ENTERPRISE RISK MANAGEMENT Implementation challenges Presented by: Christopher Whittle Director: RiskSolve International RiskSolve Council • It is paramount that the Council drives the implementation exercise. • Councils are responsible for understanding the nature of the risks significant to their municipalities and for ensuring that the management is taking the steps necessary to identify measure, monitor and control these risks. Risk Appetite • What are the significant risks the Council is willing to take? • What are the significant risks the Council is not willing to take? • What are the strategic objectives of the municipality? Are they clear? • Have they been clearly communicated to all levels in municipality? Articulating ERM Benefits Key benefits/impacts of ERM include: • Improved decision-making, especially in setting corporate strategy. • Reduced risk exposure in key areas. • Improved corporate governance. • Improved compliance. • Greater efficiency of operations and profitability. • More effective business processes. Defining Risk Terminology • At a minimum, an organizations needs to agree on definitions for terms such as risk, risk assessment, risk management, ERM, significance, likelihood, inherent risk and residual risk. • Risk can be defined as "a measure of the probable likelihood, consequences (favourable and unfavourable), and timing of a future event or situation that would affect the company.“ (Felix Kloman) Risk Maturity And Culture • What is the current risk maturity level; • Where do you want it to be? (in relation to size and complexity of municipality?) • What is the prevalent risk culture? • What are the findings of the Auditor General; and • What communication and training strategies are required? Selecting A Framework • It is important for the municipality implementing ERM to understand at least some of the vast body of knowledge related to ERM so that management can make intelligent decisions about how best to implement it. • Such decisions include selecting an appropriate risk framework and adapting it to the needs and inner workings of the municipality. Risk Management Framework • Risk management policy and standards developed in line with organisational realities and strategies • Risk reporting structures and accountabilities (integrated into existing structures) • Clear training and communication plan taking into consideration risk culture and maturity Deploying Technology Effectively • Quality of an ERM implementation depends on the people and programs and not just technology. • Ensure risk management packages uses a methodology that is tailored to the framework the organization has chosen. • First implement manual systems Integrating Strategy And Human Resources Into ERM • It is important to integrate both strategy and human resources (HR) into the ERM process. • From an HR perspective, specific goal-setting tied to the success of ERM must be part of an individual's performance management plan; without this, the implementation exercise may fail. In summary • Council buy-in and leadership is a prerequisite; • Understand the culture and current practices; • Ensure accountability and performance management; • Only use software once processes have been embedded; • Ensure that the risk management framework is in place; and • Support implementation with good communication and training. RiskSolve “The risk mitigation frontier” Contact Details: www.risksolve.net Christopher Whittle Tel: 082 771 8833 info@risksolve.net www.risksolve.net