Transcript Document
Gaining Ground: Building Existing
Practices into Enterprise Risk
Management
ERM002
Recording of this session via any media type is strictly prohibited.
Page 1
• Linda Conrad - Director of Strategic Business Risk; Zurich
Linda leads a global team responsible for delivering tactical solutions to
strategic issues like business resilience, supply chain risk, Enterprise Risk
Management, Total Risk Profiling. Linda addresses enterprise resiliency
issues in print and television appearances, including CNBC and Fox
Business News, and a Wall Street Journal Microsite. Linda is on the RIMS
ERM Committee and Supply Chain Risk Leadership Council. Linda holds a
Specialist designation in ERM, and serves on the Educational Board of the
Institute of Risk Management in London.
• Radu Demian - Director of Corporate Risk Management
and Compliance; Correctional Healthcare Companies
Oversees the Enterprise Risk Management, Insurance, Safety and
Compliance program. Past member of the RIMS ERM Committee.
Previously: Manager of Corporate Risk Management at University
Hospitals (UH) in Ohio; Risk Manager for the City of Windsor, Canada;
Branch Manager for a European insurer.
Recording of this session via any media type is strictly prohibited.
Page 2
Learning Objectives:
• Differentiate between traditional risk management and ERM.
• Describe the advantages of transitioning to ERM.
• Adopt steps to make the ERM expansion.
Recording of this session via any media type is strictly prohibited.
Page 3
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 4
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 5
Comparing Traditional RM with ERM
1. Traditional RM focuses on hazard
1. ERM encompasses both hazard
risk and business risk.
risk.
2. Traditional RM seeks to restore an
organization to former pre-loss
condition.
3. Traditional RM focuses on the
value of the accidental loss.
4. Therefore traditional RM is both
its own discipline & part of the
broader ERM discipline.
2. ERM seeks to enable an
organization to fulfill its greatest
productive potential.
3. ERM focuses on the value of the
organization.
4. ERM focuses on the organization
as a whole.
Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliot and Harrison page 1.14.
Recording of this session via any media type is strictly prohibited.
Page 6
The Anatomy of Enterprise Risk
Hazard
Cause
Event
1st ORDER RISKS
Physical Damage,
Visible
Personal Injuries/Deaths
2nd ORDER RISKS
Consequential Losses
(Production, Profits)
3rd ORDER RISKS
Indirect Economic Losses
MORE INSURABLE
Can Be Evaluated
Poorly Visible
(Market share, image, managing upset,
personnel, lost investments)
Difficult to
Evaluate
LESS INSURABLE
4th ORDER RISKS
A consequence of the preceding risks and
unacceptable to society
Recording of this session via any media type is strictly prohibited.
Page 7
Evolution of Enterprise Risk and Resilience
Management (ERM)
Recording of this session via any media type is strictly prohibited.
8
Page 8
Enterprise Risk Wheel
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 9
Embedding a Robust and Positive Risk Culture
Recording of this session via any media type is strictly prohibited.
10
Page 10
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 11
The Value Killers: share price declines in one month
Frequency of contributing causes on value losses
Recording of this session via any media type is strictly prohibited.
Source: Deloitte –The Value Killers Revisited, 2014
Page 12
Risks that matter the most: Market capitalization loss of
50% at top 20% of Fortune 1000
Recording of this session via any media type is strictly prohibited.
Source: CEB Audit Leadership Council Research. n = 128
Page 13
Change in causation demands a change in risk
management
Source: Deloitte –Disarming the Value Killers, 2005
Source: Deloitte –The Value Killers Revisited, 2014
Recording of this session via any media type is strictly prohibited.
Page 14
Why does it matter?
Time required for share price to recover
Source: Deloitte –The Value Killers Revisited, 2014.
Recording of this session via any media type is strictly prohibited.
Page 15
Board Impetus:
•
Increasing complexity of global business risks is challenging.
•
Boards must understand the risks facing the company and how they affect its ability to
achieve its business objectives.
•
Disclosure and transparency are imperative to understanding and potentially having
proper oversight of risk.
•
Of additional interest, the SEC just released their examination priorities for 2014:
Corporate Governance, Conflicts of Interest, and Enterprise Risk Management. This
initiative is designed to:
(i) evaluate firms’ control environment and “tone at the top,”
(ii) understand firms’ approach to conflict and risk management, and
(iii) initiate a dialogue on key risks and regulatory requirements.
Recording of this session via any media type is strictly prohibited.
Page 16
C-Suite Impetus:
• CEOs are faced with creating greater shareholder value
• CFOs are challenged with achieving higher returns while spending considerable
resources on ensuring compliance with internal financial controls.
• CIOs are dealing with ever-changing technology and sophisticated hacking threats.
• GCs must manage traditional legal issues and also improve legal and regulatory
compliance.
• As a result, the C-suite is mandating that management provide greater transparency of
risk across the organization, demanding a more integrated, holistic approach to
understanding these enterprise-wide risks.
