ERM_Presentation_SuretyCredit_111413
Post on 01-Nov-2014
349 Views
Preview:
DESCRIPTION
Transcript
CONSTRUCTION ENTERPRISE RISK MANAGEMENT
2013
WWW.DIRECTSURETY.COM
A Risk Factor is something that can cause harm. It is a poor business condition or practice that can negatively impact a company.
R
I
S
K
01. DEFINITIONS
In business terms . . .
WWW.DIRECTSURETY.COM
CHARACTERISTICS OF RISK FACTORS
FOOD CONSTRUCTION
Vary by industry and importance . . .
WWW.DIRECTSURETY.COM
CHARACTERISTICS OF RISK FACTORS
Applicable by type of contractor . . .
WWW.DIRECTSURETY.COM
Risk is the likelihood of harm. The likelihood that profitability and shareholder value will be negatively impacted.
R
I
S
K
02. DEFINITIONS
Again, in business terms . . .
WWW.DIRECTSURETY.COM
ENTERPRISE RISK MANAGEMENT (ERM)
WHAT IS IT?
ERM is a business management process . . .
WWW.DIRECTSURETY.COM
ENTERPRISE RISK MANAGEMENT (ERM)
01. ERMIs not a project, but a process that develops within an organization, driven and supported by senior management
02. ERM
Becomes part of the operational culture of the organization with process owners and drivers
03. ERMIs not an off-the-shelf product that works for everyone
ERM begins with the development of a risk strategy that is linked to and supportive of the overall business imperatives of the corporation.
WWW.DIRECTSURETY.COM
• A holistic risk management process
• An integrated risk management process
TO THE TECHNICIAN
• A way of managing my business
TO THE LAYMAN
ERM SPEAK
WWW.DIRECTSURETY.COM
RISK ASSOCIATED WITH CONDITIONS AND PRACTICES
Quantitative Risk Data
Qualitative Risk Data
Actuarial Analysis
Observational Analysis
+ERM: WHAT KIND OF RISK IS ADDRESSED?
The Complete Risk Profile=
WWW.DIRECTSURETY.COM
WHAT’S ITS PURPOSE?
ERM
WWW.DIRECTSURETY.COM
To raise profitability by controlling business risk.
WWW.DIRECTSURETY.COM
BY
BY Removing business conditions and practices that negatively impact profitability
How is profitability maximized?
Installing business conditions and practices that positively impact profitability
ENTERPRISE RISK MANAGEMENT (ERM)
WWW.DIRECTSURETY.COM
1970s 1980s 1990s - Present1960s
HISTORY OF ERM DEVELOPMENT
Hazard Risk and Financial Risk Management
Hazard Risk Management, Financial Risk Management,
Operational Risk Management
Management of Hazard Risk,
Financial Risk, Operational Risk,
Strategic Risk
Hazard Risk Management
WWW.DIRECTSURETY.COM
1
TRADITIONAL RISK MANAGEMENT
WWW.DIRECTSURETY.COM
4
ENTERPRISE RISK MANAGEMENT (ERM)
WWW.DIRECTSURETY.COM
RISK MANAGEMENT THINKING HAS EVOLVED
OLD THINKING NEW THINKING
• No strategy
• Limited to certain areas
• Analysis in silos
• Risks not owned
• Inspect, detect, react
• Correlation among risks not understood
• Risk strategy linked to business strategy
• Risk culture created throughout the enterprise
• Continuous, systematic process with integration
• Responsibilities clearly defined
• Anticipate, manage, optimize, monitor
• Quantified, aggre- gated, studied for interrelationships
• Risk is a key consideration for financial decision making
WWW.DIRECTSURETY.COM
INDUSTRIES THAT HAVE ADOPTED ERM
65%of Public Firms
Financial Services
Source: Excellence in Risk Management VI, Marsh | RIMS
EnergySector
