SlideShare una empresa de Scribd logo

DRIDeckFinalMar3

C
Chris Mandel, RF, ARM-E
1 de 48
Descargar para leer sin conexión
Risk and Business Continuity Management: A Growing Partnership Opportunity Chris Mandel, RF, ARM-E, CCSA SVP, Strategic Solutions Sedgwick, Inc.
Today’s Agenda • Risk Management Explained • Risk Management Priorities • Key Risk Stakeholders • Risk & Resilience • A Strategic Risk Perspective – Managing Along the Loss Curve • The Risk Mgmt and Business Continuity Opportunity • Key Take-a-ways 2
A Fuzzy Paradigm of Uncertainty WHILE THE RISKS LESS UNDERSTOOD ARE DIFFICULT TO ADDRESS, THEY ARE OFTEN SO SUBSTANTIAL IN IMPACT, THEY CAN’T BE IGNORED “There are known knowns. These are things that we know that we know. There are known unknowns. That is to say, there are things we know we don’t know, but there are also unknown unknowns. These are things we don’t know we don’t know.” Donald Rumsfeld, U.S. Sec of Defense (2002) 3
 Traditional Risk: Possibility of loss or injury (e.g., perils or hazards) Risk Management: The process of analyzing exposure to risk and determining how to best handle such exposure.  RIMS Risk: uncertain future outcome(s) that can either improve or worsen one’s position. Risk Management: Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Defining Risk & Risk Management 4
 COSO Risk: Events with a negative impact represent risks, which can prevent value creation or erode existing value. Risk Management: A process, effected by an entity’s board of directors, management and other personnel, applied to strategy setting and across the enterprise designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.  ISO 31000 Risk: Effect of uncertainty on objectives Risk Management: Coordinated activities to direct and control an organization with regard to risk. 5
Traditional/Defensive • Silo ad hoc approach • Focus on transferring risks • Protect balance sheet through • Insurance • Hedging • Indemnifications • Hazard based • Pure risk – only loss, no gain • Not linked to corporate strategy Integrated/Advanced • Business risk approach • Mitigate controllable risks • Prevent • Reduce frequency • Reduce severity • Focus on lowering insurance costs and retained losses • Collaborative cross-silo interactions • Linked to corporate strategy through event risks and financial objectives ERM • Portfolio approach • Risk-based business decisions across the organization • Address potentially devastating threats and weaknesses • Exploit opportunities and strengths • Manage unwanted variations from expected outcomes • Integrated into strategic planning, operational planning, and day-to-day activities Evolution in Approach Copyright Sedgwick CMS. All Rights Reserved 6
Value Time Financial Operations Management Strategy Enterprise Risk Management • Focus: All Significant Risks • Scope: Support Business Objectives/Consistent, Systematic Risk Management Practices/Risk as a Differentiator Advanced Risk Management • Focus: Individual Business Risks • Scope: Mitigation of Controllable Risks/Manage Risk as an Expense Defensive Risk Management • Focus: Hazard and Casualty Risks • Scope: Risk Transfer/Insurance/Los s Prevention or Mitigation of Insurable Risks 7 A Strong Migration Toward Strategic Influence
Risk Types: A Starting Point for a Framework Strategic • Acquisitions • Business Model • Competition • Demographic Changes • Disruptive innovation • Market • Etc. Operational • Customer service • Infrastructure • Processes • System capabilities • Talent • Etc. Financial • Capital • Cash flow • Credit • Debt obligations • Foreign exchange • Liquidity • Etc. External • Economy • Environment • Geopolitical • Regulatory • Tax policies • Weather events • Etc. 8
BI’s Top 10 Risks of 2014 • Product recalls - This was especially true in the automotive sector as industry heavyweights • Cyber risk - Rapid rise in cyber risk. According to a study by PricewaterhouseCoopers L.L.P., the number of global cyber security incidents in 2014 increased 48% over 2013. The Target breach alone was last estimated at $1B+ in losses. • Ebola fear - The Ebola outbreak that hit several West African nations • Aviation disasters - High-profile mishaps and attacks also affected the aviation and space sector. 9
More of the 2014 Top 10 • Catastrophe losses - 2014 was notable for a relative lack of losses due to hurricanes and convective storms in North America; Napa Valley quake losses ranges from $250 million to $1 billion. • Competition - Abundant capacity throughout much of the commercial insurance sector in 2014 • Acquisitions - Market conditions prompted strategic recalculations as mergers and acquisitions continued to reshape the insurance landscape. Most “emerging” risks are not truly emerging 10
Top “Emerging” Risks for 2015 • Political: Oil Volatility • Cyber: Risk of the Cloud • Aviation: Drones • Terrorism: Islamic Extremism • FI’s: Technology Partners • ERM: Outsourcing • Analytics: Balance Sheet Overconfidence • Environment: Extreme Weather • D&O: Certification Requirements • Executive Risk: Derivatives • Asset Mgmt: Demand for Transparency • Real Estate: Cyber Risk of Tenant Data • Benefits: The Changing Face of Human Capital • Brazil: Corruption • Personal Risk: Device Ubiquity • Global: A Risk is a Risk
Top 5 “Uninsurable” Risks • Nuances and Complexities • Regulation • Reputation • Trade Secrets • Political Risk • Pandemic Risk Source: Risk and Insurance magazine 9/1/14 Falling oil prices, political violence & separatist movements will influence the 2015 global risk landscape
