Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | dorothy-gardner |
View: | 217 times |
Download: | 1 times |
A Private Sector Voice for Competitiveness
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
Mission
The Council on Competitiveness is the only group of corporate CEOs, labor leaders and university presidents committed to ensuring the future prosperity of Americans through enhanced U.S. competitiveness in the global economy and the creation of high-value economic activity in the United States.
From Security to Enterprise Resilience
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
2003: Symposium on Creating Opportunity out of Adversity
2005: Formation of the Competitiveness and Security Steering Committees
2006: Sector Case Studies to Identify Business Case for Security
• Chemical, Electric Power, Financial Services, Oil and Gas, Pharma
Oct 2006: NASDAQ meeting. Aha! moments:
• This is about risk and resilience, not about security.
• ERM systems don’t assess operational risk exposure well
• Market makers (audit, insurance, ratings analysts) don’t value resilience
• Corporate Boards are “In the Dark”
• A business case cannot be made by focusing on high impact, low probability events
Be Careful Out There
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
The world is becoming turbulent faster than organizations are becoming resilient. Technological discontinuities, regulatory upheavals, geopolitical shocks, industry de-verticalization and disintermediation, abrupt shift in consumer taste and hordes of non-traditional competitors – these are just a few of the forces undermining the advantages of incumbency. Hamel and Valikangas
Not to mention IT and supply chain disruptions, interdependencies, pandemics, climate change ….
Thriving in the Turbulent Economy
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
Risks are increasing because of:
•Complexity (technology, infrastructure)
•Connectivity (global interdependence)
•Pace and potential for cascading effects
The ability to manage the risks of turbulence will be a competitive differentiator for companies – and for countries in a global economy.
What Keeps CEOs Up At Night
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
Top 10 Enterprise Risks
1.Damage to Reputation
2. Business Interruption
3. Third Party Liability
4. Supply Chain Failure
5. Market Environment
6. Regulatory/Legislative Changes
7. Failure to Attract or Retain Staff
8. Technological Failure
9. Failure of Disaster Recovery Plan
10. Loss of Data
Aon, 2007
The Importance of Operational Risk Management
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
Six of the top ten enterprise risks that keep CEOs up at night are operational risks
and many of the others stem from a failure to manage operational risks effectively.
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
No Bridges: Risk management is segmented in different silos that have weak communications links between the silos and often none to business strategy and revenue growth.
Lack of Tools: The tools, models and talent to manage operational risk are less sophisticated than those applied to manage market and credit risk, although operational risks are rising.
Lack of Metrics: There are no metrics for effectiveness or return on investment, and no standards for best practice.
Lack of Market Incentives: Market mechanisms don’t reward investment in risk management and resilience.
What’s the Problem
Challenges for Operational Risk Managers
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
•Establishing a common language
•Conversion of qualitative assessment into meaningful data
•Creation of leading, not just lagging indicators
•Understand interdependencies and cascading failure paths
•Move from compliance to business-led discipline
•Identify reporting indicators that matter to management
•Create the upside business case, not just loss avoidance
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
Manage Outcomes, Not Triggers- Infinite number of risks, finite number of effects
Link Risk to Value Creation, Not Just Value Protection- Companies make money by taking risks and lose money by failing to manage them
Embed Risk Management Processes into Every Position- Everyone is accountable for risk management, but what is their accountability?
Things to Think About for Companies
Best Practices: Risk Management DuPont Style
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
2/25/2007
10
Traditional Risk ManagementRisks as individual hazards
Risk identification and assessment
Focus on all risks
Risk mitigation
Risk limits
Risks with no owners
Haphazard risk quantification
Risk is not my responsibility
Enterprise Risk ManagementRisk in context of business strategy
Risk “portfolio” development
Focus on critical risks
Risk optimization
Risk strategy
Defined risk responsibilities
Monitoring and measurement
Risk is everyone’s responsibility
Risk Management Transformation
Best Practices: Dispensing with Risk Silos
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
2/25/2007
11
DuPont Risk DomainsDuPont Risk Domains
TotalBusiness
Risk
BusinessModel Risk
Event Risk
Op
era
tio
na
l
Ris
k
IT Risk
EmployeeRelations
RiskProduct
Risk
CompetitionForces
FinancialRisk
EquityRisk
Productrisk
Shareholdermanagement
Settlementmechanisms
Creditratings
Pricing riskMarket
segmentation
Marketsharerisk
Forecastingrisk
R&Drisks powerSkill
Mix
Coststructure
frauds
Productliability
Errors &omissions
Networksecurity
Outsourcingrisk
Capacityutilization
risk
Technology
choices
Controlsculture
CreditRatingshift
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
What would drive private sector demand for critical infrastructure protection? •To what extent Is operational risk management the flip side of CIP?
Why Do the Markets Undervalue Risk? •Why are there limited incentives from the market-makers for managing risk effectively – ratings, audit and insurance industries?•What information do the markets need to assess and compare risk management practices?
What Should Government Do to Strengthen the Rewards for Effective Risk Management?•Carrots or Sticks? •SEC Disclosure for Material Risk? •Sarbox?
Things to Think About for Policymakers
COUNCIL ON COMPETITIVENESS: ENTERPRISE RESILIENCE
This Field is Becoming a Tower of Babel
Folks are are using words like resilience, protection, disaster management, business continuity and security almost interchangeably. As a result, we’re talking past each other and the conversation has lost meaning.
In the end, it doesn’t matter what you call this -- Risk Intelligence, Resilience, Security or just superior business governance -- we need to develop common definitions about the desired outcome, common understandings about best practices, standards and metrics – and public policies that support these ends.
Last Thoughts