Aligning Business Continuity and Risk Management Workshop · Aligning Business Continuity and Risk Management Workshop What are the Opportunities for Functional Alignment And How
Post on 12-Jun-2020
2 Views
Preview:
Transcript
Aligning Business Continuity and
Risk Management Workshop
What are the Opportunities for Functional Alignment
And
How Can We Make it Happen?
Chris Mandel, CRMP, RF, CPCU, ARMe
SVP, Strategic Solutions, Sedgwick &
Director, Sedgwick Institute
Today’s Agenda
• Risk Management Priorities
• Key Risk Stakeholders
• Risk & Resilience
• Managing Along the Loss Curve
• The Risk Mgmt and Business Continuity
Opportunity
• Interactive Exercise: Making it Happen
3
Value
Time
Financial
Operations
Management
Strategy
Enterprise Risk Management
• Focus: Strategic and Operational
Risks
• Scope: Support Business
Objectives/Consistent, Systematic
Risk Management Practices/Risk as
a Differentiator
Advanced Risk
Management
• Focus: Individual Business
Risks
• Scope: Mitigation of
Controllable Risks/Manage
Risk as an Expense
Defensive Risk
Management
• Focus: Hazard and
Casualty Risks
• Scope: Risk
Transfer/Insurance/Los
s Prevention or
Mitigation of
Insurable Risks
Copyright Sedgwick CMS. All Rights Reserved 4
A Strong Migration Toward Strategic Influence
A Common Paradigm of Uncertainty
WHILE THE RISKS LESS UNDERSTOOD ARE DIFFICULT TO ADDRESS,
THEY ARE OFTEN SO SUBSTANTIAL IN IMPACT, THEY CAN’T BE IGNORED
“There are known knowns. These are things
that we know that we know. There are known
unknowns. That is to say, there are things we
know we don’t know, but there are also
unknown unknowns. These are things we
don’t know we don’t know.”
Donald Rumsfeld, U.S. Sec of Defense (2002)
5
Do Some Risks Matter More Than Others?
6
FR
EQ
UE
NC
Y/L
IKE
LIH
OO
D
SEVERITY/IMPACT
Emerging Risks and the Loss Curve
X Expected
Losses
EMERGING RISKS?
Copyright ERM, LLC: All rights reserved;
distribution prohibited without permission
Risk Types: A Starting Point for a Common View
Strategic
• Acquisitions
• Business Model
• Competition
• Demographic Changes
• Disruptive innovation
• Market
• Etc.
Operational
• Customer service
• Infrastructure
• Processes
• System capabilities
• Talent
• Etc.
Financial
• Capital
• Cash flow
• Credit
• Debt obligations
• Foreign exchange
• Liquidity
• Etc.
External
• Economy
• Environment
• Geopolitical
• Regulatory
• Tax policies
• Weather events
• Etc.
8
Top 10 Risks for 2017
Economic Conditions
Regulatory Changes & Scrutiny
Cyber Threats
Speed of Disruptive Innovation
Privacy/Identify Mgmt
Success/Attract/Retain Talent
Global Markets & Currency Fluctuations
Org Culture & Risk Issue Escalation
Resistance to Change
Sustaining Customer Loyalty &
Retention
Survey by Protivit and NC State Univ ERM Initiative
Traits of Emerging Risks
Emerging Risks
High Level of Uncertainty
Lack of Consensus
Uncertain relevance
Difficult to Communicate
Difficult to Assign
Ownership
Systemic or “business practice” issues
Source: RIMS Executive Report Emerging Risks and Enterprise Risk Management © 2010 RIMS
10
Top 5 “Uninsurable” Risks
• Nuances and Complexities
• Regulation
• Reputation
• Trade Secrets
• Political Risk
• Pandemic Risk
Source: Risk and Insurance magazine 9/1/14
MOST RISKS ARE NOT INSURABLE
Common & Overlapping Stakeholders?
12
Risk Management Stakeholders
Key Focus
Targeted Outcome
Enterprise Risk Management Process
Enterprise Risk Management
Risk Process Effectiveness
Identification and Management of Significant Risks
Process Efficiency
Process Efficiency
Effective & Efficient Process
Execution
Internal Audit
Control Testing
Effective
Controls
Compliance
Compliance Risks
Regulatory Compliance
Controller
Financial Reporting
Sox 404 Compliance
Business Units
Business Performance
Controlling Risks to as well as
Meeting Objectives
Unified Strategy
RISK APPETITE STRATEGY
Steps to Getting Ahead of Emerging Risks
Establish a specific process to uncover the unknown or poorly understood threats to businesses
Bringing key stakeholders together to address the risks efficiently & sensibly
Facilitate the drive for consensus among contributors to scenario planning
Review and eliminate or defer low relevance risks
Leveraging emerging risk processes for competitive advantage
Bring forth and highlight risks that lend themselves to exploitation
Key questions addressing risk appetite strategy
• How much risk are we taking?
• How much risk can we take?
• How much risk do we prefer to take?
• How much risk do we need to take to reach our strategic goals?
• Which risks do we want to take and which risks are unacceptable to take and why?
• What is the gap between capacity and need?
• If the gap is large between need and capacity, how and which strategies need to be modified?
• What is the cost/benefit of key gap closing activities?