What is an Emerging Risk? • Those issues hat have not manifested themselves sufficiently to be managed using the tools commonly applied to more developed exposures. They are “those risks an organization has not yet recognized or those which are known to exist, but are not well understood RIMS’ “Emerging Risks and ERM” – SwissRe • A condition, situation or trend that could significantly impact the Company’s financial strength, competitive position or reputation within the next 5 years. Emerging risks involve a high degree of uncertainty. It is unclear where an emerging risk will land on the loss curve. - anonymous actuary
Other Definitions • Lloyds: An issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting. • PWC: Those large scale events or circumstances beyond one’s direct capacity to control, that impact in ways difficult to imagine today. • S&P: Risks that do not currently exist. What about black or grey swans?
Traits of Emerging Risks Emerging Risks High Level of Uncertainty Lack of Consensus Uncertain relevance Difficult to Communicate Difficult to Assign Ownership Systemic or “business practice” issues Source: RIMS Executive Report Emerging Risks and Enterprise Risk Management © 2010 RIMS 15
16
Healthcare • Aging workforce • Rising medical costs – Pharmaceuticals • Affordable Care Act (ACA) aka ObamaCare • Wellness programs – Discounted health care costs/employee contribution • Changing employee demographics – Ethnic – Age/Sex/Skills – Priorities – Cultural shift 17
Workforce issues: Talent attraction and retention • Baby boomers retiring – 10,000 baby boomers a day have been turning 65 since 1/1/11 and will continue until 2030 – Smaller future workforce • Future workforce will be very technology savvy • Future workforce will be more demanding – Telecommuting – Flexible hours, etc. • Work/life integration vs. balance • M&A Integration 18
Risk Management and BCP Cause and Effect • Identifies and Assesses Risk • Measurement: Impact and Likelihood • Recommends and Implements Mitigation Strategies • Monitoring and Reporting 19
Risk Management Process Framework for managing risk (Clause 4) Risk treatment (5.5) Communicationandconsultation(5.2) Monitoringandreview(5.6) Process for managing risk (Clause 5) Establishing the context (4.2) Risk assessment (5.4) Process Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk identification (5.4.2) 20
In Search of a Champion Chief Risk Officer Ensure all Risks are Managed Treasurer Reduce Cost of Capital Increase Cash Flow Chief Financial Officer Protect Against Earnings Volatility Competitive Advantage Rating Agencies Chief Executive Officer Manage Risk Profile Increase Value Board of Directors Governance Risk Oversight Key Common Focus of Risk & BCP: SIGNIFICANT EVENTS & RESILIENCE General Counsel Compliance / Contracts & Liitigation 21
Standards in BCP • FFIEC – Gold standard • BS25999 – British standard, first to be “auditable” • ASIS 2010 • NFPA 1600– First U.S. National Preparedness Standard • HIPAA – seven specific items • NIST – Technology focus • CSA Z1600 (Canada) • ISO/TS16949 – 6.3.2 in the quality standard • SEC/NASD standards (NASD 3500) • DRI best practices • SPRING (Singapore) • HB221 – Australia/NZ • Many more… 22
Standards in Risk Management TOOLS GUIDELINES REQUIREMENTS TERMINOLOGY FRAMEWORK RISK QUALITY TECHNOLOGY ENVIRONMENTAL ISO GUIDE 73 ISO 14001 ISO/IEC 27001 ISO/IEC 15408 OHSAS 18001 ISO 31010 NFPA 101 NFPA 75ANSI/ASHRAE 62 HB 436 AS/NZS 4360 ISO 9001 ISO GUIDE 14050 ISO/IEC 27002ISO 10005 SAFETY CSA Q850 SAQ ONR 49001 AFNOR CN FD_X50-252 ISO 31000 PRINCIPLES 23
Most Widely Used Risk Frameworks ISO 31000:2009 • Risk Management – Principles and Guidelines COSO:2004 • Enterprise Risk Management – Integrated Framework OCEG “Red Book” 2.0:2009 • GRC Capability Model™ 24
Principles Framework Process 25
Common & Overlapping Stakeholders 26
Risk Management Stakeholders Key Focus Targeted Outcome Enterprise Risk Management Process Enterprise Risk Management Risk Process Effectiveness Identification and Management of Significant Risks BCP Resilience Recovery & Normalcy Internal Audit Control Testing Effective Controls Compliance Compliance Risks Regulatory Compliance Controller Financial Reporting Sox 404 Compliance Business Units Business Performance Controlling Risks to as well as Meeting Objectives Unified Strategy
Risk & Risk Mgmt in a Strategic Context 28
Do Some Risks Matter More? 29
Managing to Appetite/Capacity/Thresholds FREQUENCY/LIKELIHOOD SEVERITY/IMPACT 30
Two Key Perspectives on Risk Proactive • Objectives Focused • Predictive Indicators • Foresight • Strategic • Creates and captures value Reactive • Event Focused • Post Action Response • After-thought • Transactional • Protects Value 31 DRIVING CONSISTENCY BETWEEN DISCIPLINES IS ONE KEY
Identification, assessment and ownership effectiveness of risks Calculation of investment , resource needs Risk appetite and tolerance statements for key risk categories Evidence of control environment/effectiveness Actions to close gaps Risks to objectives Risks arising from plans to meet objectives Confirmation of risk appetite and tolerance Strategic Planning Risk Appetite Framework Emerging and Dynamic Risks Integrated Enterprise Risk Profile Control Framework Scenario and Stress Testing Strategic View in Risk 32
Future Focused Emerging Risk Scanning Internal Scanning External Scanning Importance Relevance Probability Immediacy Impact Level of Uncertainty Emerging Risk Reporting Trend/Event Implications Status Strategic Direction  Key Indicators  Owner  Plan  Threshold Warnings  Monitoring MACRO MICRO
Macro-level Categories to Consider Environmental Systemic Cultural Technological Societal Geopolitical Economic
External Environment in Layers ORGANIZATION SPECIFIC Clients Customers Vendors/Supply Chain Distributors MICRO/INDUSTRY Direct Competitors Indirect Competitors Markets Sectors Analysts Strategic Alliances MACRO Cultural/Social Technological Economic Environmental Legal & Regulatory More Strategic Operational
