Advanced Enterprise Risk Management

Course Outline

DAY 1

Taking Enterprise Risk Management (ERM) to the Next Level

• Characteristics of an Advanced Enterprise Risk Management (ERM) Process 

  • Board-level engagement to ERM as a critical judgment framework
  • A dedicated risk executive in a senior-level office to drive the process
  • An Enterprise Risk Management (ERM) culture that promotes full engagement and accountability at all levels of the organization
  • Engagement of stakeholders in risk management plan development and policy framework
  • Clarity of risk communication
  • Combination of financial and operational risk information into decision-making
  • Use of sophisticated quantification methods to know the risk and prove added value through risk management
  • Description of new and emerging risks and managing the internal data as well as information from outside providers
  • A move from concentrating on risk escape and mitigation to leveraging risk and risk management choices that extract value
  • Enterprise Risk Management (ERM) case studies (banking and FMCG)
  • New paper on Enterprise Risk Management (ERM) and the role of Executive management will be accorded

•   Keeping Your Eye on the Big Prize

  • Enterprise Risk Management (ERM) spans all lines of business and is governed at the enterprise level
  • Enterprise Risk Management (ERM) spans all types of risks, across all business units, functions, processes, and systems
  • Identifies and assesses risk events, plans and executes a response to them
  •  Identifying principal risk factors (Vodafone case study)
  • Provides transparent, risk-adjusted business performance management
  • ERM focuses on risk events that impair the enterprise from fully achieving objectives

• Exploring Global Enterprise Risk Management (ERM) Scenarios

  • In this interactive concourse, delegates will explore global risk situations and then discuss the implications for their organizations
  • Risk Attitude
  • The need to determine risk as to the need to get things right – not what can go wrong
  • ‘Ring-fencing’ risk exposure - never pass one part of the business to affect the whole organization
  •  Determining and expressing your attitude to risk and your imperative risk culture to managers and stakeholders
  •  Knowing that reputation is both your biggest asset and the biggest risk you face – and one you cannot insure
  • Not waiting until you are required to provide evidence of effective risk management by regulators or enactment – this will regularly be too delayed

• The Enterprise Risk Management (ERM) Roadmap

  • Interpret the Current ERM Environment
  • Handle Gap Analysis
  • Lead management workshops and agree with pre-existence
  • Progress ERM roadmap of preferences for implementation

DAY 2 

Enterprise Risk Management (ERM) Risk Measurement Techniques

•   Risk Measurement Methods

  • The demand for quantitative risk analysis
  • Structured Records
  • Risk seminars
  • Delphi (expert analysis)
  • Ishikawa diagrams (fishbone analysis)
  • Crash mode and effect analysis (FMEA)
  • Plot planning
  • Rootlet cause analysis
  • Monte Carlo analysis
  • Bayesian networks
  • The pros and cons of the many purposes

• Risk Workshops

  • The power of workshops
  • Techniques for successful risk workshops
  • The need to involve peer groups
  • Stabilizing a risk workshop
  • Facilitation methods

• Delphi (Expert Analysis)

  • Receiving consensus from experts of different qualifications and attitudes
  • Comparing the opinions of modified specialists from different professions
  • Determining agreeable risk by using experts to estimate e.g. total credit furnished versus credit available or to verify creditworthiness guidelines
  • Achieved example

• Ishikawa (Fishbone) Analysis

  • Very effective in evaluating risks with multiple causes
  • Steps in fishbone analysis
  • Problem identification
  • Prime and trivial objects
  • Placing priority criteria
  • Preparing fishbone diagram
  • Probing the output

• Failure Method and Root Cause Analysis

  • Evaluation of potential failure modes for manners
  • The likely impact on outcomes and/or product display
  • Risk-reducing measures to drop, reduce, or control the inherent failures
  • The result, probability, and apprehension criteria
  • Ascertainment of RPN (risk preference number)
  • Worked example of FMEA

• Scenario Planning

  • Why risks identified are often too generalized? - e.g. loss of key workers
  • The need to assess different scenarios for each universal risk
  • The techniques and success representatives

DAY 3   

More Risk Assessment Techniques

• Crime Tree Analysis

  • A systematic method of System Analysis
  • Examines the system top-down
  • Used to investigate potential faults
  • Quantify contribution to system unreliability
  • Worked example

• Monte Carlo Simulations

  • A mathematical technique that provides people to account for risk in quantitative summary and decision making.
  • Produces a range of probable outcomes and the probabilities they will happen
  • Prepares a hazard distribution
  • The kinds of distribution
  • Regular(bell curve)
  • Costume
  • Three-cornered
  • Values of Monte Carlo simulations
  • Used to price mania financial apparatuses
  • To determine the VAR (value at risk)
  • Determining the choice to expand, deal, or postpone a project

• Bayesian Networks

  • Bayes theorem
  • Adding more data to an original idea to enhance decision making
  • Use of Bayesian networks
  • Will it rain tomorrow?
  • Visiting the doctors
  • Banking sector

• Emergent Risks

  • There is no clear boundary with other types of risk
  • Emergent Risks cannot often be easily anticipated
  • At the early stages, they are often low probability / high impact
  • Areas for consideration
  • Political
  • Regulatory
  • Legal
  • Security
  • Technology
  • Environmental
  • Knowledge