HealthCare
Transportation Education
Newcomers: Construction &
Mining
WWW.DIRECTSURETY.COM
01 02
03 04
COMPLIANCE TRANSPARENCY
COMPETITION TECHNOLOGY
ERM IMPLEMENTATION DRIVERS
Public Companies
Public and Private Companies
WWW.DIRECTSURETY.COM
Committee of Sponsoring Organizations Professional Risk Manager’s International AssociationInternational Risk Management Institute
Casualty Actuarial Society
COSO:
PRMIA:
IRMI:
CAS:
ERM-II:
SUPPORTING ORGANIZATIONS OF THE ERM FRAMEWORK
Enterprise Risk Management International Institute
WWW.DIRECTSURETY.COM
BENEFITS OF CONTROLLING STRATEGIC RISKS
ENSURES SOUND DECISION MAKING
How: By adjusting managerial business approach and policies
WWW.DIRECTSURETY.COM
BENEFITS OF CONTROLLING OPERATIONAL RISKS
IMPROVES OPERATIONAL EFFICIENCIES
How: By installing more cost effective and accurate internal systems
WWW.DIRECTSURETY.COM
BENEFITS OF CONTROLLING FINANCIAL RISKS
MAINTAINS AVAILABILITY OF
CREDIT & MANAGES COST OF FUNDS
How: By improving outside relationships and considering all “what if” scenarios
WWW.DIRECTSURETY.COM
BENEFITS OF CONTROLLING HAZARD RISKS
REDUCES THE CONSEQUENCES OF UNCONTROLLABLE
LOSSES
How: By increasing safety and obtaining adequate coverage for potential losses
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk
Develop an action plan, plus determine what risks to control
and assign responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk
Develop an action plan, plus determine what risks to control
and assign responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
01 02
03 04
UNCONTROLLED RISKUNDER PERFORMANCE
CONTROLLED RISKMAXIMUM PERFORMANCE
IDENTIFYING RISK FACTORS
VS.
WWW.DIRECTSURETY.COM
CATEGORIZING RISKS MAKES IT SIMPLE
Business Approach
Bid Process
Information Transfer
Accounting
Procedures
Sales Methodolog
y
Construction
Management
Credit Status
Insurance Coverage
Safety Practices
WWW.DIRECTSURETY.COM
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk:• Assess the level of risk• Quantify the results• Report the findings• Recommend action
Develop an action plan, plus determine what risks to control
and assign responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
RISK ANALYSIS IS THE KEY
WWW.DIRECTSURETY.COM
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
PURPOSE: ANALYZE PRESENCE OF RISK
RISK ASSESSOR IS THE KEY HOLDER
WWW.DIRECTSURETY.COM
PURPOSE: ASSESS THE PROBABILITY OF HARM
HOW:
1) Develop an understanding of the in-place Risk Controls associated with a specific Risk Factor
2) Determine the likelihood (probability) that the status of the existing risk controls will cause harm
KEYHOLDER’S RESPONSIBILITY
WWW.DIRECTSURETY.COM
Invites subjectivity and threatens accuracy
+
MAKING THE RISK ASSESSMENT
Choices:Option A – Use Best Judgment
WWW.DIRECTSURETY.COM
Removes subjectivity and promotes accuracy
+Choices:Option B – Use a Measurement Guide
MAKING THE RISK ASSESSMENT
WWW.DIRECTSURETY.COM
• Lower probability of a match
1) MANY LEVELS
• Higher probability of a match
2) A FEW LEVELS
WHAT SCALE SHOULD BE USED?
WWW.DIRECTSURETY.COM
DETERMINING CONTROLS PRESENT
ASK QUESTIONS LOOK AT EVIDENCE VERIFY FUNCTIONALITY
WWW.DIRECTSURETY.COM
HOW IS A GOOD ASSESSMENT PERFORMED?