Recording of this session via any media type is strictly prohibited.
Page 17
Compliance and Regulatory Push:
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 18
Rating Agency Pressure:
S&P: Proposed Criteria from General Criteria: Request For Comment: Management And Governance Credit Factors
•
Business managers may demonstrate proficiency by institutionalizing comprehensive policies that
recognize the complex interdependencies of the risks their businesses face, the trade-off between
risk and reward, and the interplay between business and financial risk. Questions regarding risk
management standards and tolerances include:
•
•
Does the corporate regularly identify and assess the impact of critical strategic risks?
Has the corporate determined limits for acceptable levels of risk, and if so, how are they
enforced?
Does the corporate hold accountable specific individuals for oversight of the most critical risks the
enterprise faces, and if so, what are the rewards (consequences) for success (failure)?
Does the corporate employ an effective risk-based approach to strategic decisions?
Has the corporate effectively communicated to employees, owners, and other key stakeholders
its tolerance for risk and commensurate expectations for earnings volatility?
•
•
•
Source: www.standardandpoors.com/ratingsdirect 9945624 | 300000625
Recording of this session via any media type is strictly prohibited.
Page 19
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 20
Risk Management Roles in ERM
Author Caroline McDonald writes: “Risk managers, often seen mostly as insurance
buyers, have work to do in expanding their view of risk to match those of senior
executives and board members….Today, senior executives and boards think of risk in
much broader terms, and risk managers need to see themselves as more than
insurance buyers.”
Source: RIMS Risk Management Professional Growth Model
Recording of this session via any media type is strictly prohibited.
Page 21
What if ERM Is Led by Another Part of the
Organization?
•
Just over 55% of the respondents to the 2013 RIMS ERM Benchmark Survey
indicated that ERM is being led by risk management within their organizations.
•
Two important steps for integration as part of the ERM team:
1) conduct a frank and honest strength/developmental needs self-assessment,
seeking external feedback, based on the RIMS Professional Growth model
2) create a 15-word mission statement that answers the following question: What
do or can I do that adds remarkable, measurable, distinctive and distinguished
value to my organization?
•
Understanding how to be a contributing and valued team member is indeed a
leadership characteristic. Being able to demonstrate that value goes a long way
towards winning a spot on the team.
Recording of this session via any media type is strictly prohibited.
Page 22
Collaborating with Other Internal Risk Management
Functions
Recording of this session via any media type is strictly prohibited.
Page 23
Translate Risk into Senior Executives’ Language
Recording of this session via any media type is strictly prohibited.
Page 24
Translate Risk into Senior Executives’ Language
• Carol Fox, director, strategic and enterprise risk practice at the Risk and
Insurance Management Society, began promoting this broader concept in a
2014 article for CFO.com article called ‘Total Cost of Risk’ Redefined
• Carol Fox, agreed: “CFOs don’t think of total cost of risk as what we’re
measuring.” While insurance remains important for transferring risk and
protecting the balance sheet, Fox said, companies are trying to strengthen
their overall risk-management capabilities with an eye to overcoming
obstacles to reaching organizational goals. “They’re looking at what their
strategic plans are and how those play into risk scenarios,” she said
Recording of this session via any media type is strictly prohibited.
Page 25
Translate Risk into Senior Executives’ Language
• In the same article, we hear from Rich Sarnie, vice president of risk
management at the Great Atlantic & Pacific Tea Co. “We need to expand it
and make sure it includes all the risks and the costs associated with those
risks, not just the insurable ones.”
• Mr. Sarnie says, “Executives are much more focused on risk management
these days, but “it’s not the insurable risks that are keeping them up at
night. It’s other risks,” said Sarnie. Such risks include the availability of
affordable financing, reputational risk, supply-chain risk, and technology
or social-media risk. Boards “want to know how we are identifying those
risks and how we are managing them, plain and simple.”
http://ww2.cfo.com/risk-management/2012/07/total-cost-of-risk-redefined/
Recording of this session via any media type is strictly prohibited.
Page 26
Attacking Gaps Between Perceived and Actual Risks:
Must differentiate between perceived and actual risk.
Identify risks that matter to the organization’s objectives and
those that do not. Ask whether the risk:
• is relevant and important to achieving the organization’s
objectives?
• will improve or worsen the organizations position?
If NO, the risk may be a perceived rather than an actual risk.
Recording of this session via any media type is strictly prohibited.
Page 27
Aligning KPI’s and KRI’s:
• Key Performance Indicators (KPIs) help a firm see how it is performing in
relation to its strategic goals and objectives.
• Key Risk Indicators (KRIs) are leading indicators of risk to business
performance, giving early warning about potential risk event
• Zurich uses KRIs to monitor risks are in the areas such as:
• natural catastrophe risks (as % of group shareholder equity)
• asset-liability matching (duration mismatch)
• strategic asset allocation (% allowed in investment category)
• credit risk (weighted average credit rating)
• other risks specific to business or functional areas
Recording of this session via any media type is strictly prohibited.
