Enterprise Risk Management October 12, 2010 PwC ERM Defined ERM is a principles-based approach to manage, not just minimize, risk • ERM is: - A process built into routine business practices - Designed to identify emerging events with the potential to affect the entity, assess the potential impact consistently and to manage risk within a pre-determined risk appetite - Geared to the achievement of objectives - Applied across the enterprise - Tied to the organization’s strategic goals ERM is about the routine execution of risk management principles built into normal business operations PricewaterhouseCoopers Slide Risk Defined We define “risk” as: Any event that impacts your company’s ability to meet its strategic objectives or sustain key processes We are answering the question “The risk to what”? PricewaterhouseCoopers Risk Defined To use an analogy: • When risks are NOT tied to your objectives it is like asking people to navigate an uncharted minefield • It is an avoidance strategy – stay as far away from the mines (risks) as possible • If someone steps on one (risk event) everyone scatters • The team’s focus is down on the ground, not on the other side of the field (objective) PricewaterhouseCoopers Risk Defined To use an analogy: Confirming objectives • When risks are tied to your objectives it more closely resembles coaching a football game • You confirm your game objectives Identifying & Assessing barriers (Risks) • You study the defence IN ADVANCE of the game (risk identification) and assess who the biggest defensive threats are (risk assessment) • You choose plays that navigate through the defence and assign blocking assignments (Ownership) • You run plays and block the ball carrier, double teaming their best players (mitigation/controls) • It’s identifying and managing barriers to success in advance to increase performance PricewaterhouseCoopers Assigning ownership Responding to risks by priority = Achieving objectives Evolving how we view risk Think of risk as NEUTRAL Liability Vs Financial Instability Financial Strength Product / Service Failure Staff Health and Safety Incident Product / Service Innovation Risk Reputational Damage Opportunity Public endorsements Improved staff safety record Lowered competitive advantage Competitive superiority Government relations challenge Positive Gov Influence Poor Succession Plan PricewaterhouseCoopers Effective Staff Transitions Issues Driving Focus on ERM The business and regulatory environments have become increasingly complex, raising corporate risk profiles Higher Risk Profiles • Increasing scope and complexity of business activities • Increasing risks from technology (e.g., Higher Expectations • Regulators expect corporate risk infrastructure to be commensurate with and scale of business activities speed of execution, data vulnerability) • Investors demand more corporate visibility and accountability for risk management • Continuous changes in regulatory • Rating agencies (e.g., S&P and Moody’s) are requirements evaluating risk management program effectiveness Strategic consequences exist if companies are unable to manage risk, compliance and control requirements effectively • Depressed market value and share price • Financial losses and/or damaged reputation • Regulators / legal noncompliance resulting in damaged reputation/costs, • Regulatory enforcement actions which limit acquisition/strategic plans PricewaterhouseCoopers Slide Risk Management Maturity Scale Business Performance Management Business continuity protection Risk management embedded within key processes & culture Link between RM and capital allocation Centralized risk mgnt across divisions tied to objectives ERM Centralized risk management across divisions Crises management and compliance Common risk language created across independent divisions Divisions manage their own risks (independent actions/language) Avoiding personal liability / failure (the personal fear factor) Compliance with corporate governance standards (fiduciary responsibility) React to your own company crises PricewaterhouseCoopers Issues Driving Focus on ERM CEOs and Boards find value in ERM beyond S&P compliance CEOs find value because ERM: • • • • Helps align organizational elements around the enterprise strategy and increases the likelihood of achieving plan objectives Creates a common language and a common approach to identifying, assessing and managing risk efficiently, effectively and in prioritized manner Increases management confidence related to meeting targets including taking on new programs (acquisitions, business transformation, etc) Results in cost reduction opportunities by reducing surprises and increasing the efficiency of the internal risk management spend Directors find value because ERM: • • • Provides a routine program that updates the organizational risk profile for