ENVIRONMENTAL SCAN EXTERNAL INTERNAL What is ….  Relevant?  Important?  Certain? Scanning Rating Risks 36
Risk Issues Critical to Strategic Success • Identifying emerging risks to plan • Rating emerging risks on: • Relevance • Importance • Uncertainty • Ensuring key risks are addressed/treated • Ensuring an ability to respond for rapid recovery • Monitoring impact of and reporting on emerging risks & plan impacts
RIMS Risk Maturity Model Root Cause Discipline Degree of discipline applied to measuring root cause by: 1) determining sources 2) understanding impacts 3) identifying trends, and 4) measuring effectiveness of controls . Risk Appetite Management Degree of accountability for (1) defining acceptable boundaries 2) calculating and articulating risk tolerance 3) developing a risk portfolio 4) considering scenarios, and 5) attacking gaps between perceived and actual risks. ERM Process Management Degree that a repeatable and scalable risk management process is integrated into business and resource/support units, using a sequential series of steps that support uncertainty reduction and promote opportunity exploitation. Adopt ERM Approach Denotes the degree of executive support for an ERM-based approach within the corporate culture. Activities cut across all processes, functions, business lines, roles and geographies.
Business Resiliency and Sustainability Extent to which an organization integrates business resiliency and sustainability aspects for its operational planning into its ERM process. Performance Management Degree to which organizations are able to execute on vision and strategy in tandem with risk management activities. Uncovering Risks Degree of quality and coverage (penetration) throughout the organization for uncovering uncertainties related to organizational goals achievement. RIMS Risk Maturity Model
Risk & BC Pyramid Working Collaboratively Between Risk and BC will support a Culture of Risk Awareness and Resilience $ Planning Robust Communications Collaborative Knowledge Shared Accountability for a Resilient Enterprise Standard based Risk & BC Framework & Process
Take-a-ways • Resilience is an emerging priority for risk managers • Risk and BC have many common interests including: – Understanding the unknown or poorly understood threats to businesses – Leveraging scenario analysis to drive consensus among stakeholders about relevant scenarios – Leverage stakeholders and resources to embed a resilience strategy into the culture • Developing and leveraging emerging risk processes to get ahead of black and grey swans • Building competitive advantage & ensuring efficiencies through the optimization of risk and BC
Thank you
Chris Mandel. RF. CPCU, ARM SVP, Strategic Solutions Sedgwick, Inc. Chris.Mandel@sedgwick.com www.sedgwickcms.com 210-845-5804 Contact Information
Christopher E. Mandel, CPCU, ARM SVP, Strategic Solutions, Sedgwick, Inc. Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick, Inc. He is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility. Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004. Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment. Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008. CONTACT: Chris.Mandel@sedgwick.com 210-698-8056 o 210-845-5804 m https://www.sedgwick.com
Sedgwick © 2013 Confidential – Do not disclose or distribute. 45 Sedgwick, Inc. The leader in innovative claims and productivity management solutions Sedgwick Claims Management Services, Inc. is the leading North American provider of innovative claims and productivity management solutions. Sedgwick and its affiliated companies deliver cost-effective claims, productivity, managed care, risk consulting, and other services to clients through the expertise of more than 10,000 colleagues in 195 offices located in the U.S. and Canada. The company specializes in workers’ compensation; disability, FMLA and other employee absence; managed care; general, automobile and professional liability; warranty and credit card claims services; fraud and investigation; structured settlements; and Medicare compliance solutions. Sedgwick and its affiliates design and implement customized programs based on proven practices and advanced technology that exceed client expectations. For eight years in a row, Sedgwick has been awarded the distinguished Employer of Choice® certification, the only third-party administrator (TPA) to receive this designation. In 2011 and 2012, the company was named the Best Overall TPA by buyers of risk services through an independent survey conducted by Business Insurance. For more see www.sedgwick.com. © 2013, Sedgwick Claims Management Services, Inc. applies to all content except where otherwise noted
Sedgwick © 2012 Confidential – Do not disclose or distribute. www.sedgwick.com
Uncertainty • Low frequency / high impact • Potential to grow rapidly Consensus • Lack of recognition internally and externally • Drivers, impacts, probability not clear Relevance • Uncertainty over effect on objectives • Perception of being too futuristic to matter Copyright Sedgwick CMS. All Rights Reserved Communicate • Perception as “unlikely” • Little perceived bearing on existing circumstances Ownership • No one champion / accountable individual • Potential consequences impact multiple resources and objectives Issues • Embedded in existing practices • Complexity not clearly understood Characteristics of Emerging Risks
Risk Management and BCP Cause & Effect BCP – Building Resilience What are the implications of failing to mitigate or prevent losses? Preparation  Structure, planning, resources, testing  Execution  Relocation, operating under duress 48

