1 Enterprise Risk Management in a Rapidly Changing Environment RIMS ST. LOUIS CHAPTER PRESENTATION November 21 2019
1
Enterprise Risk Management in a Rapidly Changing Environment
RIMS ST. LOUIS CHAPTER PRESENTATION
November 21 2019
2
RIMS MISSION:
To educate, engage
and advocate for the
global risk
community
3
Discussion Topics
• The Future Ain’t What It Used to Be
• Disrupting What We Thought We Knew
• What Is the Next Evolution of Risk Management?
• What Do You Want Your Personal Brand to Be?
4
THE FUTURE
AIN’T WHAT IT
USED TO BEYogi Berra
5
Rapidly changing technological environment
6
Rapidly changing
social
environment
7
“One of the key findings of this year’s Global Risks Report is that inequality and polarization are now ranked in the top three as
underlying drivers of global risks.”Source: https://www.weforum.org/agenda/2017/02/global-risks-report-2017/
8 8
"The UN estimates that an average of 22.5m people a year have been displaced by natural disasters since 2008, yet this remains a trickle compared with the flood of refugees and migrants that could result from
the growing effects of global warming.”
Simon BaptistChief Economist, EIU
September 17, 2017
Rapidly changing
meteorological
environment
9
“By 2023, IDC
predicts, over half
(52%) of global GDP
will be accounted for
by digitally
transformed
enterprises. This
digital tipping point
heralds the
emergence of a new
enterprise species,
the digital-first
enterprise.”
Gil Press
Top 10 Tech Predictions for 2020
from IDC
Forbes
October 29 2019
10
DISRUPTING
WHAT WE
THOUGHT WE
KNEW
11
Transactional
Protect Assets and Balance Sheet
• Purchase insurance, hedge and
transfer risks when possible
• Indemnification after the fact
Focus on hazards,
liabilities and threats
Copyright RIMS, the risk management society 2017. All rights reserved.
12
• Prevent and reduce losses before/after incidents
(safety, security, business continuity, etc.)
• Avoid uninsured expenses and improve cash flow
• Viewed as separate (vertical) cost centers
Focus on
control
activities
Transactional
Protect Assets and Balance Sheet
• Purchase insurance, hedge and
transfer risks when possible
• Indemnification after the fact
Focus on hazards,
liabilities and threats
Defensive
Copyright RIMS, the risk management society 2017. All rights reserved.
Protect Organization’s Mission and Value
13
Risk-Related Issues
• Business Disruption
• Contamination
• Execution Failure
• Theft / Civil Unrest
• Data Breach / Cyber Attack
• Regulatory Omission
• IT Infrastructure Failure
• Financial Anomalies
• Worker / Public Injury
Adhering to risk management
policies on risk tolerance,
risk management authorities,
etc.
Ro
ot
Cau
se A
naly
sis
Measure uncertainties / deviations from plan
Adapted from: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
Assessment
14
Risk-Related Issues
• Business Disruption
• Contamination
• Execution Failure
• Theft / Civil Unrest
• Data Breach / Cyber Attack
• Regulatory Omission
• IT Infrastructure Failure
• Financial Anomalies
• Worker / Public Injury
Management Control Options
• Business Continuity Management
• Environmental Management
• Quality Assurance / Project Management
• Physical Security Management
• Privacy/Information Security Management
• Compliance Program Management
• IT Risk Management
• Financial Risk Management
• Safety Management
Adhering to risk management
policies on risk tolerance,
risk management authorities,
etc.
Accept, Avoid, Transfer, Share, Mitigate and/or Exploit
Ro
ot
Cau
se A
naly
sis
Controls
Assessment
(Audits)
Measure uncertainties / deviations from plan
Adapted from: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
Assessment
15
Create and Protect Value Throughout an Enterprise
• Horizontal competency in planning and activities
• Future- and objectives-focused
• Inform capital allocation decisions
• Improve efficiencies
Focus on
uncertainty
and
decision
making
• Prevent and reduce losses before/after incidents
(safety, security, business continuity, etc.)
• Avoid uninsured expenses and improve cash flow
• Viewed as separate (vertical) cost centers
Focus on
control
activities
Transactional
Protect Assets and Balance Sheet
• Purchase insurance, hedge and
transfer risks when possible
• Indemnification after the fact
Focus on hazards,
liabilities and threats
Strategic
Defensive
Copyright RIMS, the risk management society 2017. All rights reserved.
Protect Organization’s Mission and Value
16
Source: RIMS 2017 Enterprise Risk Management Benchmark Survey. All rights reserved.
Where are we now?
Well beyond the tipping point
17
WHAT IS THE
NEXT EVOLUTION
IN RISK
MANAGEMENT?Will we be disrupted or be disruptors?
18
Insurance
• Administering
Hazard
• Managing
Integrated
• Directing
Strategic
• Leading
1950’s – 60’s 1970’s – 80’s 1990’s 21st Century
19
How Do Board Members See It?
From RIMS “Voice at the Top” WebinarMarch 14, 2013
Special Guest: Douglas W. LeatherdaleRetired Chairman and Chief Executive Officer, The St. Paul Companies, Inc.