Workshop Exercise
Preliminary Discussion Questions
• To what extent does your organization have alignment
or integration between BCM and ERM?
• If so, what does it look like?
• How well does it perform?
• What are the key advantages?
• Who owns resilience?
Workshop Exercise
As most organizations still organize and manage BCM
separately from ERM, this exercise will explore the
hurrdles to better alignment and even integration.
The folllowing challenges were documented in a recent
study/white paper by pwc. Let’s explore each one and
discuss ways in which organizations can overcome these
challenges using your knowledge and experiences as a
basis for guided action.
Question 1
• What are the goals that BCM and ERM have or should
have in common?
Question 2
• What are some symptoms of misalignments between
ERM and BCM that reduce functional effectiveness?
And
• What can practitioner leaders do to address these
issues?
Question 3
• What are the alignment/integration opportunities?
and
• How best can these be achieved?
Risk Maturity
The RIMS’ Risk Management Maturity
Model
Root Cause Discipline
Degree of discipline applied to measuring root cause by: 1) determining sources 2) understanding impacts 3) identifying trends, and 4) measuring effectiveness of controls .
Risk Appetite Management
Degree of accountability for (1) defining acceptable boundaries 2) calculating and articulating risk tolerance 3) developing a risk portfolio 4) considering scenarios, and 5) attacking gaps between
perceived and actual risks.
ERM Process Management Degree that a repeatable and scalable risk management process is integrated into business and resource/support units, using a sequential series of steps that support uncertainty reduction and
promote opportunity exploitation.
Adopt ERM Approach
Denotes the degree of executive support for an ERM-based approach within the corporate culture. Activities cut across all processes, functions, business lines, roles and geographies.
Business Resiliency and Sustainability
Extent to which an organization integrates business resiliency and sustainability aspects for its operational planning into its ERM process.
Performance Management
Degree to which organizations are able to execute on vision and strategy in tandem with risk management activities.
Uncovering Risks
Degree of quality and coverage (penetration) throughout the organization for uncovering uncertainties related to organizational goals achievement.
Copyright Sedgwick CMS. All Rights Reserved
BCM Maturity
1. Self-Governed
2. Supported Self-Governed
3. Centrally-Governed
4. Enterprise Awakening
5. Planned Growth
6. Synergistic
BCM Competencies
Leadership – Commitment and Understanding
BC Awareness – Breadth and Depth of Concepts
BC Program Structure – Scale and Appropriateness
Program Pervasiveness – Level of coordination
Metrics – Monitoring performance
Resource Commitment
External Coordination
The ERM & BCM Nexus
• •The link between the management of an
organization’s risks and its key objectives is central to
good ERM & should be for BCM
• ERM taps into risk correlations, interdependencies & a
portfolio view that is equally relevant to BCM
• •When BCM and ERM collaborate reactivity evolves
into more proactivity in the treatment of risk
• There‘s greater value to everyday decision-making
through BCM/ERM collaboration
The ERM & BCM Nexus
• Organizations that integrate ERM into their strategic
planning also realize that BCM enhances their value
creation and protection objectives
• Identifying and appropriately addressing interruption
risks create confidence that enables organizations to
more boldly execute strategic plans
• Synergies between BCM and ERM are plentiful but are
they exploited?
• Alignment and Integration challenges are also plentiful,
but are not insurmountable & are often ignored
Risk & BC Pyramid
Working Collaboratively Between Risk and BC will support a
Culture of Risk Awareness and Resilience
$
Risk Managed
Aligned Processes
Collaborative Communications &
Knowledge
Shared Accountability for a Resilient Enterprise
Standard based Risk & BC
Framework & Process
Take-a-ways
• Resilience is an emerging priority for risk managers
• Risk and BC have many common interests including:
– Understanding the unknown or poorly understood threats to
businesses
– Leveraging scenario analysis to drive consensus among
stakeholders about relevant scenarios
– Leveraging stakeholders and resources to embed a resilience
strategy into the culture
• Developing and leveraging emerging risk processes to
get ahead of black and grey swans
• Building competitive advantage & ensuring efficiencies
through the optimization of risk and BC processes
Parting Thought
“A decision that doesn’t involve risk probably
isn’t a decision.” - Peter Drucker
31
Influencing Change in the Industry
Join the Conversation
Thank you
Chris Mandel, RF, CPCU, ARM-E
SVP Strategic Solutions, Sedgwick
& Director, the Sedgwick Institute
Chris.Mandel@sedgwick.com Chris.mandel@sedgwickinstitute.com
“The Ten Building Blocks of Risk Leader Success”
Available for free at www.irmi.com
Visit the agenda of the Sedgwick Institute at:
www.LinkedIn.com Sedgwick Institute group
Other References of Interest:
Latest thinking in the industry at: www.Insurancethoughtleadership.com
WC Option Legislation: www.ARAWC.org
www.sedgwickcms.com www.sedgwickinstitute.com
Christopher E. Mandel is engaged, in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility.
Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004 and received RIMS’ Goodell Award in 2016.
Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment.
Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008.
CONTACT: Chris.Mandel@sedgwick.com 210-698-8056 o 210-845-5804 m https://www.sedgwick.com
36
© 2016 Sedgwick Claims Management Services, Inc. - Do not disclose or distribute.
top related