Recomendados

4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking 4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking PECB
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementCroydon Consulting, LLC
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management ErmNexus Aid
 
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore UniversitySwaminath Sam
 
Emerging Risks
Emerging RisksEmerging Risks
Emerging RisksSociety of Actuaries
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 chungarisk
 
Chapter1 introduction to risk management
Chapter1 introduction to risk managementChapter1 introduction to risk management
Chapter1 introduction to risk managementDr Riyaz Muhmmad
 
Risk terminologies
Risk terminologiesRisk terminologies
Risk terminologiesAnand kumar
 

Recomendados

4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking 4 Steps to Intelligent Risk Taking
4 Steps to Intelligent Risk Taking PECB
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementCroydon Consulting, LLC
 
Enterprise Risk Management Erm
Enterprise Risk Management ErmEnterprise Risk Management Erm
Enterprise Risk Management ErmNexus Aid
 
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 1 - Risk Management - 2nd Semester - M.Com - Bangalore UniversitySwaminath Sam
 
Emerging Risks
Emerging RisksEmerging Risks
Emerging RisksSociety of Actuaries
 
Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 Moving from Process to Purpose, Risk Management after COVID19
Moving from Process to Purpose, Risk Management after COVID19 chungarisk
 
Chapter1 introduction to risk management
Chapter1 introduction to risk managementChapter1 introduction to risk management
Chapter1 introduction to risk managementDr Riyaz Muhmmad
 
Risk terminologies
Risk terminologiesRisk terminologies
Risk terminologiesAnand kumar
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
SaskatchChaptMay14EmergRisks
SaskatchChaptMay14EmergRisksSaskatchChaptMay14EmergRisks
SaskatchChaptMay14EmergRisksChris Mandel, RF, ARM-E
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
risk management
risk managementrisk management
risk managementQue Tomeyz
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesPECB
 
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Types of-risk
Types of-riskTypes of-risk
Types of-riskDr. Ravneet Kaur
 
Chapter2 risk management process
Chapter2 risk management processChapter2 risk management process
Chapter2 risk management processDr Riyaz Muhmmad
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Outputliztaylor
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Risk Management
Risk ManagementRisk Management
Risk ManagementShahan Ullah
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Segun Ogunwale
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Corporate Risk Management
Corporate Risk ManagementCorporate Risk Management
Corporate Risk ManagementShravan Bhumkar
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentnlmccready
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_RiskmanagementHong Tong Wu ???
 
Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016Association for Project Management
 

Más contenido relacionado

La actualidad más candente

6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Resolver Inc.
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Association for Project Management
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskPECB
 
risk management
risk managementrisk management
risk managementQue Tomeyz
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesPECB
 
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Chapter2 risk management process
Chapter2 risk management processChapter2 risk management process
Chapter2 risk management processDr Riyaz Muhmmad
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkColleen Beck-Domanico
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Outputliztaylor
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Segun Ogunwale
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Corporate Risk Management
Corporate Risk ManagementCorporate Risk Management
Corporate Risk ManagementShravan Bhumkar
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentnlmccready
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 

La actualidad más candente (20)

6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management
 
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
Risk Reimagined! Series- The Relationship Between Strategy, Governance and Ri...
 
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
Governance in Enterprise Risk Management, presented by Michael Lawrence, 10th...
 
SaskatchChaptMay14EmergRisks
SaskatchChaptMay14EmergRisksSaskatchChaptMay14EmergRisks
SaskatchChaptMay14EmergRisks
 
Impact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing RiskImpact of Changing World Politics in Managing Risk
Impact of Changing World Politics in Managing Risk
 
risk management
risk managementrisk management
risk management
 
How to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent TimesHow to Manage Strategic & Reputation Risk in Turbulent Times
How to Manage Strategic & Reputation Risk in Turbulent Times
 
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Management
 
Types of-risk
Types of-riskTypes of-risk
Types of-risk
 
Chapter2 risk management process
Chapter2 risk management processChapter2 risk management process
Chapter2 risk management process
 
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management FrameworkHow to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
 
Conference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And OutputConference 2010 Risk Appetite Includes Handouts And Output
Conference 2010 Risk Appetite Includes Handouts And Output
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)Overview of Enterprise Risk Management (ERM)
Overview of Enterprise Risk Management (ERM)
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
Corporate Risk Management
Corporate Risk ManagementCorporate Risk Management
Corporate Risk Management
 
Rejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatmentRejda chapter 1 slides risk and its treatment
Rejda chapter 1 slides risk and its treatment
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 

Similar a DRIDeckFinalMar3

FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA
 
ppt erm.pdf
ppt erm.pdfppt erm.pdf
ppt erm.pdfRJ231
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinarFERMA
 
Role of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based CapitalRole of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based CapitalSonjai Kumar, SIRM
 
Risk Management and Risk Transfer
Risk Management and Risk TransferRisk Management and Risk Transfer
Risk Management and Risk TransferCBIZ, Inc.
 
Introduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewIntroduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewTatianaMajor22
 
Risk management
Risk managementRisk management
Risk managementMAParry1
 
FORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFERMA
 
FX Risk Management – Best Practice Standards for Good Corporate Governance
FX Risk Management – Best Practice Standards for Good Corporate GovernanceFX Risk Management – Best Practice Standards for Good Corporate Governance
FX Risk Management – Best Practice Standards for Good Corporate GovernanceExpoco
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfRobert Serena, FSA, CFA, CPCU
 
Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaAtlantic Training, LLC.
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Ian-Edward Stafrace
 

Similar a DRIDeckFinalMar3 (20)

MAA_Riskmanagement
MAA_RiskmanagementMAA_Riskmanagement
MAA_Riskmanagement
 
Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016Getting the risk basics right, 30th November 2016
Getting the risk basics right, 30th November 2016
 
FERMA presentation at Athens conference
FERMA presentation at Athens conferenceFERMA presentation at Athens conference
FERMA presentation at Athens conference
 
ppt erm.pdf
ppt erm.pdfppt erm.pdf
ppt erm.pdf
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Leading risk culture change webinar
Leading risk culture change webinarLeading risk culture change webinar
Leading risk culture change webinar
 
Role of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based CapitalRole of Enterprise Risk Management in Risk Based Capital
Role of Enterprise Risk Management in Risk Based Capital
 
Risk Management and Risk Transfer
Risk Management and Risk TransferRisk Management and Risk Transfer
Risk Management and Risk Transfer
 
Introduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330OverviewIntroduction to Risk ManagementMana.6330Overview
Introduction to Risk ManagementMana.6330Overview
 
Risk management
Risk managementRisk management
Risk management
 
FORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fictionFORUM 2013 Entreprise risk management: fact or fiction
FORUM 2013 Entreprise risk management: fact or fiction
 
FX Risk Management – Best Practice Standards for Good Corporate Governance
FX Risk Management – Best Practice Standards for Good Corporate GovernanceFX Risk Management – Best Practice Standards for Good Corporate Governance
FX Risk Management – Best Practice Standards for Good Corporate Governance
 
Crisis
CrisisCrisis
Crisis
 
Implementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdfImplementing an Enterprise Risk Management program (2022 updates).pdf
Implementing an Enterprise Risk Management program (2022 updates).pdf
 
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
 
23871
2387123871
23871
 
Crisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of AlexandriaCrisis & Risk Management for Companies Training by University of Alexandria
Crisis & Risk Management for Companies Training by University of Alexandria
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Risk types
Risk typesRisk types
Risk types
 
Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...Improving risk-return and resilience through Enterprise Risk Management — Jul...
Improving risk-return and resilience through Enterprise Risk Management — Jul...
 

