1. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013June 2013
Gaining value from risk management discipline
A fresh perspective on risk management
ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
2. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
Executive Summary
Gaining value from risk management discipline
Why risk management fails?
What are the pitfalls?
How did we get there?
“For all the rhetoric about its importance and the money
invested in it, risk management is too often treated as a
process compliance issue” – Harvard Business School
1
2
3
3. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
Why Risk Management Fails?
1
Why
2
What
3
How
Locked in business
heads
Only captures the
process oriented
risks
“Fear of Red” Loses relevance if
identification and
assessment are
diluted
Siloed lines of
defence
4. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
1
Why
What are the pitfalls?
Tailor your approach
• One size fits does not fit all – Not even for risk management – Tailor your approach
• Processes and controls are not the only answer – There is no silver bullet for managing risk
Avoid the function and aggregation traps
• Functional silos distract from the value chains of the business – Think about risks from a business
objective perspective
• Aggregation can lose the essence of the risk – Keep enough specificity to address key risks
Manage your risks – Don’t just record and report them
• Organisations often get complacent when they see risks on heat maps - It’s the start of your risk
management journey not the end
Focus on outcomes not just processes
• No one has enough resources to do it all – Focus your efforts and resources on managing key risks
It’s a tight rope walk – Don’t lose your balance
• It’s easier to be the deal negotiator than being the deal questioner – As embedded risk
professionals you’ve got to be both
“You don’t kill a fly with a sword and don’t fight wars with needles.”
2
What
3
How
5. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
A fresh perspective
‘Tailored Approach’
3
How
2
What
1
Why
6. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
1. Operational Risks
Objective: Avoid likelihood
Approach: Rules
• Bottom up risk management
• Repeatable operations
• Processes & controls
• Automation/ systems
Role: Advisor, reviewer,
Independent Oversight
(integrated assurance)
Techniques: Process & Control
mapping, reviews
“Sound processes and controls are at the heart of building a robust risk culture across the board.”
3
How
2
What
1
Why
7. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
“Strategy Risk Management – A stitch in time.”
1. Operational Risks
Objective: Avoid likelihood
Approach: Rules
• Bottom up risk management
• Repeatable operations
• Processes & controls
• Automation/ systems
Role: Advisor, reviewer,
Independent Oversight
(integrated assurance)
Techniques: Process & Control
mapping, reviews
2. Strategy Risks
Objective: Avoid likelihood &
minimise impact
Approach: Dialogue
• Strategic anchoring
• Business Objectives
• Initiatives/ investments
• Robust discussions
Role: Facilitator, Devil’s
advocate, risk/ reward
discussions
Techniques: Workshops,
strategic decisions
3
How
2
What
1
Why
8. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
“Be Vigilant - Any of these risks can be catastrophic to an organisation.”
1. Operational Risks
Objective: Avoid likelihood
Approach: Rules
• Bottom up risk management
• Repeatable operations
• Processes & controls
• Automation/ systems
Role: Advisor, reviewer,
Independent Oversight
(integrated assurance)
Techniques: Process & Control
mapping, reviews
2. Strategy Risks
Objective: Avoid likelihood &
minimise impact
Approach: Dialogue
• Strategic anchoring
• Business Objectives
• Initiatives/ investments
• Robust discussions
Role: Facilitator, Devil’s
advocate, risk/ reward
discussions
Techniques: Workshops,
strategic decisions
3. External Risks
Objective: Minimise Impact
Approach: Planning
• Unknowns
• Nature/ markets/ politics
• Failure scenario planning
• BCP
Role: Worst case scenario,
stress testing
Techniques: Scenario
Planning
3
How
2
What
1
Why
9. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
A fresh perspective
‘Avoid the traps’
3
How
2
What
1
Why
10. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
A fresh perspective
‘Outcomes not just processes’
3
How
2
What
1
Why
11. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
How did we get there?
A fresh perspective
‘Keep the balance’
3
How
2
What
1
Why
12. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
What’s your perspective?
13. ANZ
For more information please contact Ruby Yadav
ruby.yadav@anz.com ph: 0401543801
Gaining Value From Risk Management
June 2013
Ruby Yadav is a change agent committed to breaking the mould
around traditional assurance models and approaches to gain
value for organisations.
She has been practicing as an Assurance Professional for over a
decade. She currently heads the Digital Assurance team at ANZ
and is a member of the Board Audit and Risk Management
Committee at Wesley Mission Victoria.