LINKING ENTERPRISE RISK MANAGEMENT TO STRATEGY
November 27, 2014
Presented by:
Carolyn M. Snow
RIMS President
Director, Risk Management, Humana Inc.
Mary Roth
RIMS Executive Director
87%
Companies surveyed
with revenue above
$1 billion say
expectations of the
risk management
department have
increased.
2
Enterprise
Risk
Wheel
Source: Zurich
INVESTING IN STRATEGIC & ENTERPRISE
RISK MANAGEMENT
63% HAVE FULLY OR
PARTIALLY IMPLEMENTED
ERM
 Increases risk awareness
 Contributes significantly to risk
avoidance and mitigation strategies
 Assurance that the organization will
reach strategic & operational
objectives
4
A RIMS
ERM COMMITTEE
REPORT:
COMPARING TRADITIONAL RM WITH ERM
1. Traditional RM focuses on
hazard risk.
1. ERM encompasses both hazard
risk and business risk.
2. Traditional RM seeks to restore
an organization to former preloss condition.
3. Traditional RM focuses on the
value of the accidental loss.
4. Therefore traditional RM is
both its own discipline & part
of the broader ERM discipline.
2. ERM seeks to enable an
organization to fulfill its
greatest productive potential.
3. ERM focuses on the value of
the organization.
4. ERM focuses on the
organization as a whole.
Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliot and Harrison page 1.14.
THE VALUE OF ERM
The Valuation Implications of Enterprise Risk Management
Maturity Study
 Organizations exhibiting mature risk management
practices realize a value growth potential of up to 25%
Federation of European Risk Management Associations Survey
 Firms with a more mature approach to Risk Management
have better financial results.
 75% more firms with advanced risk management practices
had Earning Before Interest Taxes Depreciation and
Amortization (EBITDA) growth of over 10%
 62% more firms with advanced risk management practices
attained annual revenue growth of 10%.
Source: 2012 study by Federation of European Risk Management Associations
5 STEPS TO TRANSITION TO
ENTERPRISE RISK MANAGEMENT
FIVE STEPS FOR TRANSITIONING TO ERM
Determine
what
value
your organization
will gain
5
STEPS
TO
TRANSITION
TO
ERM
from ERM.
Scan the internal environment for what is
already being done.
Find a champion.
Adapt processes to the organization’s needs.
Strive for continuous improvement.
Source: RIMS Executive Report Transitioning to Enterprise Risk Management. All Rights Reserved.
MANAGEMENT’S EXPECTATIONS
Source: 2013 RIMS ERM Survey. All rights reserved.
HOW EFFECTIVE ARE WE?
Source: 2013 RIMS ERM Survey. All rights reserved.
RISK TOLERANCE DEFINITION
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
• Risk Tolerance is the amount of uncertainty an
organization is willing to accept in the aggregate
(or occasionally within a certain business unit or
for a specific risk category), expressed in
quantitative terms that can be monitored and
may be expressed in acceptable/unacceptable
outcomes or as limited levels of risk.
RISK APPETITE DEFINITION
Source: RIMS Strategic Risk Management Implementation Guide 2012. All rights reserved.
• Risk Appetite is the amount of total risk
exposure that an organization wishes to
undertake on the basis of risk-return
trade-offs. Reflective of the company’s
business strategy, risk strategies and
stakeholder expectations, risk appetite is
generally set and/or endorsed by the
board of directors through discussions
with management.
WHAT IS STRATEGIC RISK MANAGEMENT?
Strategic risk
management (“SRM”)
is a business discipline
that drives deliberation
and action regarding
uncertainties and
untapped
opportunities that
affect an
organization’s strategy
and strategy
execution.
Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.
Not just another framework – another way to think
Strategic risks
Risks arising
from the
strategic plan
Source: RIMS Strategic Risk Management Implementation Guide. All rights reserved.
Strategic Risk Management in Action…
HOW DOES STRATEGIC RISK MANAGEMENT
WORK AT HUMANA?
 Fortune 100 Company
 52,000 Employees
 $13 Billion Market Cap
 $40 Billion in Revenue
Humana’s
Journey
Where are
we along the
journey?
Ad-hoc
Initial
Build the Base
Mature the Process
Link to Performance
 Set risk strategy, policy and
framework
 Consistent enterprise risk
identification and assessment
 Embedded in strategic planning
and other business processes
 Set optimal risk management
structure
 Business unit risk profiles
 Management has risk and
control performance objectives
 Build resource pool
 Aggregate risks across the
enterprise
 Systematic risk reporting
 Defined appetite / tolerances
 Risk owners defined and
accountable
 Detection of emerging risks
 Defined materiality
 Provide risk reports to Executive
Committee Audit Committee
 Identify and monitor key risk
indicators
 Technology solution in place
 Risk linked to business
performance measurement
 Enterprise-wide risk awareness
and education
 Initiate technology solution
 Optimize resource pool
Copyright 2009-2014 Risk and Insurance Management Society, Inc.
Humana’s
Program
Identify
Strategic
Operational
Financial
Compliance
Analyze
Planning Risks
Execution Risks
How Well Managed
Report
By Business Area and
Initiative
Copyright Humana Inc., 2014
Input
Sources
Consider
Potential
“Black
Swans”
10-K
Identified
Risks
Internal Audit /
Oversight
Groups
Identified Risks
Deconstruct
Risks from
Corporate
Strategy
Process
Leader Risk
Workshops /
Executive
Leader Input
Deconstruct
Risks from
Cash Flow
and Earnings
Assess
Surprise Risk
Events and
Near Misses
Copyright Humana Inc., 2014
Engagement at Humana
What’s the purpose?
Who is involved?
Workshop Methodology
Stage 1
Process
discussion with
business area
leader
Interview session
with leader
Survey of
leadership team
Stage 2
Workshop
session with
leadership team
for collaboration
and key risk
prioritization
Stage 3
Optional second
workshop
regarding
mitigation plans
Link to detailed information in Journal of Accountancy 2013 article
Copyright Humana Inc., 2014
Stage 4
Key risk list,
business area
consideration,
and Internal
Audit planning
Interview (structured
and unstructured)
Stages 1 & 2
Identify
Questionnaire
Business Area
Leader
(face-to-face,
e-quiz)
Individual
(observation,
storytelling)
Facilitator
Analyze
Collective (round
table, brainstorming)
IT
Troubleshooter
Challenger
Evaluate
Copyright Humana Inc., 2014
Scenarios,
war games
Potential risks
placed in
appropriate
quadrants, after
assessing
potential impact
to business
objectives and
current mitigation
activities. Aids
the business in
prioritization,
mitigation and
strategic
planning.
How Well Managed?
Stage 3 Workshop
Consider
Improvement
Urgently
Assess
Confirm
Adequacy
Avoid Further
Exposure
How Impactful?
Copyright Humana Inc., 2014
Illustrative Purposes Only
Stage 4 Reporting
Prioritized Risks
High
Impact
Well
Managed
Moderate
Impact
Moderately
Managed
Not
Managed
Well
Low
Impact
Risk 2 Risk 7 Risk 9 Risk 4 Risk 3 Risk 1 Risk 5 Risk 8 Risk 6
How Impactful?
Copyright Humana Inc., 2014
How Well Managed?
THANK YOU!!!!
Our Website:
WWW.RIMS.ORG
RIMS Risk Knowledge Library
WWW.RIMS.ORG/RISKKNOWLEDGE
Thank You