DRIDeckFinalMar3

  • 1. Risk and Business Continuity Management: A Growing Partnership Opportunity Chris Mandel, RF, ARM-E, CCSA SVP, Strategic Solutions Sedgwick, Inc.
  • 2. Today’s Agenda • Risk Management Explained • Risk Management Priorities • Key Risk Stakeholders • Risk & Resilience • A Strategic Risk Perspective – Managing Along the Loss Curve • The Risk Mgmt and Business Continuity Opportunity • Key Take-a-ways 2
  • 3. A Fuzzy Paradigm of Uncertainty WHILE THE RISKS LESS UNDERSTOOD ARE DIFFICULT TO ADDRESS, THEY ARE OFTEN SO SUBSTANTIAL IN IMPACT, THEY CAN’T BE IGNORED “There are known knowns. These are things that we know that we know. There are known unknowns. That is to say, there are things we know we don’t know, but there are also unknown unknowns. These are things we don’t know we don’t know.” Donald Rumsfeld, U.S. Sec of Defense (2002) 3
  • 4.  Traditional Risk: Possibility of loss or injury (e.g., perils or hazards) Risk Management: The process of analyzing exposure to risk and determining how to best handle such exposure.  RIMS Risk: uncertain future outcome(s) that can either improve or worsen one’s position. Risk Management: Risk Management (“ERM”) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Defining Risk & Risk Management 4
  • 5.  COSO Risk: Events with a negative impact represent risks, which can prevent value creation or erode existing value. Risk Management: A process, effected by an entity’s board of directors, management and other personnel, applied to strategy setting and across the enterprise designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.  ISO 31000 Risk: Effect of uncertainty on objectives Risk Management: Coordinated activities to direct and control an organization with regard to risk. 5
  • 6. Traditional/Defensive • Silo ad hoc approach • Focus on transferring risks • Protect balance sheet through • Insurance • Hedging • Indemnifications • Hazard based • Pure risk – only loss, no gain • Not linked to corporate strategy Integrated/Advanced • Business risk approach • Mitigate controllable risks • Prevent • Reduce frequency • Reduce severity • Focus on lowering insurance costs and retained losses • Collaborative cross-silo interactions • Linked to corporate strategy through event risks and financial objectives ERM • Portfolio approach • Risk-based business decisions across the organization • Address potentially devastating threats and weaknesses • Exploit opportunities and strengths • Manage unwanted variations from expected outcomes • Integrated into strategic planning, operational planning, and day-to-day activities Evolution in Approach Copyright Sedgwick CMS. All Rights Reserved 6
  • 7. Value Time Financial Operations Management Strategy Enterprise Risk Management • Focus: All Significant Risks • Scope: Support Business Objectives/Consistent, Systematic Risk Management Practices/Risk as a Differentiator Advanced Risk Management • Focus: Individual Business Risks • Scope: Mitigation of Controllable Risks/Manage Risk as an Expense Defensive Risk Management • Focus: Hazard and Casualty Risks • Scope: Risk Transfer/Insurance/Los s Prevention or Mitigation of Insurable Risks 7 A Strong Migration Toward Strategic Influence
  • 8. Risk Types: A Starting Point for a Framework Strategic • Acquisitions • Business Model • Competition • Demographic Changes • Disruptive innovation • Market • Etc. Operational • Customer service • Infrastructure • Processes • System capabilities • Talent • Etc. Financial • Capital • Cash flow • Credit • Debt obligations • Foreign exchange • Liquidity • Etc. External • Economy • Environment • Geopolitical • Regulatory • Tax policies • Weather events • Etc. 8
  • 9. BI’s Top 10 Risks of 2014 • Product recalls - This was especially true in the automotive sector as industry heavyweights • Cyber risk - Rapid rise in cyber risk. According to a study by PricewaterhouseCoopers L.L.P., the number of global cyber security incidents in 2014 increased 48% over 2013. The Target breach alone was last estimated at $1B+ in losses. • Ebola fear - The Ebola outbreak that hit several West African nations • Aviation disasters - High-profile mishaps and attacks also affected the aviation and space sector. 9
  • 10. More of the 2014 Top 10 • Catastrophe losses - 2014 was notable for a relative lack of losses due to hurricanes and convective storms in North America; Napa Valley quake losses ranges from $250 million to $1 billion. • Competition - Abundant capacity throughout much of the commercial insurance sector in 2014 • Acquisitions - Market conditions prompted strategic recalculations as mergers and acquisitions continued to reshape the insurance landscape. Most “emerging” risks are not truly emerging 10
  • 11. Top “Emerging” Risks for 2015 • Political: Oil Volatility • Cyber: Risk of the Cloud • Aviation: Drones • Terrorism: Islamic Extremism • FI’s: Technology Partners • ERM: Outsourcing • Analytics: Balance Sheet Overconfidence • Environment: Extreme Weather • D&O: Certification Requirements • Executive Risk: Derivatives • Asset Mgmt: Demand for Transparency • Real Estate: Cyber Risk of Tenant Data • Benefits: The Changing Face of Human Capital • Brazil: Corruption • Personal Risk: Device Ubiquity • Global: A Risk is a Risk
  • 12. Top 5 “Uninsurable” Risks • Nuances and Complexities • Regulation • Reputation • Trade Secrets • Political Risk • Pandemic Risk Source: Risk and Insurance magazine 9/1/14 Falling oil prices, political violence & separatist movements will influence the 2015 global risk landscape
  • 13. What is an Emerging Risk? • Those issues hat have not manifested themselves sufficiently to be managed using the tools commonly applied to more developed exposures. They are “those risks an organization has not yet recognized or those which are known to exist, but are not well understood RIMS’ “Emerging Risks and ERM” – SwissRe • A condition, situation or trend that could significantly impact the Company’s financial strength, competitive position or reputation within the next 5 years. Emerging risks involve a high degree of uncertainty. It is unclear where an emerging risk will land on the loss curve. - anonymous actuary
  • 14. Other Definitions • Lloyds: An issue that is perceived to be potentially significant but which may not be fully understood or allowed for in insurance terms and conditions, pricing, reserving or capital setting. • PWC: Those large scale events or circumstances beyond one’s direct capacity to control, that impact in ways difficult to imagine today. • S&P: Risks that do not currently exist. What about black or grey swans?
