Add to collection(s) Add to saved
  1. Business
  2. Management

Doug Webster

advertisement 
Enterprise Risk Management
Dr. Doug Webster,
CGFM, PMP
Financial Management in Challenging Times
May 13, 2009
Why Worry About Risk?




One of the most commonly heard words in the
news for more than a year has been:
Change
Those in public service are the ones who have to
deal with and implement this change.
But how will you plan for and react to change?
A reluctance to change causes many to seek a
“burning platform”
Change Drives Risk
The change that you internally
implement in response to external
change can take different forms
Options
Urgency
and Risk
Proactive
Change
Reactive
Change
Reactive
Change in
Crisis
Managing Change =
Managing Risk



Managing an organization requires more than
tradeoffs between costs and benefits
Risk must be considered, but traditional risk
management has failed us
Risk management is:




Often reactive and not strategically driven
Typically conducted within functional silos
Inconsistently applied across the organization
Enterprise level change requires enterprise level
risk management that overcomes these
shortcomings
So What is ERM?
"…the discipline by which an organization
in any industry assesses, controls,
exploits, finances, and monitors risks from
all sources for the purpose of increasing
the organization's short- and long-term
value to its stakeholders.”
~ Casualty Actuarial Society,
Enterprise Risk Management Committee, 2003
Key Principles


ERM seeks to optimize risk management
across the enterprise and address the
shortcomings of traditional risk
management
ERM is:
1.
2.
3.
strategically aligned
multi-functional/comprehensive
consistently applied across the enterprise
1) Strategically Driven

Effective risk management:
1.
2.

Responds to risks external to the organization that
could impact strategic goals and objectives
Manages internal risks that could impede
achievement of strategic goals and objectives
Current risk management is not driven by the
strategic planning process (which is often a
compliance exercise)
2) Comprehensive


IT Security
IT Capital Investment
Financial Reporting
Functional
Risk Areas
?
?
Functional
Area “Silos”
Missed risks due to lack of ownership (risk in the “white
space”*)
Ignorance of impact of risk management decisions
outside of the silo
* Rummler, Geary A.; Alan P. Brache (1995). Improving Performance: How to Manage the
White Space in the Organization Chart
3) Consistent
Functional
Risk Areas
Portfolio-based
Risk assessment
and management
Internal
Controls


COOP
Budget
Demographics Etc.
Functional &
Thematic Area “Silos”
Risk management must be consistently applied across the
organization (consistent risk ROI)
Risks are balanced with rewards within an explicit risk tolerance
Analytical:


Integrational:


Analysis of specific
risks
Evaluation of a risk
portfolio
Decisional:

Integration of risk
into business decision
making
Risk Portfolio
Other Business Considerations
(Rewards)

Financial
IT Security
Physical Security
Programmatic
Etc.
Stages of Risk Management
Strategically Aligned
Business Decisions

“Risk management”
personnel (actuaries,
auditors, IT security
specialists, etc.)
}
Financial
IT Security
Physical Security
Programmatic
Etc.
Risk Management
Stakeholders
Risk Portfolio

Operational
management
}
Risk Portfolio
Other Business Considerations
(Rewards)
Financial
IT Security
Physical Security
Programmatic
Etc.
Risk Management
Stakeholders
Strategically Aligned
Business Decisions

Executive/strategic
management
}
Risk Portfolio
Other Business Considerations
(Rewards)
Risk Management
Stakeholders
Strategically Aligned
Business Decisions
Isn’t OMB A-123 Risk
Management?
Internal Control is an integral component of
an organization’s management that provides
reasonable assurance that the following
objectives are being achieved:



Effectiveness and efficiency of operations,
Reliability of financial reporting, and
Compliance with applicable laws and
regulations.
—GAO/AIMD-00-21.3.1, November 1999
ERM is much more than A-123
Difference


A-123 is focused on Internal Controls
ERM focuses broadly on risk management (internal and external)
across the enterprise
Difference


#2
A-123 / Internal Control reviews look backwards
ERM looks forward into the future
Difference

#1
#3
A-123 lacks two attributes found in current ERM Frameworks and
practice:
Comprehensive
- covers ALL risks in an organization, not just internal
controls
Consistent– evaluates functional risks on a common basis across the
entire organization
Requirements for ERM
Success






Risk management is viewed as an inherent function of
all management and decision making
Senior leadership establishes an explicit risk tolerance,
and balances risk vs. reward in terms of strategic goals
and objectives
Operational and executive management balances risk
across functions comprehensively and consistently
Risk professionals are viewed as partners in managing
risk, not the “owners” of risk
ERM Requires More than Risk Management…it Requires
Organizational Change Management
Learn and dialog: www.federalerm.com
Related documents
Comcover Fact Sheet - Department of Finance
Comcover Fact Sheet - Department of Finance
WCMSRiskManagement
WCMSRiskManagement
Presentation Title
Presentation Title
Risk
Risk
ENTERPRISE RISK MANAGEMENT, Implementation challenges
ENTERPRISE RISK MANAGEMENT, Implementation challenges
What is Enterprise Risk Management?
What is Enterprise Risk Management?
Presentation PPT
Presentation PPT
Risk Management - University of Connecticut
Risk Management - University of Connecticut
Managing Risk for Opportunity
Managing Risk for Opportunity
Download
advertisement