Board Member:United Health Group Xcel EnergyNumerous societies and philanthropic organizations
20
Make sure that there is a
risk management system in
place in each business that
includes effective risk-
control mechanisms as well
as information systems that
flow up to senior
management
Shape the risk principles and policies
of the company, track the capital risk
capacity of the company, define who is
responsible for managing the specific
risks within the organization, and
provide a framework for judging the
effectiveness of risk-taking
Board’s View of Risk Management’s Primary Roles
What
else? Quote Sources: “Point Of View: A Special Issue Focusing On Today’s Board & CEO Agenda” 2010 spencerstuart.com
21
Strategy and Objectives
“Ecosystem” Risks
Business Unit Risks
Process and Behavior Risks
Unique Risks
- WHERE - - WHAT - - HOW -
Risk Triangle Risk FrameworkProcess, Tools &
Techniques
Game Theory
Risk Sensing
Interconnected Analyses
Root Cause Analyses
Traditional Assessments
22
Financial &
Safety Risks
Expected performance
Value of Organization Portfolio
across the Enterprise
Graphic Source: Dr. Carl Spetzler at RIMS Risk Summit 2017 in Palo Alto CA. All rights reserved.
Where are we seen to be now?
23
Effect of
Uncertainties Value of Organization Portfolio
across the Enterprise
Risk management competencies + process = informed decisions and improved performance
Graphic Source: Dr. Carl Spetzler at RIMS Risk Summit 2017 in Palo Alto CA. All rights reserved.
Where do we want to be?
24
WHAT DO YOU
WANT YOUR
PERSONAL
BRAND TO BE?
25
You are in charge of your brand.
Tom Peters, 1997
Mission
Team player
Exceptional Expert
Businessperson
Visionary
What do you want to be known for?
26
Personal Branding
What are you
known for?
“I know it all … I just can’t remember it all at once.”
27
What are the implications in taking an ERM approach?
Proactive
Reactive
• Objectives Focused
• Predictive Indicators
• Foresight
• Strategic
• Creates and captures value
• Event Focused
• Post Action Response
• After-thought
• Transactional
• Protects Value
Expanding personal and organizational risk management competencies
27Copyright © 2018 Risk and Insurance Management Society, Inc. All rights reserved.
28
The Evolving Role of the Risk Professional
Source: RIMS Executive Report: The Evolving Role of the Risk Professional 2012
29
The Role of a Risk Management Professional
A risk management professional is a partner who supports the organization to leverage the opportunities and uncertainties associated with its goals and objectives.
- From RIMS-CRMP Handbook
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
Risks related
to goals and
objectives
30
The Role of a Risk Management Professional
Enterprise-wide risk
management professionals and practices
Safety and Health
Information Security
Business continuity
Insurance
Environmental
Risk management professionals [across multiple specialties] lead the development and implementation of risk management practices that enable an organization to make risk-effective decisions that create and sustain value.
- From RIMS-CRMP Handbook
What’s new?
Focus on decision-making and enterprise performance
31
Is Your Brand Evolving?• Risk management is evolving from “a second line of defense only”
to playing “offense and defense”.
• The board expects information - not just data - focused on strategic
risks that can either improve or worsen the organization’s position.
• The new breed of risk professional must act as risk leader,
capability architect and strategic advisor.
• Forging “strategic alliances” throughout the organization helps in
avoiding shipwrecks.
• Broader competencies (i.e., an evolving skill set) translate into
higher compensation levels.
32
33
Demonstrates insight and leadership
Exhibits integrity and honesty
Communicates effectively
Actively listens and comprehends simple and complex issues
Fosters a collaborative and consultative environment
Applies technical and business knowledge areas to needs of the organizationC
OR
E C
OM
PE
TE
NC
IES
34
Challenge: Modifying Your BrandHigh appetite
for risk
Low tolerance
for risk
Risk profile
Tactical Strategic
Organizational mind-set
Image makers Adventuresome visionaries
Daily operators Operational leaders
Risk Manager
Internal Auditor
Controller
CRO
CIO
COO
CFO
Sales
Marketing Line Executive
CEO
Strategist
Source: IBM Global Business Services, The Global CFO Study 2008
35
CERTIFICATION
OF RISK
MANAGEMENT
PROFESSIONALS
36
With the accreditation of the RIMS-CRMP by the American National Standards Institute (ANSI) under
the rigorous ISO/IEC 17024:2012 certification of individuals requirements:
• RIMS is the only risk management certification to currently have earned such status;
• RIMS-CRMP conforms to ISO international standard requirements;
• RIMS is one of the youngest programs to earn ANSI accreditation in any industry;
• An independent third-party has evaluated and approved the RIMS-CRMP certification program, its
processes and procedures;
• RIMS commitment to continuous quality reviews and improvements is validated.
37
Risk Management Proficiency Domains
Analyzing the Business Model
Designing Organizational Risk Strategies
Implementing the Risk Process
Developing Organizational Risk Competency
Supporting Decision Making
√
√
√
√
√
38
Education and/or Experience
Competencies Tested
Continuing Education Requirements
Uphold Professional Code of Ethics
Periodic Recertification
CE
RT
IFIC
AT
ION
CO
MP
ON
EN
TS
39
Risk management has evolved to fundamentally
change the way organizations think about
risk.
Risk management can change future outcomes
… for the better.
Risk management enables better overall decision-
making and performance.
Risk management professionals possess the knowledge, education and experience to successfully
manage risk and create value for their organizations.
40
RIMS MISSION:
To educate, engage
and advocate for the
global risk
community