  • 15. Traits of Emerging Risks Emerging Risks High Level of Uncertainty Lack of Consensus Uncertain relevance Difficult to Communicate Difficult to Assign Ownership Systemic or “business practice” issues Source: RIMS Executive Report Emerging Risks and Enterprise Risk Management © 2010 RIMS 15
  • 16. 16
  • 17. Healthcare • Aging workforce • Rising medical costs – Pharmaceuticals • Affordable Care Act (ACA) aka ObamaCare • Wellness programs – Discounted health care costs/employee contribution • Changing employee demographics – Ethnic – Age/Sex/Skills – Priorities – Cultural shift 17
  • 18. Workforce issues: Talent attraction and retention • Baby boomers retiring – 10,000 baby boomers a day have been turning 65 since 1/1/11 and will continue until 2030 – Smaller future workforce • Future workforce will be very technology savvy • Future workforce will be more demanding – Telecommuting – Flexible hours, etc. • Work/life integration vs. balance • M&A Integration 18
  • 19. Risk Management and BCP Cause and Effect • Identifies and Assesses Risk • Measurement: Impact and Likelihood • Recommends and Implements Mitigation Strategies • Monitoring and Reporting 19
  • 20. Risk Management Process Framework for managing risk (Clause 4) Risk treatment (5.5) Communicationandconsultation(5.2) Monitoringandreview(5.6) Process for managing risk (Clause 5) Establishing the context (4.2) Risk assessment (5.4) Process Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk identification (5.4.2) 20
  • 21. In Search of a Champion Chief Risk Officer Ensure all Risks are Managed Treasurer Reduce Cost of Capital Increase Cash Flow Chief Financial Officer Protect Against Earnings Volatility Competitive Advantage Rating Agencies Chief Executive Officer Manage Risk Profile Increase Value Board of Directors Governance Risk Oversight Key Common Focus of Risk & BCP: SIGNIFICANT EVENTS & RESILIENCE General Counsel Compliance / Contracts & Liitigation 21
  • 22. Standards in BCP • FFIEC – Gold standard • BS25999 – British standard, first to be “auditable” • ASIS 2010 • NFPA 1600– First U.S. National Preparedness Standard • HIPAA – seven specific items • NIST – Technology focus • CSA Z1600 (Canada) • ISO/TS16949 – 6.3.2 in the quality standard • SEC/NASD standards (NASD 3500) • DRI best practices • SPRING (Singapore) • HB221 – Australia/NZ • Many more… 22
  • 23. Standards in Risk Management TOOLS GUIDELINES REQUIREMENTS TERMINOLOGY FRAMEWORK RISK QUALITY TECHNOLOGY ENVIRONMENTAL ISO GUIDE 73 ISO 14001 ISO/IEC 27001 ISO/IEC 15408 OHSAS 18001 ISO 31010 NFPA 101 NFPA 75ANSI/ASHRAE 62 HB 436 AS/NZS 4360 ISO 9001 ISO GUIDE 14050 ISO/IEC 27002ISO 10005 SAFETY CSA Q850 SAQ ONR 49001 AFNOR CN FD_X50-252 ISO 31000 PRINCIPLES 23
  • 24. Most Widely Used Risk Frameworks ISO 31000:2009 • Risk Management – Principles and Guidelines COSO:2004 • Enterprise Risk Management – Integrated Framework OCEG “Red Book” 2.0:2009 • GRC Capability Model™ 24
  • 26. Common & Overlapping Stakeholders 26
  • 27. Risk Management Stakeholders Key Focus Targeted Outcome Enterprise Risk Management Process Enterprise Risk Management Risk Process Effectiveness Identification and Management of Significant Risks BCP Resilience Recovery & Normalcy Internal Audit Control Testing Effective Controls Compliance Compliance Risks Regulatory Compliance Controller Financial Reporting Sox 404 Compliance Business Units Business Performance Controlling Risks to as well as Meeting Objectives Unified Strategy
  • 28. Risk & Risk Mgmt in a Strategic Context 28
  • 29. Do Some Risks Matter More? 29
  • 31. Two Key Perspectives on Risk Proactive • Objectives Focused • Predictive Indicators • Foresight • Strategic • Creates and captures value Reactive • Event Focused • Post Action Response • After-thought • Transactional • Protects Value 31 DRIVING CONSISTENCY BETWEEN DISCIPLINES IS ONE KEY
  • 32. Identification, assessment and ownership effectiveness of risks Calculation of investment , resource needs Risk appetite and tolerance statements for key risk categories Evidence of control environment/effectiveness Actions to close gaps Risks to objectives Risks arising from plans to meet objectives Confirmation of risk appetite and tolerance Strategic Planning Risk Appetite Framework Emerging and Dynamic Risks Integrated Enterprise Risk Profile Control Framework Scenario and Stress Testing Strategic View in Risk 32
  • 33. Future Focused Emerging Risk Scanning Internal Scanning External Scanning Importance Relevance Probability Immediacy Impact Level of Uncertainty Emerging Risk Reporting Trend/Event Implications Status Strategic Direction  Key Indicators  Owner  Plan  Threshold Warnings  Monitoring MACRO MICRO
  • 34. Macro-level Categories to Consider Environmental Systemic Cultural Technological Societal Geopolitical Economic
  • 35. External Environment in Layers ORGANIZATION SPECIFIC Clients Customers Vendors/Supply Chain Distributors MICRO/INDUSTRY Direct Competitors Indirect Competitors Markets Sectors Analysts Strategic Alliances MACRO Cultural/Social Technological Economic Environmental Legal & Regulatory More Strategic Operational
  • 36. ENVIRONMENTAL SCAN EXTERNAL INTERNAL What is ….  Relevant?  Important?  Certain? Scanning Rating Risks 36
  • 37. Risk Issues Critical to Strategic Success • Identifying emerging risks to plan • Rating emerging risks on: • Relevance • Importance • Uncertainty • Ensuring key risks are addressed/treated • Ensuring an ability to respond for rapid recovery • Monitoring impact of and reporting on emerging risks & plan impacts
  • 38. RIMS Risk Maturity Model Root Cause Discipline Degree of discipline applied to measuring root cause by: 1) determining sources 2) understanding impacts 3) identifying trends, and 4) measuring effectiveness of controls . Risk Appetite Management Degree of accountability for (1) defining acceptable boundaries 2) calculating and articulating risk tolerance 3) developing a risk portfolio 4) considering scenarios, and 5) attacking gaps between perceived and actual risks. ERM Process Management Degree that a repeatable and scalable risk management process is integrated into business and resource/support units, using a sequential series of steps that support uncertainty reduction and promote opportunity exploitation. Adopt ERM Approach Denotes the degree of executive support for an ERM-based approach within the corporate culture. Activities cut across all processes, functions, business lines, roles and geographies.
