Add to collection(s) Add to saved
  1. Business

Risk Team Structures: Formal or Informal?

advertisement 
Risk Team Structures: Formal
or Informal?
Getting the Risk Mgmt Job Done Under Any Model
Chris Mandel, Former President, RIMS
2003 Risk Manager of the Year
What Do Many Risk Managers Do?
•
•
•
•
•
Buy Insurance
Supervise Safety
Handle Claims
Administer Insurance Policies
Report to Management on:
– Losses
– Insurance marketing results
– Loss Prevention Programs
What Do Some Risk Managers
Do?
• Identify Hazard Related Exposures
• Identify and negotiate insurance product solutions to
finance related risks and move them to third party
insurers
• Hope to get the policies in less than 6 months
• Assess where prevention techniques are most useful
and worthy of resourcing and make the business case to
management for funding
• Aggressively attempt to minimize the payment of loss
dollars for claims and litigation, especially those self
insured, to minimize the cost of risk.
• Report to management of premium and claim dollars
saved, losses prevented and the total cost of risk against
a typically industry based benchmark
• Work with brokers and selected internal functions, to
achieve all of the above
What 2 Things Should Risk
Managers Do?
• Be well versed in all key aspects of core
company operations, key staff functions and
business strategy, that generate or have the
potential to generate, the most significant
exposures to the firm.
• Apply a comprehensive and customized risk
management model to all significant or material
risks, operational, financial or business/strategic
and regardless of whether insurable or not.
The Risk Management Model
• Identify all significant or material risks to the
enterprise
• Assess the magnitude of each risk to confirm
materiality
• Measure each risk quantitatively or qualitatively
to establish trackable metrics
• Develop and implement mitigation strategies for
each risk that reduce risk values to acceptable
levels and ensure that each strategy is effective
• Monitor and report to relevant interest parties,
the information each needs to manager their
aspect of the business
Risk Team Structures
“Risk Management structures are usually tailored to an individual company and reflect
the nature, likelihood and magnitude of risk faced by the company.” *
To accomplish the risk mgmt mission, certain key functions must be performed. They
can be achieved by both formal and informal team structures, by either dedicated or
part-time, in-house or external resources.
However, the key to successful risk management execution is to form, develop and
align with your strategy, the right internal and external partnerships with key risk
stakeholders and risk owners.
Three Primary Approaches and the Relevent Criteria to Consider:
- Traditional
- Progressive
- Advanced
Traditional Approach
•
•
•
•
•
•
•
Hazard Focused
Insurance solution oriented
Limited perspective on the risks of the entity
Heavily dependent on intermediaries
Low to medium management priority
No to low governance priority
Executable with dedicated, part time or
outsourced resources
Traditional Risk Management Model
CEO
Finance or Legal
Sub-Depart. Head
FT Risk Manager or Officer
Claim
Function
Benefit
Function
Risk Financing
Function
Business Continuity
Function
Safety
Function
Security
Function
Captive
Administration
Pros and Cons
First, remember that each company’s needs drive the
response to this question.
Pros:
• Narrow focus easier to execute well
• Well understand sources of loss; readily available
solutions to finance and transfer
• Much available talent to manage
Cons:
• Ignores what are likely to be the most significant risks to
the firm
• Heavy dependence on third parties may jeopardize
effectiveness
Progressive Approach
• Recognizes the need to look beyond insurable risks
• Recognizes process ownership
• Recognizes that process owners can’t be risk owners
and that risk owner engagement is critical to successful
risk management
• Higher management and governance priority attached to
managing risk
• Less executable with heavy dependence on external
sources of expertise
• Success depends on full time dedicated, internal
expertise trusted by management and governance
• Recognizes the need for alignment with key risk
stakeholders
Progressive Risk Management Model
CEO
Finance or Legal
FT Risk Manager or Officer
Corporate Insurance Process
Including Captive
ERM Process
Risk Owners
Claim
Function
Safety
Function
Risk Owners
Security
Function
Benefit
Function
Business Continuity
Function
Pros and Cons
Pros:
• More likely to be prepared for uninsurable events
• More management and governance attention to risk
issues
• Less dependency or third party services
Cons:
• Usually in the developing stage and often difficult to sell
and gain permanent traction with management
• Difficult to find external sources of expertise that
