Date post: | 20-May-2015 |
Category: |
Business |
Upload: | proformative-inc |
View: | 2,909 times |
Download: | 1 times |
1© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk ManagementAs a CFO: Getting Risk Management RightAn overview of recent research and suggested best practices
Bruce McCuaig - Director Solution Marketing GRCBob Tizio - VP, GRC Officer – Americas, SAP America Inc.
2© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Agenda
• Overview of ERM research findings• The state of ERM today• Three value questions: a simple strategy for ERM• 10 questions ERM must answer• Case Study• Q&A
3© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Risk Management Is Growing In Importance
4© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Investment in ERM Technology is Lagging
5© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Enterprise-wide View of Exposures is Poor
6© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Surprises Are Persistent
7© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Qualitative Approaches Are Used for ERM
8© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Enterprise Level Risk Inventories Are Emerging Slowly
9© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Integration Is Gaining Recognition
10© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Integrated Approaches Are Exceeding Expectations
11© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Still Immature by Comparison
Risk management vs. Financial management maturity criteria
Financial management
Risk management
Certified professionals a r
Standardized methodology a r
Independent audits a r
Board involvement a ar
Standardized reporting a r
Supporting technology a a
12© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Market Risks
Op
era
tion
s R
isks
Fin
an
ce
Ris
ks Human
Capital Risks
ITRisks
LegalRisks
Supply ChainRisks
“Silo” or “Stove-pipe” Risk Management
ERM Today: Still Siloed After All These Years
13© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: “Control” Paradigms Dominate
14© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Risk Reporting is Evolving
15© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
ERM Today: Monitoring and Review is Weak
16© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Three Value Questions: A Simple Strategy for ERM
Where is the fundamental value of the business?
• Risk Management will only add value if aligned with value drivers
What drives that value?
• Risk Management will only drive results if complex cause/effect relationships are understood
What can cause catastrophic loss or disruptive opportunity?
• ERM professionals must identify emerging risks and opportunities
Caution: Any risk management approach whose only goal is to add controls will simply add cost. Risk responses must reflect risk appetite
17© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Ten Questions for Getting ERM Right
18© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13Risk Management As A Factor Of Success And An Integral Part Of Effective Corporate Management
19© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Items To Be Discussed
Risk Management Trends
Prerequisites and Key Factors for Successful Risk Management
Strategic Risk Management
Elements of an integrated strategic/operational risk management model
Providing transparency of risk information
20© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Current Challenges FacingCompanies And Risk Trends
Risk Management needs to focus on interdependencies & interconnection of risks
Focus on new &
disruptive technologi
es
Focus on External Impacts
Overall economic &
political conditions
Uncertainty surrounding
political leadership affecting markets
Rapid speed of disruptive
technological innovations &
social networks within the industry
May outpace our ability to compete and manage risks.
Focus on Legal and
Regulatory Compliance
Focus on Profitable Growth & Market
Penetration
Focus on Data
Protection & Cyber Security
Regulatory changes and heightening regulatory
scrutiny May affect the manner
in which organization’s products and
services will be delivered
Increasing competition and
profitability pressure
Because of market consolidation
Cyber threats have the
potential to significantly disrupt core operations
Compromising privacy
& informationsecurity protection
21© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Risk Management Requirements Are
IncreasedExternal view to
integrate outside-in
risk factors
Expanded view on risk trends and
risk patterns
Combine operational & strategic
risk manageme
nt
Linkage of risk trends
to operational & strategic
targets
Transform risk management from:purely operational focus to combine both operational & strategic focus with outside-in views
compliance view to being a trusted business partner
being a pure facilitator & reporter to an advisor & supporter role
W H
A T
22© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Resulting In New Implications For Successful And Effective Risk
Management
Shared targets to achieve
business objectives
Risk management
along strategic priorities
Closer collaboratio
n and integration into business
processes
Senior business
people with extensive know-how
from the respective
areas
Risk Managers as business
enabler H O
W
23© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Right Conditions Of A Risk Management Organization Are Key Factors Of Successful Risk Management
Drive Risk Culture from the TopIntegrate risk management into board area priorities and projects to drive risk management from the top and enable risk managers.
A right organizational setupA right level of integration throughout the company – global vs. decentralized organization
A tailored risk management approachOne view on risks combining operational and strategic priorities and the integration of risk management into the decision process.
A changed role of a risk managerRisk managers with business know-how and extensive business experience to give guidance, provide mitigations and risk transparency.
So you can:• Get closer to the business• Be involved & integrated• Have insight into risk trends• Foster collaboration & business insights
24© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
SAP’s Global Governance Structure
25© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Effective Risk Management is Created By The Combination of “Business Partnering” And “Stewardship”
… while maintaining a level
of trust and confidence.
StewardshipCompliance, Transparency,
Policy & Standards
Enable the business to take risk-based decisions at any time…
Business PartnerValue-adding risk management services to business
26© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Key Success Factor Of A Successful Risk Management Approach Is The Connection Between Bottom-up And Top-down Risk
Strategic Risk Managementwith strong focus on strategic targets, initiatives
& external trends and factorsto identify root causes
Operational Risk Managementwith strong focus on financial, operational and
compliance targetsto identify risk patterns & risk trends
en
able
s
deliv
ers
KR
Is
End-to-End Risk Management
27© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
en
able
s
deliv
ers
KR
Is
“What are early signs of
disruptive change and how do we adapt to
emerging risks?”
“The latest competitive
move – how does it affect my targets?”
“Do I have the risk business
model in place to achieve my strategic targets?”
“Has compliance been ensured in
our goals?”