  • 39. Business Resiliency and Sustainability Extent to which an organization integrates business resiliency and sustainability aspects for its operational planning into its ERM process. Performance Management Degree to which organizations are able to execute on vision and strategy in tandem with risk management activities. Uncovering Risks Degree of quality and coverage (penetration) throughout the organization for uncovering uncertainties related to organizational goals achievement. RIMS Risk Maturity Model
  • 40. Risk & BC Pyramid Working Collaboratively Between Risk and BC will support a Culture of Risk Awareness and Resilience $ Planning Robust Communications Collaborative Knowledge Shared Accountability for a Resilient Enterprise Standard based Risk & BC Framework & Process
  • 41. Take-a-ways • Resilience is an emerging priority for risk managers • Risk and BC have many common interests including: – Understanding the unknown or poorly understood threats to businesses – Leveraging scenario analysis to drive consensus among stakeholders about relevant scenarios – Leverage stakeholders and resources to embed a resilience strategy into the culture • Developing and leveraging emerging risk processes to get ahead of black and grey swans • Building competitive advantage & ensuring efficiencies through the optimization of risk and BC
  • 43. Chris Mandel. RF. CPCU, ARM SVP, Strategic Solutions Sedgwick, Inc. Chris.Mandel@sedgwick.com www.sedgwickcms.com 210-845-5804 Contact Information
  • 44. Christopher E. Mandel, CPCU, ARM SVP, Strategic Solutions, Sedgwick, Inc. Christopher E. Mandel is the SVP for Strategic Solutions at Sedgwick, Inc. He is engaged in helping Sedgwick chart its future through the long term planning for products, services and strategic solutions for this claims and productivity management firm. He is also co-founder and EVP, Professional Services for rPM3 Solutions, LLC as well as founder and president of Excellence in Risk Management, LLC. both independent consulting firms specializing in governance, risk and compliance, with a special emphasis on enterprise risk management. rPM3 Solutions holds a patent for a unique risk measurement process known as ARQ™. Prior to electing early retirement and for ten years from 2001-2010, Mr. Mandel was head of enterprise risk management for USAA Group, a $165 billion diversified financial services organization. At USAA, he designed, developed and led the enterprise-wide risk management and corporate insurance centers of excellence. He also served as President and Vice Chairman, Enterprise Indemnity CIC, Inc., an Arizona based alternative risk financing facility. Mr. Mandel has more than 25 years of experience in risk management and insurance in large, global corporates. He has pioneered the development of cross-enterprise risk management capabilities resulting in S&P rating USAA as “excellent and a leader in ERM” from 2006 through 2010. In 2007, Treasury and Risk Magazine bestowed the Alexander Hamilton Award for “Excellence in ERM” on USAA. Mr. Mandel has been a long term senior leader in the Risk and Insurance Management Society including being elected President and Chief Risk Officer and was named Risk Manager of the Year in 2004. Mr. Mandel’s deep, wide and diverse experience in all facets of risk management and insurance allows him to offer those interested in managing risk with excellence to engage him to provide everything from a comprehensive strategy and complete ERM framework to targeted guidance, tools, techniques and/or training. Mr. Mandel’s innovative approach to making risk a key strategically placed and results oriented function results from solidly connecting risk management outputs to a company’s key performance metrics and ultimately, mission accomplishment. Mr. Mandel received his B.S. in Business Management from Virginia Polytechnic Institute and State University and an MBA in finance from George Mason University. He holds the CCSA, CPCU, ARM and AIC designations and is a frequent industry speaker, teacher and writer. He writes the “Risk Innovation” column for Risk and Insurance magazine and in 2008 was elected a member of Risk Who’s Who (RWW). He also wrote the Ask a Risk Manager column for Business Insurance from 1996 through 2008. CONTACT: Chris.Mandel@sedgwick.com 210-698-8056 o 210-845-5804 m https://www.sedgwick.com
  • 45. Sedgwick © 2013 Confidential – Do not disclose or distribute. 45 Sedgwick, Inc. The leader in innovative claims and productivity management solutions Sedgwick Claims Management Services, Inc. is the leading North American provider of innovative claims and productivity management solutions. Sedgwick and its affiliated companies deliver cost-effective claims, productivity, managed care, risk consulting, and other services to clients through the expertise of more than 10,000 colleagues in 195 offices located in the U.S. and Canada. The company specializes in workers’ compensation; disability, FMLA and other employee absence; managed care; general, automobile and professional liability; warranty and credit card claims services; fraud and investigation; structured settlements; and Medicare compliance solutions. Sedgwick and its affiliates design and implement customized programs based on proven practices and advanced technology that exceed client expectations. For eight years in a row, Sedgwick has been awarded the distinguished Employer of Choice® certification, the only third-party administrator (TPA) to receive this designation. In 2011 and 2012, the company was named the Best Overall TPA by buyers of risk services through an independent survey conducted by Business Insurance. For more see www.sedgwick.com. © 2013, Sedgwick Claims Management Services, Inc. applies to all content except where otherwise noted
  • 46. Sedgwick © 2012 Confidential – Do not disclose or distribute. www.sedgwick.com
  • 47. Uncertainty • Low frequency / high impact • Potential to grow rapidly Consensus • Lack of recognition internally and externally • Drivers, impacts, probability not clear Relevance • Uncertainty over effect on objectives • Perception of being too futuristic to matter Copyright Sedgwick CMS. All Rights Reserved Communicate • Perception as “unlikely” • Little perceived bearing on existing circumstances Ownership • No one champion / accountable individual • Potential consequences impact multiple resources and objectives Issues • Embedded in existing practices • Complexity not clearly understood Characteristics of Emerging Risks
  • 48. Risk Management and BCP Cause & Effect BCP – Building Resilience What are the implications of failing to mitigate or prevent losses? Preparation  Structure, planning, resources, testing  Execution  Relocation, operating under duress 48