comprehensively understand the firms exposures and
how they can best be managed
Advanced Approach
• “C suite” power base with other key functional
leaders
• Full acceptance of need for comprehensive,
state-of-the-art and urgent risk management
methods, tools and techniques
• Clear delineation between process and risk
ownership
• Recognition of insurance as just one of many
mitigation strategies
• Typically complete integration with strategic
planning processes
Advanced Risk Management Model
CEO
CFO
Chief Risk Officer
General Counsel
Other Senior Officer
Enterprise Risk Process
Business Risk Owners
Financial Risk Owners
Operational Risk Owners
Corp Ins
Function
Safety
Function
Security
Function
Benefit
Function
Business Continuity
Function
Advanced Approach
Pros:
• Surfaces key risk issues quickly and effectively
• Evidences engagement by all key risk
stakeholders and owners
• Minimizes the likelihood that risk values will
exceed tolerances or that controls will be less
than effective
Cons:
• Expensive to implement
• Expertise difficult to find and keep
• CRO as scapegoat for all that goes wrong
Relevent Criteria for Selecting Your
Approach
Criteria:
• Company Risk Profile and Tolerance for Risk
• Company Size and dispersion
• Operational and Strategic Complexity
• Company Structure and Management Style
• Sources and likelihood of large or catastrophe losses
• Availability of Reliable, Accurate Data
• Governance Expectations for controls and reporting
• Management expectations for controls and reporting
• Sources and costs of expertise within or available to the
firm
• Level of concern for control over sensitive information
Key Risk Stakeholders
Risk
Managemen
t
Internal
Audit
RM
Framework
Business Unit
Compliance
Risk Owners
Planning
Process
Engineering
Keys to Cross Functional
Effectiveness
• Clear understanding of how “risk” is defined
• Clear communication of risk management
processes
• Clear articulation of risk stakeholder process
roles, timelines and deliverables
• Regular and meaningful communication on key
risk issues
• Processes for incenting and measuring
accountability
• Getting the right information and data to the right
people at the right time for the right reasons
Risk Management Best Practices
• Truly Business – Critical Exposures are best
identified and mitigated by line.
• Risk aggregation is a key role for the risk
management process owner.
• The ERM COE ensures proper tools for rigorous
measurement and quantification of risks, and helps
drive incentives to elevate risk mitigation.
• Embedding risk management in existing process.
• A more disciplined approach to risk
communications.
• Risk reporting should be specific to the target
audience.
Source: CFO Working Council
Best Practices (cont’d)
• Use standardized templates and key future market
conditions assumptions
• Key earnings drivers and mitigations strategies for
low probability, high-impact scenarios tested for
resilience
• Process leverages cross-functional expertise
• Assign owners for each critical mitigation step
• Updated assessments of risk and opportunities
are embedded in core reporting processes
• Require business unit and functional leaders to
defend risk mitigation performance to Board and
CEO directly
• Balanced scorecards & incentives calculations
used to evaluate and reward mitigation
performance
Source: CFO Working Council
Why Risk Mgmt Initiatives Fail
• Lack of CEO and executive sponsorship
• Poor communication culture and/or high
level control environment divorced from
business objectives
• Unclear roles/responsibilities/organizational
structures
• Poorly defined/inconsistent risk policy
• Undefined risk universe and no common
language
• Poor/inconsistent operational risk
identification process
Source: 2003 KPMG Operational Risk
Study
Why Risk Mgmt Initiatives Fail
• No linkage of risks to the control framework
• Over-engineered risk measurement and
evaluation
• Reporting templates that do not integrate with
business requirements
• Unclear escalation channels
• Poor action-tracking and project management
systems
• Poor education and communications programs
Source: 2003 KPMG Operational Risk
Study
Related documents
Five Pillars of American Enterprise
Five Pillars of American Enterprise
Who are your stakeholders?
Who are your stakeholders?
Expository Essay: Career Research
Expository Essay: Career Research
ASK Money Matters & Marketing ASK Team 4
ASK Money Matters & Marketing ASK Team 4
Directions: Use your Chapter 22 Presentation Notes PowerPoint to
Directions: Use your Chapter 22 Presentation Notes PowerPoint to
Choosing The Right Path: Decision Making
Choosing The Right Path: Decision Making
Next Move Career Plan - Tacoma Public Schools
Next Move Career Plan - Tacoma Public Schools
Linkage Institutions Study Guide
Linkage Institutions Study Guide
Download
advertisement