Page 28
Key Risk Indicator example
ERM Vulnerability:
• Inability to attract and retain necessary talent, especially in key areas
A KPI would be “maintaining a company’s retention rate at X%”
Possible KRI metrics to track risk significance and / or mitigation
• Personnel turnover, especially in key operational areas
• Number of declined job offerings
• Time to fill job openings, especially key spots
• Client disputes and / or losses
• Qualitative measures, such as feedback obtained from HR personnel
Recording of this session via any media type is strictly prohibited.
Page 29
Key Performance and Risk Indicators:
Key Performance Indicators (KPI)
Key Risk Indicators (KRI)
• Progress on organizational targets
and strategic goals
• Track metrics that are leading
indicators to risk of performance
• Monitoring of employee activity
completion and budget spend
• Measurement based on data of
influencing factors
• Measurement of results
• Ongoing monitoring of the level and
cost of risk against risk tolerance
• Forecasting for planning purposes
• Track changes in the risk profile of
business landscape
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 30
Link KRI’s to Business:
Vulnerability
Trigger
Key Risk
Indicators
Endangered
asset
or goal
Consequence
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 31
A Risk Scenario:
Vulnerability
Trigger(s)
Consequence(s)
What? Where?
How?
Why?
How big?
How bad?
How much?
Existing
Controls
If any…
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 32
Link Risk Scenario to Business Goal:
Vulnerability
Trigger(s)
Consequence(s)
Strategic
Objective
What? Where?
How?
Why?
How big?
How bad?
How much?
When?
What?
Where?
Who?
Controls
If any…
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 33
Link KPI’s:
Vulnerability
Trigger(s)
Consequence(s)
Strategic
Objective
Key Performance
Indicator(s)
What?
Where?
How?
Why?
How big?
How bad?
How much?
When?
What?
Where?
Who?
When?
What?
Where?
Who?
Controls
If any…
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 34
Link KRI’s to Business:
Vulnerability
Trigger(s)
What?
Where?
How?
Why?
Controls
Consequence(s) Strategic Key Perform
Objective Indicator(s)
How big?
How bad?
How much?
When?
What?
Where?
Who?
When?
What?
Where?
Who?
Key Risk
Indicator(s)
When?
What?
Where?
Who?
If any…
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 35
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 36
The Value of ERM
A survey by Federation of European Risk Management Associations found
firms with a more mature approach to Risk Management have better
financial results.
• 75% more firms with advanced risk management practices had
Earning Before Interest Taxes Depreciation and Amortization (EBITDA)
growth of over 10%
• 62% more firms with advanced risk management practices attained
annual revenue growth of 10%.
Creating an active risk culture is correlated with higher growth, as the
company becomes more aware and accountable for risk.
Source: 2012 study by Federation of European Risk Management Associations
Recording of this session via any media type is strictly prohibited.
Page 37
Demonstrating Value:
An Underwriter’s Perspective on ERM
•
•
•
•
•
•
Since underwriters have to assess and price the overall exposure, an underwriter
typically finds the details on an ERM program very valuable.
If the company does not mention its ERM program, the underwriter must assume it
does not exist.
Companies must communicate to insurance markets the strength and effectiveness
of their ERM programs if they wish to maximize the value.
The best approach is a simple meeting several months in advance of a renewal
to present the ERM program details, including stakeholders, resource support and
expected benefits.
Do not be afraid to educate the underwriter on ERM fundamentals, if applicable.
There is very little to risk, but much to be gained, by making your underwriter a
partner in your ERM efforts.
Recording of this session via any media type is strictly prohibited.
Page 38
Demonstrating Value:
From a traditional risk management perspective, there may be quantifiable benefits in
hard savings on insurance premiums and loss costs.
For one healthcare organization, it meant significant premium savings:
•
•
•
•
significant increase in insurance costs (30%) in the prior year.
implemented an ERM program that identified and developed mitigation plans
around the top five risks.
before presenting ERM program, received a renewal estimate of 14% rate increase.
after describing the details of ERM program and mitigation plan, we were able
to significantly reduce the increase to just 4%, which translated into several
hundred thousand dollars of savings.
The implementation of the ERM program provided not only more operational and
financial stability but also hard dollar savings for the company.
Recording of this session via any media type is strictly prohibited.
Page 39
Demonstrating Value:
• Using Total Risk Profiling, Zurich moved from an asset-based approach to riskbased approach for operational risk quantification and capital allocation
• One Zurich business unit reduced operational risk-based capital (RBC)
consumption by 21.7 percent
• The business unit then identified high risk exposures, performed a deeper
assessment and developed mitigation
• They had an additional reduction of 28.9 % in operational RBC consumption
• Capital not consumed was then available to fund profitable growth for Zurich.
Recording of this session via any media type is strictly prohibited.
