Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Hospitality Management

Curbing Risks Key to Sustainability Reyaz Mihular

KPMG in Sri Lanka
Curbing Risks
Key to Sustainability
ADVISORY
Reyaz Mihular
Partner and Head of Advisory – KPMG Ford, Rhodes, Thornton & Co.
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
2
What is Risk?
Risk
Risk can be defined as “the threat or probability that an action or event will adversely or
beneficially affect an organization's ability to achieve its objectives”
Source: Wikipedia
Risk Management
Risk management is essentially considered as a proactive approach to
identification, estimation, management and mitigation of foreseeable risk areas in
a manner which protects organizational value and minimizes the potential for
unpleasant surprises.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
3
Uncertainty vs. Risk
There is often ambiguity in distinguishing between the uncertainty faced by the business and the risk profile of the
business. Lets clarify,
Uncertainty
Uncontrollable events which are rarely foreseen
We can only attempt to minimize the adverse impact when such an event occurs
Risk
Risk differs from uncertainty due to three primary reasons:
•
Risk can be forecasted and estimated
•
Risk can be managed or mitigated
•
Risk is to a great extent within the control of the management
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
4
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
5
Types of Risk in Enterprise Risk Management
Source: KPMG International, 2009 (The Evolving Role of the Head of Risk Publication)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
6
Types of Risk
A business enterprise faces many kinds of risks in its day-to-day operations. Some of the most common
risk areas include:
• Operational & Process risks
productivity risk, quality risk, service risk, human resource risk and capacity risk.
• Financial & Investment risks
working capital adequacy risk, gearing risk and profitability risk.
• Environmental risk
political risk, economic risk, social risk, legislative risk and technological risk.
• Reputation risk
brand risk, clientele & market share risk and fraud risk.
• Industry & Sector specific risks
credit risk, claim risk.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
7
Types of Risk
Process
People
• Breach of mandate
• Incorrect / untimely transaction execution
• Loss of client assets
• Mis-pricing
• Incorrect asset allocation
• Compliance issues
• Corporate action errors
• Stock lending errors
• Accounting and taxation errors
• Inadequate record-keeping
• Subscription and redemption errors
• Unauthorized trading
• Insider dealing
• Fraud
• Employee illness and injury
• Discrimination claims
• Compensation, benefit, and termination issues
• Problems recruiting or retaining staff
• Organized labour activity
• Other legal issues
Systems
External Events
• Hardware and/or software failure
• Unavailability and integrity of data
• Unauthorized access to information
• Telecommunications failure
• Utility outage
• Computer hacking or viruses
• Operational failure at suppliers
• Fire or natural disaster
• Terrorism
• Vandalism, theft, robbery
Source: KPMG International (Managing Operational Risk Publication)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
8
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
9
Lessons from the Credit Crisis
• On first examination, the crisis appears to stem from the pursuit of revenue
•
growth in a world of easy credit
The reality however is more complex and a number of themes emerge
• Weaknesses in risk culture and governance
• Gaps in risk expertise at the non executive Board level
• Lack of influence of the risk function
• Lack of responsibility and accountability of those on the frontline
• A compensation culture too oriented towards year on year profit increases
• Business models that were overly reliant on ample market liquidity
• Above all this has been a crisis of judgment with an apparently excessive
•
focus on short term gain and a lack of healthy skepticism
Highlighted an urgent need for improved enterprise wide risk management
procedures where “the right hand knows what the left is doing”
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
10
Impacts of risk management failures in corporates
Source: KPMG International, 2008 (Managing Market Risk Publication)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
11