• Crisis Management

  • The need for preparation
  • Pre-prepared media statements
  • Types of crisis
  • The difference between emergency and crisis management

• Key Risk Indicators (KRI’s)

  • The banana skins
  • Identifying these in advance
  • Examples of KRI’s
  • New KRI guidance
  • How to develop effective KRI’s

DAY 4

Advanced Enterprise Risk Management (ERM) Issues

• The Risk Register Challenges

  • Why the Enterprise Risk Management (ERM) process often fails to engage management
  • Risks recorded are much too general
  • Causes and effects are confused with risks
  • Only residual risk is concentrated on
  • Various methods are used for scoring risks
  • Benefits are difficult to determine
  • The register is spreadsheet-based
  • The process is far too complex
  • The Risk register solution

• Enterprise Risk Management (ERM) Tips for Success

  • Use a risk assessment framework to assess your risk maturity and prepare a plan to enhance this maturity (if required)
  • Adopt ISO31000 (the International risk standard) and apply the principles across the business
  • Only use one risk matrix for the Business – every function should not develop their own
  • Ensure that you have common risk terminology and communicate it widely
  • Recognize risks may have multiple scenarios e.g. loss of key personnel (how many, in which areas, etc.)
  • Set meaningful Key risk indicators (KRI’s) to warn you before risks materialize
  • Prepare a graphical or tabular record of key risk for the Board
  • Recognize that understanding risk is the key to successful corporate governance
  • Arrange a reputation risk workshop for senior management
  • Get the whole risk process benchmarked

• Risk Appetite and Risk Tolerance

  • What is risk appetite?
  • The difference between risk appetite and risk tolerance
  • Defining risk limits
  • Risk profiling
  • Developing risk appetite statements
  • Examples of risk appetite statements

• Enterprise Risk Management (ERM) and Decision-making

  • For every key proposal passed to the Board or senior management for the decision, insist that a full risk analysis is submitted
  • Match key risks to corporate objectives each year.
  • Ensure that you under promise and over perform – not the other way round
  • Invite all your key stakeholders to a risk workshop
  • Analyze the major surprises and near misses that you have had in the last 12 months
  • Recognize that ‘if it seems too good to be true’ it probably is
  • Prepare media statements in advance to cover all possible crises
  • Twice a year ask all key executives to identify 3 opportunities and set up a high-level workshop to discuss and priorities them
  • Develop a corporate opportunity register
  • Offer special incentives for the best ideas to reduce risk or exploit opportunities
  • Do not commit time and money in risk mitigation unless a monetary or another significant benefit can be demonstrated
  • Calculate the value of income required to cover each dollar/dirham/riyal wasted due to poor risk management – use this multiplier as a business driver

DAY 5

Wider Aspects of Enterprise Risk Management (ERM)

• Assurance and Enterprise Risk Management (ERM)

  • Ensuring your assurance providers roles e.g. Internal Audit, Compliance, Risk Management, Insurance, Security, etc are coordinated to avoid duplication of effort
  • Why you should incorporate internal audit agreed with actions in your risk register?
  • Ensure environmental risk is taken seriously (even if you are in a sector such as Financial Services
  • Ensure that your Business Continuity plan covers all eventualities and ensure it is fully tested
  • Identify new ways to benefit the least able section of the wider community you serve
  • New guidance on coordinating RM & assurance

• Energizing Your Staff to Manage Risk

  • Ensure that your staff know that risk management is not a fad or the latest initiative – it is a business process
  • Get risk management as an agenda item in staff meetings
  • Recognize that your employees will only be interested in managing risks if there is a benefit for them in doing so
  • Not give too many risks to the same manager
  • Complete as much of the risk program with your managers – do not over-rely on consultants – you have to own the process
  • Realize that if managers want to get a proposal through, they will tend to understate the risk (if you let them)
  • Recognize that risk is the pulse of the organization and make sure that you have the personnel to regularly take this pulse

• Enterprise Risk Management (ERM) in Projects and Joint Ventures

  • Determine the associated risks at the very earliest stage of a project
  • Recognize that it is most unlikely that the project can be delivered to time, to budget and meet all the objectives outlined
  • Decide upfront which of the 3 elements, time, financial budget, or functionality you are willing to compromise first.
  • Hold risk workshops with the shortlisted suppliers or contractors before awarding a contract
  • Give executives a clear brief regarding the decisions that may or not be made by them before they attend each meeting with partners
  • Require your executives to provide written feedback from all such meetings
  • Determine a clear protocol for reviewing JV’s and partnerships
  • Not assume that because a JV is effective in year one it will necessarily be the same in year 2 and beyond
  • Ask your internal audit function to be involved in all key systems and projects at key stages during the development phase
  • Ensure you have a right to audit clause for all outsourced operations and exercise that right

• Enterprise Risk Management (ERM) in Projects Golden Rules (with case studies)

  • Make risk management an integral part of the project

  • Identify risks early in the project
  • Communicate the risks widely
  • Consider both risks and opportunities
  • Prioritize the risks
  • Analyze the risks properly