Page 40
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 41
5 Steps to Transition to ERM:
1. Determine what value your organization will gain from ERM.
• What business need will be met through a structured ERM approach?
• Competitive advantage; more productive workforce; more stable, transparent
trading partner.
2. Scan the internal environment for what is already being done.
• Many organizations have established controls against commonly and widely
understood risks: business disruption, environmental, execution failure, etc.
• Leverage practices already in use within a broader ERM environment.
3. Find a champion.
• Should have one or more executive sponsors.
• Successful implementers form a cross functions working committee, including
leaders responsible for management control options.
• Find individuals who are able to positively influence others.
• Create a network of risk assessment champions and trainers.
Recording of this session via any media type is strictly prohibited.
Page 42
5 Steps to Transition to ERM:
4. Adapt processes to the organization’s needs.
• Keep the message focused on the organization’s objectives.
• Make risk-informed decisions and implementing their selected responses.
• Strengthening the risk culture can yield great results.
• Embed risk metrics into the performance objectives of business managers.
5. Strive for continuous improvement.
• Provide progress reports in at least two ways: by material risk and by ERM program
progression.
• Periodic reports to senior management on ERM program progression might
include progress related to milestones for specific objectives.
Recording of this session via any media type is strictly prohibited.
Page 43
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 44
ERM Case Studies:
Ward Ching
Vice President Risk Management Operations
Safeway
Brian Thelen
Chief Risk Officer and General Auditor
General Motors
Sandra Carson
Vice President, Enterprise Risk Management and Compliance
Sysco
Recording of this session via any media type is strictly prohibited.
Page 45
ERM Case Studies:
What was the impetus for the ERM program at your organization?
Safeway: Significantly self-insured and self-administered for most of its
insurance program and utilizes two captives, on-shore and off-shore. “Culture
of Safety” started in 2008. Goal was to integrate risk management into retail
operations, strategy, execution, mergers and to find opportunities to grow. It
was meant to reduce the cost per share by being proactive.
GM: Knew that they needed to be both systemic and episodic in their
approach. Must be prepared for episodic scenarios such as an earthquake in
Japan, or flooding in Thailand on an operational basis. Also galvanize the
company against the risk of failure on a longer-term systemic basis.
Sysco: In 2009, the board was not satisfied with Sysco’s risk assessment
process. The CEO wanted to get ahead of the board of directors. The ERM
program needed to be flexible, have enough structure, add value and be
consistently applied.
Recording of this session via any media type is strictly prohibited.
Page 46
ERM Case Studies:
Who was the champion of the ERM program?
Safeway: The executive committee of the company: the CEO, CFO and the
executive vice president of retail. The CEO and the executive committee
delivered messages to employees that the Culture of Safety is an important
process that will create competitive advantage for the company.
GM: The Chairman and CEO.
Sysco: After the retirement of the general counsel, the ERM function was
moved to the CFO who served as the executive sponsor and champion for the
program.
Recording of this session via any media type is strictly prohibited.
Page 47
ERM Case Studies:
What were the first steps?
Safeway: Started with an evaluation of the company’s culture to ensure the
program’s cultural alignment with the core business culture. They defined
core tenets, key drivers and their impact, after which the culture was
mapped. Significant savings were obtained by reducing the frequency, which
allowed the company to significantly reduce the loss reserves.
GM: Created in 2010 with the appointment of a chief risk officer. ERM
provides coverage for all GM functions and regions, including insurance and
claims management activity.
Sysco: Utilized outside resources to learn the “academics” of ERM and best
practices. Conducted interviews with management and board committee
chairs. Held prioritization workshops with executive management. Found an
ability to use a “common lens” to objectively evaluate very different risks.
Recording of this session via any media type is strictly prohibited.
Page 48
ERM Case Studies:
What was the structure and process of your ERM program?
Safeway:
• Much more aggressive claims management approach to eliminate
frequency.
• Cultural transformation: looked at both upside and downside potential of
risk and both behavioral economics (price) and behavioral safety (losses).
Compared previous trends with current to determine the savings value show the value of prevention.
• Also, bonuses were calculated based on the budgeted insurance/loss
number. Premium refunds were provided and process was made very
transparent.
• Modeling tools such as Monte Carlo were used, together with Six Sigma
processes, dynamic financial analysis and efficient frontier analysis.
Recording of this session via any media type is strictly prohibited.
Page 49
ERM Case Studies:
What was the structure and process of your ERM program?
GM:
• ERM team consists of a small core group plus approximately 40 executivelevel risk officers that represent all regional and functional areas.
• Monthly meetings to discuss top risks, mitigation plans, tools and
techniques, and emerging risk topics. The group determines what risks to
focus on and who is responsible for managing and mitigating them.
• Assigned teams are often multi-departmental. The risk owner is the senior
operating executive over the department most affected by the risk.
• Key risks are identified through a blue-sky thinking approach and company
objectives are layered on top. The key risks selected are presented to
senior management.