“Which external events (technology, market,
economy, political, etc.) could challenge the
execution of our strategy and do we have mitigation
plans?”
“Do we have the needed
transparency and independent
risk insight?”
“How do latest disruptive
technologies affect my
products and buyers
behaviour?”
“Are all teams aligned to
execute on our strategic goals?”
External FactorsInternal Factors
Strategic Risk Management Provides Deeper Insight, Greater Transparency And Enables Risk-based Decision Making
28© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Combines Different Views on Strategic Risks and Opportunities
Identify challenges not yet visible to management & business owner
Earl
y id
enti
fica
tion, vis
ibili
ty a
nd
unifi
ed
vie
w o
f m
ost
cri
tica
l ri
sks
and
op
port
unit
ies
end
ang
eri
ng
the a
chie
vem
ent
of
gro
wth
&
innovati
on t
arg
ets
Early identification & development of right response strategy
Risk related to the
execution of
targets
Risk Scenarios
External Trends &
Risk Drivers
Internal Prediction
Ad
ap
tati
on t
o c
hang
es
in t
he e
xte
rnal
envir
onm
ent
en
ab
les
deliv
ers
KR
Is
“What are early signs of
disruptive change and how di we adapt to
emerging risks?”
“The latest competitive
move – how does it affect my targets?”
“Do I have the risk business
model in place to achieve my
strategic targets?”
“Has compliance been ensured in
our goals?”
“Which external events (technology, market,
economy, political, etc.) could challenge the execution of
our strategy and do we have mitigation plans?”
“Do we have the needed
transparency and independent
risk insight?”
“How do latest disruptive
technologies affect my
products and buyers
behaviour?”
“Are all teams aligned to
execute on our strategic goals?”
29© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Uses Tools And Services To Get An Independent View On Risks To Support The Strategic Business Objectives
Holistic identification of
risks & opportunities
related to growth & innovation drivers
Identification of emerging risks and opportunities based on a 360° risk
assessment across all board areas involving different stakeholders inside and outside of a
strategic initiative, including comprehensive mitigation strategies.
Outside-in view
Earlier adaptation to changes in the
external environment
through Competitive
Market Intelligence (CMI) and engagement
with analysts.
Innovative Tools
e.g. “Early Prediction” for
strategic initiatives through Wisdom of
the Crowd leveraging the knowledge and
insight of employees independent from
hierarchies.
Interconnectedness &
Dependencies
Identification of key interdependencies that affect multiple strategic initiatives
and might hinder the overall execution of
our strategy.
Significant Material Risks
Early detection of relevant material risks, quite often
tail risks, that could potentially
materialize and significantly impact the achievement of
strategic objectives.
30© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Path To A Risk-smart Business
R
StrategyManagement
Process
Risk adjusted
Ris
k a
dju
ste
d
Ris
k a
dju
ste
d
Risk adjusted
Comprehensive view of potential strategic risks based on external and internal business variables, with regards to their impact on strategic objectives and their relevance to a company’s strategic priorities.
Trigger of mitigation steps and corrective actions.
.
Strategy mapping and Strategic Risk Assessments of selected key risk areas which have the potential to impact our business results and intangible values such as
reputation and brand image.
Strategic Risk Assessments of selected strategic initiatives & business cases.
Scenario management & simulation to “stress test“ key assumptions and impact
Internal early warning system.
.
Manage the relationship between strategy performance, risks and controls.Key risk indicators (KRIs) can be presented alongside key performance
indicators (KPIs) to monitor their impact on value drivers.
Strategy Development
Strategy Execution
31© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Strategic Risk Management Is Dependent On An Integrated And Effective Operational Risk Management
• Risk Managers in the Sales & Consulting area assess projects and opportunities based on High-Risk Scenarios
• These High-Risk Scenarios are based on
• Early warning through KRIs
• Extensive business experience
• Database of previous incidents
• This enables risk managers to act as business partner and advisor
• The RDOA is a risk-based decision process:
• based on SAP’s risk appetite
• to get ownership for appropriate mitigations and approval for residual risks at various levels of the company
• up to the Executive Board level…
• leading to full transparency
• The Executive Risk Committee focuses on top projects and risk trends on a regional level to mitigate possible project risks (bottom up approach).
• Involvement of relevant stakeholders (CFO, COO, risk management, legal, regional management) and top management attention through executive sponsors (e.g. CFO, CEO).
• Top risks and global risk trends are transferred on a global level to evaluate the possible impact and define mitigations
High Risk Scenarios Risk Delegation of Authority (RDOA)
Executive Risk Committees
32© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
The Outcome Of Integrated Risk Management To Effective Corporate Management
Preparedness to react faster on external trends & factors through early warning & high transparence combined with a high degree of effective mitigations.
Higher return on risk management investment through tangible business value add of senior risk managers delivering true business value.
Creation of a risk-aware culture in which people understand their role in contributing to the achievement of objectives.
Effective combination of operational and strategic risk management through an end2end risk management enables effective execution on strategic targets and goals.
33© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Successful Risk Management Requires Appropriate Transparency Of Risk Information
Need a system to accumulate risk information- we are using SAP’s GRC suite.
Risks are validated by activity owners.
Operational risk information is provided monthly to key stakeholders.
Quarterly Board report prepared detailing key strategic and operational risks.
In process of moving to a consume on demand model for real time risk reporting via Ipad reporting.
34© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
iPad Application for Real Time Risk Reporting
35© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13Thank You!Strategic Risk Management As a CFO: Getting Risk Management Right
36© 2013 Ask, Share, Learn
www.proformative.com
#CFOD13
Thank You Sponsors!
PLATINUM
GOLD
SILVER
DIAMOND