changes ( internal and external) Involves the Board in the discussion and with more information upon which they can make their decisions Provides a new basis to monitor management decisions and actions PricewaterhouseCoopers Slide Leading Practices in ERM Leading practice ERM programs are not stand-alone, “layeredon” processes, but rather embedded within normal business operations and existing processes Validate/Refine Strategy Business Cycle Key Controls Business Strategy & Planning Business Process & Execution • Explicit integration of risk identification and assessment into strategic planning • Set risk appetite and ensure its consistency with strategy • Integrate financial planning and risk assessment • Allocate capital to business units / risk activities • Set business and individual performance goals • Manage key risk indicators related to meeting performance targets • Enterprise risk management policy standards and controls including limits • Consistent risk measures and aggregation Policy Resources Procedures Process Evaluation • Aggregated enterprise risk/performance reports • External reporting • Risk and performance data infrastructure • Modify risk planning based on results Analysis Reporting Implement Response Strategies / Practices Systems Infrastructure PricewaterhouseCoopers Slide 12 Leading Practices in ERM Process to Identify, Assess, Manage and Monitor Risk Decide Tolerance Identify and Analyze Risks State and Prioritize Objectives Hazard Objectives Map Uncertainty Assess and Design Control Determine Risk Strategy Opportunity Risk Management Response Risk Map Business Impact Criticality Illustrative Control Map Business Impact of Risk High High Most Critical Objectives Eliminate Risk High Most Critical Risks High Transfer Risk Critical Control Improvement Areas Accept Risk Reduce Risk Low Low Immediate Long-Term Timing Excessive Control Areas Low Low High Probability of Occurrence Over Under Level of Control Action Planning and Reporting of Residual Risk PricewaterhouseCoopers Slide 14 Leading Practices in ERM Risk Analysis Matrix Impact 10 Inherent Risk Residual Risk Tolerance (target) 10 Likelihood PricewaterhouseCoopers Slide 15 Leading Practices in ERM Example Enterprise-Level Risk Profile and Report of Residual Risk Compared to Risk Tolerance Conclusions Financial Operational Strategic Market Information Organizational Legal / Political Capital Adequacy Dealer / Distributor Competitive Commodity Decision Process Culture Governance Credit Engineering Industry Equity Information Technology Human Resources Litigation Financial Process Environmental Marketing Foreign Exchange Organization Political Financial Rep Compliance Equipment Technology Interest Rate Insurance Health and Safety Macroeconomic Liquidity Product Quality Natural Disaster Tax Regulatory Compliance Stakeholder Security Regulatory Tolerance Evaluation Significantly Over Slightly Over Within Tolerance Supplier PricewaterhouseCoopers Slide 16 Case Study TRADITIONAL BALANCE SCORECARD Objective Perspective Measures (KPI) Tgt Yr 2010 Tgt Yr 2011 Initiative Initiative Initiative 15% improvement per year Initiative Initiative Initiative Financial Base year; F1a.% of controllable see REM1 costs to total fixed costs below Customer Perspective C1.Identify Service Expectations and increase "Internal" Customer Satisfaction C1a.KPI Survey Results Internal Processes P1 Asset / infrastructure improvements P1a.Asset improvement 10% renewal 20% renewal work plan in 2010 in 2011 Learning & Growth Initiatives 9% 3% Reduction Reduction see REM2 see REM3 below blow F1.Provide efficient cost and effective services to customers Implement Surveys Tgt Yr 2012 90% Satisfaction Initiative 20% renewal Initiative in 2012 Initiative PR1a % of workforce PR1 Develop, communicate that understands and execute strategy strategy 25% 50% 80% Initiative Initiative Initiative L1.Attract a competent workforce /Recruiting Process 40% 90% 50% 95% 60% 100% Initiative Initiative Initiative 75% Initiative Initiative Initiative LR1 Ensure human capital readiness through succession planning PricewaterhouseCoopers L1a Offer acceptance rate LR1a % of key positions with succession plans in place 20% 35% 17 Case Study BALANCE SCORECARD INTEGRATED WITH ERM Objective Measures (KPI) Target Yr Target Yr Target Yr Risk Risk Risk Scores Measures Initiatives (I*L) (KRI) • Employees view and manage their objectives, and risks, simultaneously • Management has a holistic view of their company • Recognizes the barriers to success in a transparent manner PricewaterhouseCoopers 18 Benefits of ERM As the organizational competency around identifying and assessing risk increases, the portfolio of unknown risk events shrinks and with it the probability of surprise! Initial Risk “Radar” Intermediate Risk “Radar” Advanced Risk “Radar” Unknown Unknowns (Unidentified Risks) Unknown Unknowns Known Unknown Unknowns Unknowns Known Unknowns Known Unknowns Known Unknowns Known Unknowns Known Knowns Known Knowns Known Knowns Known Knowns Unidentified Risks Identified Risks Continuous risk management processes, instead of episodic efforts, result in a more well defined and understood risk universe PricewaterhouseCoopers Slide 20 Benefits of ERM ERM as a management tool provides benefits that enhance the corporate culture Surprises: • Reduced Operating costs: • Moderated New projects: • Successful Management Attention: • Focused on execution of strategy Cost of capital • Minimized PricewaterhouseCoopers Business Planning: • Increased thoroughness • More anticipatory and aggressive Plan Execution: • More Explicit • Improved effectiveness • Improved communication • More easily monitored Management and employees: • Better understand responsibilities • Improved accountability • Anticipate risk vs react Competitive Advantage: • Improved and achieved Slide 21 In Summary ERM is about the routine execution of risk management principles built into normal business operations Richard Wilson Director, Risk & Regulatory Advisory Services 416.941.8374 richard.m.wilson@ca.pwc.com PricewaterhouseCoopers Slide 23 [...]... High Most Critical Risks High Transfer Risk Critical Control Improvement Areas Accept Risk Reduce Risk Low Low Immediate Long-Term Timing Excessive Control Areas Low Low High Probability of Occurrence Over Under Level of Control Action Planning and Reporting of Residual Risk PricewaterhouseCoopers Slide 14 Leading Practices in ERM Risk Analysis Matrix Impact 10 Inherent Risk Residual Risk 8 6 4 2 Tolerance... Practices in ERM Process to Identify, Assess, Manage and Monitor Risk Decide Tolerance Identify and Analyze Risks State and Prioritize Objectives Hazard Objectives Map Uncertainty Assess and Design Control Determine Risk Strategy Opportunity Risk Management Response Risk Map Business Impact Criticality Illustrative Control Map Business Impact of Risk High High Most Critical Objectives Eliminate Risk High... Known Knowns Unidentified Risks Identified Risks Continuous risk management processes, instead of episodic efforts, result in a more well defined and understood risk universe PricewaterhouseCoopers Slide 20 Benefits of ERM ERM as a management tool provides benefits that enhance the corporate culture Surprises: • Reduced Operating costs: • Moderated New projects: • Successful Management Attention: • Focused... the barriers to success in a transparent manner PricewaterhouseCoopers 18 Benefits of ERM As the organizational competency around identifying and assessing risk increases, the portfolio of unknown risk events shrinks and with it the probability of surprise! Initial Risk “Radar” Intermediate Risk “Radar” Advanced Risk “Radar” Unknown Unknowns (Unidentified Risks) Unknown Unknowns Known Unknown Unknowns... through succession planning PricewaterhouseCoopers L1a Offer acceptance rate LR1a % of key positions with succession plans in place 20% 35% 17 Case Study BALANCE SCORECARD INTEGRATED WITH ERM Objective Measures (KPI) Target Yr Target Yr Target Yr 1 2 3 Risk Risk Risk Scores Measures Initiatives (I*L) (KRI) • Employees view and manage their objectives, and risks, simultaneously • Management has a holistic... Leading Practices in ERM Risk Analysis Matrix Impact 10 Inherent Risk Residual Risk 8 6 4 2 Tolerance (target) 2 4 6 8 10 Likelihood PricewaterhouseCoopers Slide 15 Leading Practices in ERM Example Enterprise- Level Risk Profile and Report of Residual Risk Compared to Risk Tolerance Conclusions Financial Operational Strategic Market Information Organizational Legal / Political Capital Adequacy Dealer... Minimized PricewaterhouseCoopers Business Planning: • Increased thoroughness • More anticipatory and aggressive Plan Execution: • More Explicit • Improved effectiveness • Improved communication • More easily monitored Management and employees: • Better understand responsibilities • Improved accountability • Anticipate risk vs react Competitive Advantage: • Improved and achieved Slide 21 In Summary ERM is... risk vs react Competitive Advantage: • Improved and achieved Slide 21 In Summary ERM is about the routine execution of risk management principles built into normal business operations Richard Wilson Director, Risk & Regulatory Advisory Services 416.941.8374 richard.m.wilson@ca.pwc.com PricewaterhouseCoopers Slide 23 ... Safety Macroeconomic Liquidity Product Quality Natural Disaster Tax Regulatory Compliance Stakeholder Security Regulatory Tolerance Evaluation Significantly Over Slightly Over Within Tolerance Supplier PricewaterhouseCoopers Slide 16 Case Study TRADITIONAL BALANCE SCORECARD Objective Perspective Measures (KPI) Tgt Yr 1 2010 Tgt Yr 2 2011 Initiative Initiative Initiative 15% improvement per year Initiative