01. Meet the Right
People
02. Ask the Right
Questions
03. Collect Pertinent
Evidence
Simple
WWW.DIRECTSURETY.COM
1) IN-HOUSE PERSONNEL
2) OUTSIDE INDEPENDENT
TYPES OF ASSESSMENT
WWW.DIRECTSURETY.COM
PURPOSE: ANALYZE PRESENCE OF RISK
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
RISK ANALYSIS IS THE KEY
WWW.DIRECTSURETY.COM
QUANTIFYING THE RESULTS
Severity of Impact x Likelihood of Harm (Consequence x Risk)
= Risk Score
A Measure of Risk Exposure
WWW.DIRECTSURETY.COM
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
PURPOSE: ANALYZE PRESENCE OF RISK
RISK ANALYSIS IS THE KEY
WWW.DIRECTSURETY.COM
Overview of Risk Analysis Performed
Summary of Risk Factors Reviewed
Explanation of Risk Assessment TechniqueResults of the Risk Assessment• Risk Map• Scoring Summary
High Risk Categories, Conditions & Practices
REPORTING THE FINDINGSTypical Report Contents:
WWW.DIRECTSURETY.COM
HOW:
1) Assess the level of risk
2) Quantify the results
3) Report the findings
4) Recommend action
PURPOSE: ANALYZE PRESENCE OF RISK
RISK ANALYSIS IS THE KEY
WWW.DIRECTSURETY.COM
RECOMMEND CONTROLS
CONTROLS NECESSARY TO MITIGATE RISK
• Change or install policies• Implement new procedures• Improve existing procedures
Practices:
• Change the environment• Revise decision making
Conditions:
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk
Develop an action plan: determine what
risksto control and assign
responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
RISK PRIORITIZATION MAP
Control Soon
Control
Control Now
Low
High
High
Likelihood
Sev
erity
WWW.DIRECTSURETY.COM
Options available:• Accept = monitor• Avoid = eliminate (get out of
the situation)• Reduce = institute controls• Transfer = move risk
elsewhere (e.g., insurance)
RESPONDING TO RISK – OPTIONS
Possible responses to risk
WWW.DIRECTSURETY.COM
KEY QUESTIONS
1) What risks will the organization not accept? (e.g., fraud, errors, quality comprises)
2) What risks will the organization take on as new initiatives? (e.g., new types of work, geographies or difficulties)
3) What risks will the organization accept for competing objectives? (e.g., light on working capital, exhausted resources)
RESPONDING TO RISK - PRIORITIES
WWW.DIRECTSURETY.COM
Projected Earnings at Risk
versus
Financial Gains to be Realized
RESPONDING TO RISK – APPETITE
Risk appetite: The amount of risk – on a broad level – an entity is willing to accept in pursuit of value.
WWW.DIRECTSURETY.COM
1. Consider the degree to which a response will reduce likelihood of harm
2. Examine cost versus benefit of potential risk responses
3. Select response based on evaluation
4. Fully understand residual risk (unmitigated risk)
RESPONDING TO RISK – EVALUATE OPTIONS
Evaluate options in relation to risk appetite.
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk
Develop an action plan, plus determine what risks to control
and assign responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
Occurs throughout the organization
Implementation is driven by ERM policies and procedures that help ensure that the risk responses are carried out
Occurs at all levels in all functions
Implementing Risk Controls
Typically assignable to risk owners, not risk managers
WWW.DIRECTSURETY.COM
STEPS TO SUCCESSFUL IMPLEMENTATION
• Identify objectives• Assign
responsibilities• Set deadlines
• Track progress• Complete installation
• Test the control
WWW.DIRECTSURETY.COM
02. RISK ANALYSIS
03. RISK RESPONSE
01. RISK FACTOR IDENTIFICATION
Identify all potential risk exposures
Analyze presence of risk
Develop an action plan, plus determine what risks to control
and assign responsible individuals
THE ERM PROCESS
04. RISK CONTROL
Implement a solution to reduce or transfer the
risk
05. RISK MONITORING
Observe the completed implementation and report the results
WWW.DIRECTSURETY.COM
• Track the performance of new or improved controls
TRACKING TO BE DONE:
• Verify that the controls remain intact and functional
VERIFICATIONS TO OBTAIN:
TRACKING AND VERIFYING CONTROLS
WWW.DIRECTSURETY.COM
FINAL RESULT
ERM
WWW.DIRECTSURETY.COM
ERM IMPROVEMENT CYCLE
WWW.DIRECTSURETY.COM
IMPLEMENTATION – NO FREE LUNCH
TIME COMMITMENTRESOURCES
WWW.DIRECTSURETY.COM
IMPLEMENTATION – ROI
Cost of Labor for Running ERM
vs
Savings from Avoidance, Transfer, or
Mitigation of Risk
A simple calculation
WWW.DIRECTSURETY.COM
1) Embrace risk awareness
2) Assign a risk management leader
3) Install a risk-minded culture
4) Grow to understand your own risk exposures
5) Begin the search for risk factors
6) Learn how to effectively assess risk
7) Perform a complete risk analysis
8) Establish a routine risk assessment schedule
9) Set ERM in motion
ERM IMPLEMENTATION – HOW TO
A path to success . . .
WWW.DIRECTSURETY.COM
THANK YOU FOR YOUR TIME
ERM
WWW.DIRECTSURETY.COM