Recording of this session via any media type is strictly prohibited.
Page 50
ERM Case Studies:
What was the structure and process of your ERM program?
Sysco:
• Audit committee oversees the ERM process and recommends
assignment/oversight for each of the specific key enterprise risks to the
appropriate board committee.
• ERM process framework is reported annually to the board, but key risks
are reported quarterly by executive dashboard to the full board and
annually to the appropriate board committee.
• Each quarter a few of the top risks are selected for deeper review and
discussion. Each risk is reviewed and discussed by the board at least
annually.
• The risk assessment also captures “emerging and changing risks”.
• Currently transitioning to centralizing more risk via an ERP initiative.
Recording of this session via any media type is strictly prohibited.
Page 51
ERM Case Studies:
What is the involvement of ERM in the strategic process?
Safeway: The Culture of Safety program helps identify embedded risks
that can influence acquisitions and structural changes. The process is used to
support senior management in the due diligence process.
GM: The output of the strategic plan is evaluated from a risk perspective.
Stress tests are developed and presented for evaluation and possible impact
on the plan prior to it being finalized.
Sysco: Considers risks “of” and “to” the strategy. There is some degree of
setting strategic initiatives to address the key risks identified through the ERM
process and also aligning the enterprise risks with the strategy in mind.
Recording of this session via any media type is strictly prohibited.
Page 52
ERM Case Studies:
What was a major stumbling block?
Safeway:
Setting up the risk management system planning in order to eliminate project
risks was difficult. It was accomplished through using risk mapping peer
reviews with customers and through using retail language.
GM:
It is a bit of a shift to try and get everyone in a room and talk openly about
everything that can go wrong. However, with strong support from the top,
and a carefully selected team of risk officers, we believe we have cultivated
an excellent team that is open and challenges the status quo.
Recording of this session via any media type is strictly prohibited.
Page 53
ERM Case Studies:
What did you find to be most effective?
Safeway:
Positive observations had a great impact. Store manager centric experience
modifiers (ExMod), were very useful as well. We now use a three-year rolling
database. The ExMod stays with the store manager throughout their career
and is calculated each year for publication and comparison by retail
management.
GM: The big wins were the decision support tools—scenario analysis and
game theory, which were developed in house. The involvement in the budget
process made a big difference. The results of the stress tests contributed to
modification of strategic plans.
Recording of this session via any media type is strictly prohibited.
Page 54
ERM Case Studies:
How do you measure success?
Safeway: Cascade reports that measure frequency of claims per store per hour.
Divisions were charged with identifying three initiatives that move the needle:
what were the key performance indicators and processes that generate savings?
They fed certain behaviors over time to see if systems would change. The
process contributed to managing volatility across the system.
GM: Measured by the number of requests for participation received. Have been
able to contribute to process improvement and help management to make
more informed decisions. Everything we do should be adding value.
Sysco: KRIs were developed with early warning signs, and a process for
escalation. Identifying and addressing low-hanging fruit, using near-miss
learnings to feed ERM, and using game theory on complicated risks to
determine the best route forward.
Recording of this session via any media type is strictly prohibited.
Page 55
ERM Case Studies:
Recommendations:
Safeway: You need to understand who the company is, what the drivers are,
how decisions are made, what the key measures are and what the language of
the business is. You need to make sure you are in tune with cultural differences
and that you partner with the stakeholders instead of giving them direction.
GM: Sit with each of the senior leaders of the company and determine what
their desired outcomes are. What can the process do for them? What is
beneficial to them? The ultimate goal is to build a function that will satisfy
customers. One should not make the mistake to tell business/risk owners how
to do their job. The role of ERM is to help them think through and to make the
most informed decisions. This approach should be adjusted based on the
culture of the company.
Recording of this session via any media type is strictly prohibited.
Page 56
Agenda:
• Traditional RM vs. ERM
• Catalysts for ERM
•
•
•
•
Business Results
Board or C-Suite Impetus
Compliance and Regulatory Push
Rating Agency Pressure
• Risk Management Roles in ERM
•
•
•
•
•
•
•
•
What if ERM Is Led by Another Part of the Organization?
Collaborating with Other Internal Risk Management Functions
Translate Risk into Senior Executives’ Language
Aligning KPIs and KRIs
Demonstrating Value
5 Simple Steps to Transition to Enterprise Risk Management
ERM Case Studies
Exercise
Recording of this session via any media type is strictly prohibited.
Page 57
Exercise
Evaluating Enterprise Resilience
•
•
•
58
You are the Risk Director of Sprocket plc, reporting to the CFO on risk management,
insurance and business continuity across your enterprise
In light of increasing press speculation, the Board of Sprocket has voted in favor of an
aggressive bid for rival company, CLS
Board asked for an urgent review of risks and resiliency in the value chain
Recording of this session via any media type is strictly prohibited.
