The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
2014.03.20 BDM Transport Insurance Seminar presentation
1. Living and working in a riskier world
From Risk Management to Risk Leadership
20 March 2014
Julia Graham
FERMA President
2. What we stand for
Co-ordinate, promote and support the development and use
of risk management, insurance and risk financing in Europe
Be a significant stakeholder in the decision making process
at the European level on risk management, insurance and
risk financing
– Profession
– Innovation
– Diversity
We go where others do not go
Leading risk management and insurance across Europe
3. Where we are
22 member associations in 20 countries
4336 individual
members who are
responsible for risk
management and / or
insurance in their
organisations
5. Our leadership team
Pierre Sonigo
Secretary
General
Florence Bindelle
Executive
Manager
Alessandro
de Felice
Vice President
Michel Dennery
Vice President
Jo Willaert
Vice President
Julia Graham
President
Fernand
De Winter
Treasurer
6. Three lines of defence
Source: ECIIA - Making the most of the Internal Audit Function
7. Risk management
“Why do you have brakes in a car? So you can drive faster safely. Why do you have good risk
management? So you can pursue your business goals more energetically….” FT
"In an emergency the driver needs to know where the brakes are and how to use them properly.
This is why you need good crisis management" …. JG
8. Old risk management
– Risk management as stand alone activity
– Driven by audit
– Based on rules
– Of-the-shelf systems and solutions with pre-determined lists of risks
– Focused only on threats
– Mainly hard controls about tangible things – insurable
– Artificially implemented or imposed
– Stand-alone and not part of the business
– Static, out-of-date – "we've done that" and filed away
– Viewed as purely a cost overhead
– Abandoned because nobody pays attention
Source: International Federation of Accountants - IFAC
10. It's risk management Jim but not as we've known it
A strategic business
discipline that supports
the achievement of the
organisation's
objectives by
addressing the full
spectrum of its risks
and managing the
combined impact of
those risks as an
interrelated risk
portfolio
11. New risk management
– Risk management driven by objectives
– Board and management driven – by example and from the top of the business
– Based on principles and not rules
– Tailor made to the business
– Focused on opportunities as well as threats
– As much about social / human / cultural aspects – not insurable
– Organically implemented
– "Part of the way we do things here" - integrated
– Dynamic, evolving – not left on a shelf
– Creates results and add value – with measures
– Supported and long term
Source: International Federation of Accountants - IFAC
12. Leadership in risk management
• Board level supervision of risk management increasing and there is increasingly a
role for leadership of risk management
• The majority of companies have education and review processes in place that keep
the Board informed about risk exposures
• Most think communication between the Board and the "CRO" could be better
• Companies aspire to improve the link between risk management and strategic
planning
• Risk management has some way to go to use the risk management function for
making more effective strategic decisions
• Risk-based incentives as part of remuneration slow
• Brand and reputation rising concerns
• Some executives and "experts" cite lack of risk management talent as an important
area especially in emerging products and markets
• Processes to define risk appetite now in place at nearly half of the companies
Source: Leadership in Risk Management – Zurich, Harvard, FERMA and PRIMO
14. Standards commonly used
Source: RIMS 2013 Benchmark Survey Produced by Advisen
All rights reserved.
ISO 31000 up 5% from 2011
COSO up 2% from 2011
15. COSO ERM and ISO 31000 are different
Preferences can vary bias -
audit and risk
COSO ISO 31000
Lengthy Short
Focused on ERM General approach to managing risk
One cube Framework and process
Skewed to negative Risk can be positive or negative
Risk already exists Risk tied to achieving objectives
Risk & opportunities Opportunities also source of risk
More sequential process More iterative process
Many organisations use COSO and ISO 31000
16. Reputation is now higher in our risk thinking
Reputations take years to build and minutes to destroy
More than giving correct advice and more than a brand
– understanding the value of reputation - often the largest asset
– taking ownership of reputation
– having a holistic and systematic risk management process
– understanding the expectations of our clients
– identifying the main causes of risk
– applying joined up management
– viewing reputation as a risk consequence
– having good crisis management for when things go wrong
17. Roads to Resilience "future proofing"
The next risk management generation
Capability to deal with the unexpected
Everyone acutely aware of risk – "bristling with risk awareness"
Not a special function – everyone's job
Widening scope of risk
Widening of knowledge and skills for the "risk manager"
Moving away from physical assets and people
Client experience, brand and reputation key assets
The range of assets at risk has changed
In the world of social media firms cannot risk manage as if nothing has changed
Risk management more facilitators than managers
All levels of risk embraced
Evolution from risk management to building resilience
18. Principles of the resilient organisation
Exceptional radar
Value and build strong relationships internally and externally
Leaders that are respected and respectful
The ability to respond rapidly
Diversified resources
We live and work in a riskier world
Top Management
– Board directors believe that they should spend more time on strategy, talent and
risk
Risk Managers
– Risk managers must develop business leadership skills, become a business
discipline and add significant value - or stay as fragmented technical people
called upon only when needed
Source: Roads to Resilience AIRMIC
19. Challenges to achieving resilience
The Risk Manager
Overcoming barriers
– don't over analyse
The role is changing
– no hiding behind rules and regulations
– valued senior advisor
– get out and engage
More about culture, behaviour, mind-set and insights
Enablers and behaviours
People and culture
Business structure
Strategy, tactics and operations
Leadership and governance
20. Risk management will become risk leadership
Position
risk management will continue to assume a higher priority
strong board involvement advocated to facilitate strategic and enterprise-wide risk
more energy devoted to defining risk appetite, tracking, measuring and analysing risk
Challenges
risk ownership and communication at all levels
links between risk management and strategic planning and management
communication between the board and risk management
risk based incentives
risk management talent pool with the right talent
risk forecasting
Evidence to suggest that well risk managed businesses will be more profitable
21. Risk management will be recognised as a profession
What profession?
Predicted that there will be fewer but more senior professionals
– as risk management matures and moves towards first line management
The profession is generic and requires definition
Professional certification:
– knowledge
– experience
– ethics
– continuing professional development
– business and operational model
Some similarities to Non Executive Directors
Watch this space ….
23. In summary
Effective risk management is NOT just about compliance
Risk is at the heart of strategy and effective risk management should be an enabler
and a potential differentiator
Growth in a flat market can only be achieved by taking risks – these must be
calculated and transparent
Reputation is critical and reputation risk management should be prioritised
The tone is set at the top and the C-suite will take a stronger role in leading the risk
management effort in Europe
The information required to take risk aware decisions is most likely to exist already
inside the company
Risk management must be owned by the business
Risk managers must be fit for the challenge