
of risks, including
those related to
the supply chain,
operations,
regulation and
reputation
Source: 2011 Global Risk Management Study, Accenture
17. How do you measure success of ERM?
Objective of ERM: to help senior and operating management make
better decisions about how risks should be managed organization-wide.
Integration of risk assessment into strategic and operating processes
Improved risk identification
Implementation of more effective and early warning techniques
Improvement in specific risk measures, metrics and monitoring
Reduced number or avoidance of risk incidents
Reduced performance variability
Reduction of cost of capital and improvement in shareholder value
Increased risk sensitivity and risk awareness
Integration with KPI reporting
Continued success of the organization
19. What is your risk appetite?
As business strategy is linked to performance management, risk
monitoring and reporting is linked with risk appetite as both contribute
to the quality of business performance
One of the critical role of risk appetite is that
the tone it sets for the risk culture across the
organization; most major contemporary
organization failures or financial frauds
occurred due to flawed risk culture;
To reinforce risk culture, organization’s risk
appetite should be integrated into the
performance management framework at the
individual level to ensure consistent
application;
At the organizational level risk appetite
should be expressed through risk based
performance targets measured against
actual results
20. Measuring success of ERM?
Objective of ERM: to help senior and operating management make
better decisions about how risks should be managed organization-wide.
Integration of risk assessment into strategic and operating processes
Improved risk identification
Implementation of more effective and early warning techniques
Improvement in specific risk measures, metrics and monitoring
Reduced number or avoidance of risk incidents
Reduced performance variability
Reduction of cost of capital and improvement in shareholder value
Increased risk sensitivity and risk awareness
Integration with KPI reporting
Continued success of the organization
Source: Guide to Enterprise Risk Management, FAQ, Protiviti, page 121, paragraph – 136