Page 58
Enterprise Risk Wheel
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 59
Exercise
Evaluating Enterprise Resilience
•
How will your ‘risk landscape’ change after the merger?
•
Identify potential disruption scenarios and possible impacts
•
What are risk assessment, mitigation and transfer options?
•
Underline and label the four area of the ERM Risk Wheel:
• Strategic
• Operational
• People
• Financial
• Market
60
Recording of this session via any media type is strictly prohibited.
Page 60
Recording of this session via any media type is strictly prohibited.
61 Page 61
Strategic risks
Threats and opportunities that influence the ability of the company to attain strategic
ambitions and remain viable:
• New product research and development
• Mergers and acquisitions
• Joint ventures and subsidiaries
• Intellectual property
• Management skills
• Brand or reputation issues
• And more…
62
Recording of this session via any media type is strictly prohibited.
Page 62
Operational risks
Adverse unexpected developments to business resulting from internal processes,
people, and systems, or from external events:
• Innovation risks
• Supply chain risks
• Growth risks
• People and talent risks
• Information technology risks
• Product liability risks
63
Recording of this session via any media type is strictly prohibited.
Page 63
People risks
changes are likely to affect the ability to attract and retain qualified staff
• Aging workforce globally – can companies assist in education and training?
• Moves in workforce from one geographic region to another
• skilled tradespeople
• Facilitate sharing of best practices
• Safety leadership and culture
• And more…
64
Recording of this session via any media type is strictly prohibited.
Page 64
Financial risks
cover risks related to accounting, treasury, pensions and fiscal, such as:
• Stock exchange
• Capital markets
• Liquidity
• Fraud
• Debtors/creditors
• Currency fluctuation
65
Recording of this session via any media type is strictly prohibited.
Page 65
Market risks
changes are likely to affect all market participants in a similar manner:
• Economic and political risks
• Growth risks
• Competition risks
• Governmental risks
• Regulatory risks
• Geographical spread
• Market share
66
Recording of this session via any media type is strictly prohibited.
Page 66
Financial Times reports that Sprocket is eyeing up CLS
Rumours abounded in the City this week that engineering group Sprocket was positioning
itself to make a bid for rival CLS. CLS’s share price rose by 10% to 319p.
CLS, which made profits of £95m in the last financial year, is thought by many to be ahead
of its rival in transforming itself into a services business. However, its profit stream is still
dominated by OEM manufactured products and the lucrative aftermarket in both the
automotive and aviation sectors. Analysts didn’t like CLS’s recent bid for the smaller French
firm Laroule which was designed to accelerate its diversification but was felt to be an
unduly ambitious and expensive move. This has resulted in the share price lagging behind
the market.
Sprocket, which is seen as having a more traditional manufacturing focus may be taking
advantage of CLS’s short term vulnerability to acquire the company. Sprocket has also been
criticised recently for its apparent reliance on specialist bottleneck production facilities at
its plant in Luxembourg. A merger could alleviate this in a stroke and while not without
other risks, there are significant synergies, with some analysts estimating immediate
annual cost savings of £50m. More importantly, a bigger company, with a focus on aviation
as well as automotive, looks better placed to expand its share of the UK ministry of
defence budget and various other markets, especially the Middle East.
Recording of this session via any media type is strictly prohibited.
Page 67
CLS annual report extracts
’Operating profit up 3% at £95m with gross margins up to 29% (27%). Operating
margins rose to 9.5% from 8.3% in 2008. This increase has been driven by
increased operational efficiencies, lower product costs, supplier rationalisation and
a developing supply chain in China.’
‘Our strategy is to continue to build global capability, to expand in emerging
markets and serve customers globally. This means working alongside our
customers in the territories that drive demand in the aviation and automotive
industries, channelling more products and services through our existing and
expanding organisation to strengthen local relationships’.
‘We are committed to building confidence in our own ever-expanding internal
knowledge base. CLS supports and resources joint projects and cross-divisional
initiatives in areas of operational excellence, such as product development, market
research, low-cost country sourcing and global supply chain.’
Recording of this session via any media type is strictly prohibited.
Page 68
CLS annual report extracts
‘The Group is committed to the protection of the environment in all the
countries in which its companies operate. Each CLS company will comply
with the relevant regulatory requirements applicable to its business. Each
CLS company will ensure that it acts as a good citizen in the community in
which it operates and adopt practices aimed at minimising the
environmental impact of its operations.’
‘Many CLS companies collaborate with suppliers to address environmental
considerations throughout the supply chain to our mutual benefit,
particularly in areas such as raw materials, packaging and recycling. We
focus our improvement efforts on the areas that have the most
environmental and financial impact’
Recording of this session via any media type is strictly prohibited.
Page 69
CLS Supply chain
‘The CLS Group sources components, materials and services on a world-wide
basis. Our suppliers are an integral part of the Group’s business.