Impacts of risk management failures in environments
Regulatory changes due to financial crises or temporal interferences with financial crises:
Crises (chosen examples)
Regulatory Changes
Wall Street Crash (1929)
Establishment of the Securities and Exchange Commission (SEC), the Federal Deposit Insurance Corporation
(FDIC), separation of commercial and retail banking through the Glass-Steagall Act.
Oil shock and stock
market shock (1973/74)
Establishment of the Basel Committee on Banking Supervision (BCBS) 1974 and the G-10 Basle
Concordat on the supervision of global banks 1975.
Black Monday (1987)
BCBS published the Basel Accord in 1988, setting minimal capital and credit
risk requirements for banks, being enforced by the G-10.
Japanese Asset Price
Bubble (1990)
Sweeping reform of bank regulation in Japan, establishment of a Financial Supervisory Agency.
Asian Financial
Crisis (1997)
Far-reaching regulatory reforms of supervisory agencies in Korea, Malaysia, Thailand and Indonesia.
Russian Financial
Crisis (1998)
Cautious banking reform after the Ruble crisis, including enhancement of transparency of financial reports .
Dot-com Bubble
Crash (2000)
US: Sarbanes-Oxley Act of 2002 introduced strong requirements for privately held companies in the US, from
auditor independence to enhanced financial disclosure. Europe: The implementation of Basel II (extending
international standards for rigorous risk and capital management requirements).
Subprime and Credit
Crunch Crisis (2007/08)
Regulation changes will have a strong impact on all market participants within the
financial market and the real economy. It can be expected that the disclosure
requirements will increase sharply (in control statements and risk management)
Source: KPMG (Risk Management in Turbulent Times)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
12
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
13
Changing attitudes towards risk management
Stakeholders are showing an increasing interest in risk management
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
14
Changing attitudes towards risk management
Risk takers and influencers
Stakeholder interest in risk management:
Investors
• Is
•
my investment secure?
Is the company jeopardizing shareholder value?
•
Is the company balancing its risk portfolio?
•
Is the company stable?
•
Is the company professional & ethical in its conduct?
•
Is the company transparent of its risk profile?
•
Is the company protecting its public image?
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
Customers
Suppliers
Employees
Regulators
General Public
15
Consequences of Risk to a Business
There are several adverse consequences to a business which fails to adequately
manage its risk environment.
Unpleasant Surprises
The impact of unforeseen events can have a detrimental impact if the organization is
not prepared to respond to these challenges.
Destabilization
Risk impacts tend to have a shock effect on entities causing them to be less stable
than they previously were. In recent times many finance companies experienced
destabilization due to failures in credit risk management.
Cost of Recovery
Once a risk impact has taken place, the recovery process is painful and time
consuming. The company would have to invest increased efforts and funds towards
rebuilding reputation and correcting of failed processes. Sometimes the patient may
become too ill to recover.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
16
Importance of Risk Management
Could effective risk management
have averted the global financial
crisis?
How risk management could have
helped,
• Early detection of management malpractices
• Prevented uncontrolled lending
• Provided for more cautious investments
• Better balance of risk and return appetite
• Reduced overdependence between entities
• Provided for contingent strategies
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
17
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
18
Steps in Establishing a Risk Management Process
Board of
Directors
Establish Risk Management Initiative
CRO
Risk Identification & Estimation
CRO
Develop Risk Response Strategy
RM Team
External
Advisors
Establish Risk Control & Mitigation Systems
Divisional
Teams
Implement Risk Control & Mitigation Systems
RM Team
Appraise Effectiveness of Risk Controls
RM Team
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
19
Tools used in Risk Management
The control matrix attempts to:

Identify required controls, of which identify:
Existing controls (eg: segregation of duties)
• Estimated controls (eg: risk management policy)
• Newly implemented controls
•

Identify control mechanisms, of which identify:
Automated controls (eg: systems usage monitoring)
• Manual controls (eg: employee reference checks)
•

Identify control response, of which identify:
Source: KPMG (Risk Management in Turbulent Times)
detective controls (eg: forensic audits)
• preventive controls (eg: confidentiality contracts)
•
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
20
Tools used in Risk Management
The scorecard approach to risk management
Assists in the development of a risk response strategy
through;

Identification of (x axis):
Total cost of risk mitigation measures
• Cost estimates of anticipated losses
• Extent of exposure
•

Identification of (y axis):
Define business unit risk management target
• Identify risk movement
• Assess present status of risk response measures
•
The process to be repeated for each risk area.
Source: KPMG International (Managing Operational Risk Publication)
The risk score card enables an entity to prioritize risk response initiatives.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
21
Tools used in Risk Management
Choice of risk management tools often depends on:
• The contextual scenario and nature of the organization
• Availability of management know-how in implementing such risk management tools
• Extent of risk exposure faced by the business and foreseeable impacts
• Financial viability (affordability) of the risk management tools
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
22
Changing approaches to risk management
3. Automated preventive
Approach
From ad-hoc to
continuous
approach
1. Manual detective
Approach
• Manual reviews
• Performed on ad-hoc
basis.
• Mainly requires (costly)
human involvement.
• The costs are not
reduced when the
verification is repeated.
2. Automated detective
Approach
• Automated reviews,
embedded in a process
(attestation / reporting)
• The periodicity and
scope of the reviews are
based on a risk
assessment.
• Significant cost
reductions as human
involvement is reduced
• Lower total costs of
assurance
What maturity level does your organisation require?
• IAM Processes are
designed,
implemented and
proven to be effective
• Significant cost
reductions as
operational
excellence is
improved by
automation
• On business (access
request processes)
as well as on IT
(provisioning)
From manual to preventive approach
Source: KPMG (Risk Management in Turbulent Times)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
23
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
24
Enterprise Risk Management
Key considerations in developing ERM processes
• Focus on the future and take a proactive approach to identify risk
• Place the greatest investment into change management and empowering people
• Don’t depend entirely on subjective risk perspectives – collect real data
• Work with management to solve risk-related challenges
• Make sure that assurance processes permeate through the organization
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
25
Strengthening Risk Oversight
• Be clear about the board’s oversight objectives
• Work with management to agree on the types of risk information the
board requires.
• Ensure that the culture encourages directors to question, challenge,
and test management.
• Invite the right people to the board’s conversations about risk.
• Focus on tone at the top, culture, and incentives.
• Enlist the CRO to support the board in its oversight of risk.
• Ensure that risk over sight responsibilities of the full board and its
committees are clear.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
26
Contents
• Introduction to risk
• Overview of the risk environment surrounding business
• Impacts of risk management failures
• Importance of curbing risk in volatile environment
• Establishing a risk management framework
• Enterprise risk management approach to risk management
• Evolving role of risk management practices & perceptions
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
27
Emerging risk practices
Emerging risk practices at leading organizations
• Provides credible risk governance
• Inputs to strategy formulation
• Integrates risk management and strategy execution
• Aggregates information to identify operational control weaknesses
• Addresses operational risks early
• Incorporates risk in programme management
• Focuses on risks to reputation
• Builds a risk management dashboard
• Uses behavioral change management techniques to maintain risk awareness
capabilities
• Coordinates with assurance providers to provide an opinion on the control
environment
Source: KPMG International, 2009 (The Evolving Role of the Head of Risk Publication)
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
28
Changing attitudes towards risk management
Risk management becomes
recognized as a necessity
rather than a luxury
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
29
Changing attitudes towards risk management
There is a significant increase in the attention to
Risk Management in global companies.
Over 70% of respondents indicate increasing attention in both survey questions.
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
30
Improving Organizational Risk Management Functions
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
31
Presenter Contact Details
Reyaz Mihular
Partner - Head of Advisory Services,
KPMG Ford, Rhodes, Thornton & Co.
Tel: +94 11 2343108
E-Mail: reyazmihular@kpmg.com
Web: www.lk.kpmg.com
(C) 2009 KPMG Ford, Rhodes, Thornton & Co, a Sri Lankan Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved.
32
Related documents
ABCD Future Diversity Leaders Program Application Form Please PRINT or TYPE
ABCD Future Diversity Leaders Program Application Form Please PRINT or TYPE
September 16 , 2014 Dear KPMG Hiring Manager,
September 16 , 2014 Dear KPMG Hiring Manager,
Big 4 - WordPress.com
Big 4 - WordPress.com
See slides
See slides
Notice to the Market WEG S.A. CHANGE
Notice to the Market WEG S.A. CHANGE
Joseph Shaveb is a senior associate in KPMG's Mergers
Joseph Shaveb is a senior associate in KPMG's Mergers
Download