Enterprise Risk Management“From Book to Board Room”
Raghuraman Ranganathan
Senior Manager, Corporate Risk Center of Excellence
Enterprise Risk Management
Wipro Limited
© 2010 Wipro Ltd - Confidential2
What do we have here….
120 Mins…..time together
This is our T20 and Strategic Timeout
How to – Make it useful for you & us
Lets bowl to each other & not drop catches
Our Brief: Get to know how risk management theories can move from Books to Board RoomStatutory Warning: This presentation has an overdose of Cricket & Risk.
© 2010 Wipro Ltd - Confidential3
HistoryHistory and Need for Enterprise risk management
Pre-Match
© 2010 Wipro Ltd - Confidential4
History of Risk Management(this is a video played during the session)
© 2010 Wipro Ltd - Confidential5
Uncertainty
Risk
Enterprise Risk ManagementFramework
Opportunity
Entity / Firm
Risk Minimization framework Opportunity Maximization
Wealth creation
Stakeholder Need for ERM
Enterprise Risk Management optimizes risk, Does not eliminate it
Compliance & Assurance for Stakeholders
© 2010 Wipro Ltd - Confidential6
Sarbanes – OxleyHIPAAFERCCA SB 1386CA SB 1950PIPEDAHomeland Security
Personal DataProtection Law
Bill 3494/2000Bill 321/2004
Companies ActDPARIPBasel IIIASReg.357
Companies ActSarbanes OxleyBanking Act
Japan PrivacySOXFICS
CLERP 9AS4360PersonalData Protection Law
Compliance Need for ERM
- Wipro Global Foot Print
© 2010 Wipro Ltd - Confidential7
Managing Outsourced Relationships
Customer wants - Business needs
Size & Scale of Business Robustness of
Processes
Impact of Globalization
Continuous Compliance
Mergers & Acquisitions Value for every
rupee spent
Increasingly Strict regulations
DynamicChanges
© 2010 Wipro Ltd - Confidential8
OverviewThe Business Environment in which we operate and our boundaries
The Playing Ground
© 2010 Wipro Ltd - Confidential9
Business Environment
Customer Delinquency
Forex Volatility
Technology
Economic Conditions
Physical Security Threats
Labor & other Regulatory
changes
Country Policies
Taxation
Business Growth & Delivery
M&ACorporate
Governance & Financial Reporting
Treasury
People Supply Chain
Customer Credit
Regulatory Compliance
External RisksInternal Risks
Customer Demands
Climate Change &
Sustainability
© 2010 Wipro Ltd - Confidential10
Global Risks – 2011World Economic Forum
1. Fiscal Crises
2. Climate Change
3. Extreme Energy Price Volatility
4. Economic Disparity
5. Global Governance Failures
Top Risks
Source: http://riskreport.weforum.org/global-risks-2011.pdf
© 2010 Wipro Ltd - Confidential11
Concepts – Internal Vs External
The Toss
© 2010 Wipro Ltd - Confidential12 12
Global Risk Management Standards
1.The Orange Book; Management of Risk -Principles and Concepts, 1st edition:2001 by HM Treasury, Edition used: October 2004
2.ISO/FDIS 31000; Risk Management –Principles and Guidelines, by International Organization for Standardization, Edition used: November 2009
3.AS/NZS 4360:2004; Risk Management, 1st
edition: 1995, by Joint Technical Committee OB-007, Risk Management, Edition used: June 2006
4.COSO; Enterprise Risk Management –Integrated Framework, First Edition: 2001, Edition used: 2004
© 2010 Wipro Ltd - Confidential13
COSO ERM Framework
Three Foundational Aspects:1. Achieving Entity Objectives:
Wipro’s approach of 5 Risk Areas• Strategic • Operations• Financial • Reporting• Compliance
2. Applies to activities at all levels of the organization
3. Eight interrelated components
© 2010 Wipro Ltd - Confidential14
Risk Management Methodology
•Strategic•Operational•Financial•Compliance
•Scope•Nature•Owner•Quantification•Tolerance•Treatment •Qualitative
•Quantitative
Risk Estimation Vs.
Risk Appetite
•Internal •External
•Risk Control / Mitigation•(Avoid/Transfer/Finance)
•Audits•Reporting & Reviews
Source : Risk Management Standard, IRM
© 2010 Wipro Ltd - Confidential15
If You thought that was a theory…ERM is Virtually What managers do on Every-day Basis
© 2010 Wipro Ltd - Confidential16
Risk Management is Evolving
From: Finance function
Financial risks
Risk insurance
Treasury risks
Exchange risks
To: Entire enterpriseOperationsFinanceTechnologyHuman resourcesCompetitionRegulatoryEnvironmentalGlobal expansionReputation
© 2010 Wipro Ltd - Confidential17
Risk Interconnection & Cascading effect
Problem: Two low impact risk occurring simultaneously can have devastating effect on the system.Response: To NOT look at risks in isolation. A Scenario analysis to be done by looking at risks in conjunction.
+ 55 million people out of power for 10 hours=
A transmission line touching tree
A bug in the IT system
1 plus 1 can be 11 in their impact and not just 2 !
Security incident or delivery issue
Change in customer management
Contract renegotiation+ + =
© 2010 Wipro Ltd - Confidential18 18
1) Wipro ERM Strategic Plan
2) ERM Framework and Architecture
3) Integrated Risk Management at Wipro
4) Risk Management philosophy to act fast on weak signals
5) Board and Audit, Risk and Compliance Committee role on risk management at Wipro
6) Deal risk index model
7) Customer credit risk assessment model
8) Country risk assessment model
9) Alliance partner risk assessment model
Wipro Specific Risk Management Areas(Discussed during the Session – Not included in this deck as Wipro Confidential)
18
19
1) Evolving Maturity models for Enterprise risk management
2) Industry specific risk management models
3) Risk Management training for Corporates
4) Joint IP development models
5) Risk Management Automation rollouts
Opportunities for CAs
19
20
Thank You!