Relationships with all suppliers are built on total quality practices and principles to
achieve best performance, product, delivery, service and total cost. We recognise
that our supply chain activities have a broad impact and that our responsibilities
extend beyond our own operations and into those of our suppliers.
The Group has, therefore, adopted a Supply Chain Policy to ensure that suppliers
to the Group comply with or exceed certain standards in connection with their
workforce, legal compliance, health and safety, business ethics and environmental
standards. Our key supplier partners are expected to either have accreditation to
OHSAS 18001 and ISO 14001 or be able to demonstrate a plan to achieve it within
a reasonable amount of time.
Recording of this session via any media type is strictly prohibited.
Page 70
CLS Supply chain
We recognise that our corporate responsibility also reflects the way we behave
towards our suppliers. The Group does not operate a standard policy in respect of
payments to suppliers and each operating company is responsible for agreeing the
terms and conditions under which business transactions are conducted, including
the terms of payment. It is Group policy that payments to suppliers are made in
accordance with the agreed terms. At 1 January 2010, the Group had an average
of 71 days purchases outstanding in trade creditors.’
Partnership with Star Precision
Following the closure of our Birmingham precision forging facility, sourcing of
forged components used in 70% of our finished products has been fully
transferred to our supply partner Star Precision in Nantong, China. Volumes
supplied to CLS account for around one fifth of Star’s total output, highlighting the
mutual benefit of the arrangement and we continue to work with Star to build this
important relationship.
Recording of this session via any media type is strictly prohibited.
Page 71
Analyst Update on CLS plc
Current price:
Market cap:
289p
£895m
12 month hi / lo: 301p / 230p
Recommendation: Hold
CLS is well positioned for growth but is vulnerable to an opportunist takeover if
it doesn’t clarify its strategy
Recent results highlights
• Resilient aftermarket contributed 54% of revenues
• Record operating profit benefiting from positive currency effect
• Margin benefit from stronger aftermarket, growing support services and cost
management
• Exceptional free cash flow generation
• Net debt halved in the year
• Stabilisation of Automotive order input
• Stronger current trading driving a more positive outlook for CLS
• Aviation to benefit from record order book
• 2010 expectations upgraded
• Expensive bid for Laroule threatens share price rating and would significantly
increase borrowings
Recording of this session via any media type is strictly prohibited.
Page 72
Analyst Update on CLS plc
While CLS delivered a sound set of results, we believe its expensive bid for Laroule
has damaged its reputation for clear thinking and could threaten its steady
progress towards being re-rated as a services company. This could make it
vulnerable to a bid, especially if rival Sprocket renews its long held interest in
consolidating the two firms’ operations.
The potential for cost savings and leveraging of respective positions in the defence
markets is a compelling proposition. However, there are possible downsides to a
merger including CLS’s uncertain reliance on one or two supply ‘partners’ in China.
The opportunity to consolidate the common supply base elsewhere is a doubleedged sword. For example, both CLS and Sprocket source special steels equally
from 2 European steel manufacturers and there would be increased buying power.
However, Sprocket’s reputation for relentless pressure on supply costs could be a
threat if it relies on this approach as part of its acquisition strategy. Some key
suppliers are still financially weak as a result of the recession and could be put into
further difficulty with an over-aggressive approach from customers like Sprocket.
Recording of this session via any media type is strictly prohibited.
Page 73
Analyst Update on CLS plc
Our analysis of Sprocket plc in January 2009 looked at the aftermath of the second
and more severe fire at its Glasgow plant in 2008 which destroyed a large part of
the forging and machining hall. We highlighted Sprocket’s decision following the
fire to consolidate critical precision forging operations at the core site in
Luxembourg and the danger of over-reliance on the one location. CLS’s
partnership with Star Precision in China could alleviate this vulnerability in the
event of a merger but the veil of secrecy surrounding this arrangement would
need to be lifted if investors are to be assured that it is soundly based.
Recording of this session via any media type is strictly prohibited.
Page 74
CLS due diligence highlights – resilience
• Some evidence of business continuity planning but inconsistent between
business units and nowhere near as structured as Sprocket’s own resilience
program
• Concern expressed by Operations Director of speed with which specialist forging
capabilities were shut down and manufacture transferred to China
• In-house precision forging capacity and skills remain in Poland but limited.
Forging capacity in Birmingham is obsolete with no associated skills remaining.
• Very impressive procurement policy (referred to in annual report) which appears
to have been followed through with most key European suppliers. Less so with
Chinese suppliers.
• Only a few examples where single sourcing policies are in place with no firm
back-up plans – see key suppliers below.
Recording of this session via any media type is strictly prohibited.
Page 75
CLS due diligence highlights – resilience
Given the strategic importance of Star Precision, while there are no immediate
concerns over product quality or delivery capabilities there is a concern over the
relationship with CLS
• no formal contract has yet been agreed, more than 12 months into the
partnership
• no discussions on joint business continuity planning
• no response to request for information on Star’s supply base
• CSL’s Technical Director currently in China with Star Precision to develop 12
month production plan, including contingency planning, and to reach long
term commercial agreement
Recording of this session via any media type is strictly prohibited.
