Enterprise Risk Management
1 like1,173 views
The document discusses enterprise risk management (ERM) highlighted by case studies such as Johnson & Johnson and Wirecard, emphasizing the importance of proactive risk management strategies. It outlines the framework for identifying, analyzing, and responding to risks, and the role of the Chief Risk Officer in integrating risk management with organizational decision-making. The text also introduces risk identification tools and categorizes various types of risks faced by organizations.
Enterprise Risk Management
- 1. Enterprise Risk Management Prof Akram Hassan SME@PMI
- 2. 1980 Johnson & Johnson Story Reputation risk Someone poisoned bottles resulting in several deaths 100% 100% Honest open communication Recovery of share value The company reacted quickly, removing and replacing its products at retail outlets, cooperating fully with law enforcement authorities, and keeping the media (and, hence, the public) informed throughout.
- 3. 2020 Wirecard Group Story Fraud risk Corruption Case 0% 97% Honest open communication Failure of share value Wirecard acknowledgesfor the first time from 2015 the potential scale of a multiyear accounting fraud, warning that the €1.9bn of cash probably does “not exist”. Wirecard says it will file for insolvency.
- 4. “The primary purpose of ERM is the creation and protection of value.” ©2019 PMI What constitutes "best practices" in ERM has yet to be defined. ©2020 Investopedia
- 5. Enterprise Risk Management 01 Identify Enterprise Risk 02 Analyze Enterprise Risk 03 Respond Enterprise Risk 04 Agenda ERM Maturity Model 05
- 6. 01 Enterprise Risk Management
- 7. M I L I TA R Y Traditional Risk Management Vs ERM Tactical Reactive Silo-based processes RM ERM Unlinked to decision makers Supported by rules WHY ? Strategic Proactive Integrated processes Linked to decision makers Supported by risk culture Chief Risk Officer (CRO) to coordinate ERM efforts.
- 8. M I L I TA R Y Risk Culture Tailoring risk effort. Open and honest communication. Recognizing the value of risk management. Individual commitment/ responsibility. Organizational commitment. Integration with OPM. 1 2 3 4 5 6
- 9. Executive Role A chief risk officer (CRO) is an executive in charge of managing risks to the company. High Experience It is a senior position that requires years of experience in accounting, economics, legal, or actuarial backgrounds. CRO
- 10. ERM provides decisionmakers with a realistic picture of likely outcomes to their strategic initiatives by integrating risk into the cost-benefit analysis of all strategic investments. ERM Proactive Approach
- 11. ERM is an approach for: 1. Identifying major risks that confront an organization. 2. Forecasting the significance of those risks to business processes. 3. Responding to create or protect the value. Forecast Identify Respond E R M I n t e g r a t i o n C o n s o l i d a t i n g & C a s c a d i n g
- 12. Plan Risk Responses Implement Risk Responses Plan Risk Management Identify Risks PerformQualitative Risk Analysis 01 06 03 04 07 ERM Life Cycle Framework 05 02 PerformQuantitative Risk Analysis Monitor Risks Source: The standard for Risk Management ©2019 PMI
- 13. PLAN RESPONSE IMPLEMENT RESPONSE INITIAT RISK IDENTIFY RISKS ASSESS RISKS 01 02 03 05 ERM Life Cycle Framework 04 Source: The Project Risk Analysis and Management (PRAM) Guide 2nd edition, written by the APM
- 14. ERM Life Cycle Source: ISO 31000 standard Risk management: principles and guidelines
- 15. ERM Plan Success Factors Acceptance Bias correction Alignment Balance Completion
- 16. 02 Identify Enterprise Risk
- 18. M I L I TA R Y Risk Classification There is knowledge to identify probability and impact. Known–Unknown (Classic risk) Knowledge exists in community but not with the entity working on the endeavor. Unknown–Known (Hidden fact) Managed as a part of scope. Not a risk. Known–Known (Facts) Knowledge does not exist within the sphere of influence. Unknown-Unknown (Emergent Risk)
- 19. Cause – Risk – Effect FACT RESULT RISK CAUSE EFFECT As a result of cause risk may occur which lead to effect
- 20. Ishikawa Diagram Example of a Cause and Effect
- 21. ERM Identification Success Factors Early identification Iterative identification Comprehensive identification Emergent identification
- 22. M I L I TA R Y ERM Identification Tool Technology Regulatory/legal Uncertainty Market Socio-cultural Political Economic Competitive Prompt List SPECTRUM
- 23. ERM Identification Tool Competition, Social trend, Capital availability. Strategic Risks Customer satisfaction, Product failure, Integrity, Reputational risk; Knowledge drain. Operational Risks Pricing risk, Asset risk, Currency risk, Liquidity risk. Financial Risks Liability torts, Property damage, Natural catastrophe Hazard Risks Source: The Casualty Actuarial Society (CAS)
- 24. 03 Analyze Enterprise Risk
- 25. ERM Criteria 5 4 3 2 1
- 26. 60% 40% Heat Map Exposure = Impact × Probability
- 27. ER Prioritization Proximity. The period of time before the risk might have an impact on one or more project objectives. A short period indicates high proximity. Detectability. The ease with which the results of the risk occurring, or being about to occur, can be detected and recognized. Where the risk can be detected easily, detectability is high.
- 28. ER Forecasting
- 29. 04 Respond Enterprise Risk
- 30. Thomas Stanton (Feb 18, 2017). "Enterprise Risk Management". The point of ERM is not to create more bureaucracy, but to facilitate discussion on what the really big risks are.
- 32. ERM Strategies (Opportunities) Share Exploit Enhance Accept Escalate
- 33. ER Response Tool Force Field Analysis Balance of Forces for and against Change
- 34. 05 ERM Maturity Model
- 35. ERM Model
- 36. ERM Stakeholders
- 38. Be Safe… Manage the Risks… Protect Your Business… Prof Akram Hassan SME@PMI [email protected] +201014356420