Page 76
Exercise
Evaluating Enterprise Resilience
•
CLS, which made profits of £95m in the last financial year, is thought by many to be
ahead of its rival in transforming itself into a services business.
•
However, its profit stream is still dominated by OEM manufactured products and the
lucrative aftermarket in both the automotive and aviation sectors.
•
Analysts didn’t like CLS’s recent bid for the smaller French firm Laroule which was
designed to accelerate its diversification but was felt to be an unduly ambitious and
expensive move.
•
This has resulted in the share price lagging behind the market.
77
Recording of this session via any media type is strictly prohibited.
Page 77
Exercise
Evaluating Enterprise Resilience
•
CLS, which made profits of £95m in the last financial year, is thought by many to be
ahead of its rival in transforming itself into a services business
•
However, its profit stream is still dominated by OEM manufactured products and
lucrative aftermarket in both the automotive and aviation sectors.
•
Analysts didn’t like CLS’s recent bid for the smaller French firm Laroule which was
designed to accelerate its diversification but was felt to be an unduly ambitious and
expensive move.
•
This has resulted in the share price lagging behind the market.
78
Recording of this session via any media type is strictly prohibited.
Page 78
Exercise
Evaluating Enterprise Resilience
•
Sprocket, seen as having a more traditional manufacturing focus, may be taking
advantage of CLS’s short term vulnerability to acquire the company.
•
Sprocket has also been criticized recently for its apparent reliance on specialist
bottleneck production facilities at its plant in Luxembourg.
•
A merger could alleviate this in a stroke and while not without other risks, there are
significant synergies, with some analysts estimating immediate annual cost savings of
£50m.
•
More importantly, a bigger company, with a focus on aviation as well as automotive,
looks better placed to expand its share of the UK ministry of defense budget and
various other markets, especially the Middle East.
79
Recording of this session via any media type is strictly prohibited.
Page 79
Exercise
Evaluating Enterprise Resilience
•
Sprocket, seen as having a more traditional manufacturing focus, may be taking
advantage of CLS’s short term vulnerability to acquire the company.
•
Sprocket has also been criticized recently for its apparent reliance on specialist
bottleneck production facilities at its plant in Luxembourg.
•
A merger could alleviate this in a stroke and while not without other risks, there are
significant synergies, with some analysts estimating immediate annual cost savings of
£50m.
•
More importantly, a bigger company, with a focus on aviation as well as automotive,
looks better placed to expand its share of the UK ministry of defense budget and
various other markets, especially the Middle East.
80
Recording of this session via any media type is strictly prohibited.
Page 80
Some areas influencing resilience and,
ultimately, share price
Sprocket
CLS
•
•
•
•
•
•
81
Bottleneck production interdependencies
Merger gives alternative capacity
Fire record
Sprocket’s aggressive policy towards
suppliers
Other?
•
•
•
China partnership – uncertainties
(capacity, relationship, priority)
Supplier rationalisation
Special steels sources – leverage
vs. risk (financially weak)
Other?
Recording of this session via any media type is strictly prohibited.
Page 81
Next steps for analysis and improvement
• Some information given but limited . For example, quantities are required
• Internal risks – Business Continuity Management, company integration, and more
• Supplier and market risks – varied
82
o
Quantification, mapping and scenario analysis of business interruption exposure
o
Supply chain risk assessment and mitigation
o
Business continuity plan assessment and benchmarking
Recording of this session via any media type is strictly prohibited.
Page 82
Exercise conclusions
A reactive response is not enough. Must be proactive.
• Stakeholder are complex and far-reaching; communication is key.
• Risk Management can team with Supply Chain, Operations, HR, Finance and others.
• It is not only enterprise risk management but business performance improvement
•
So make the move, start gaining ground!
Build the bridge between existing risk practices
into Enterprise Risk and Resilience Management
83
Recording of this session via any media type is strictly prohibited.
Page 83
Questions and
Contact Information
• Linda Conrad – Director of Strategic Business Risk; Zurich
Global Corporate
[email protected]
410-371-9973
• Radu Demian - Director of Corporate Risk Management
and Compliance; Correctional Healthcare Companies
[email protected]
440-623-2472
Recording of this session via any media type is strictly prohibited.
Page 84
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All
sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and
procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may
serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice
and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the
accuracy of this information or any results and further assume no liability in connection with this presentation and sample
policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds
you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures
might not be appropriate under the circumstances The subject matter of this presentation is not tied to any specific insurance
product nor will adopting these policies and procedures ensure coverage under any insurance policy.
© 2014 The Zurich Services Corporation.
Recording of this session via any media type is strictly prohibited.
Page 85
Please complete the session survey on the RIMS14
mobile application.
Recording of this session via any media type is strictly prohibited.
Page 86