Texas Tech University System Enterprise Risk Management Workshop October 31, 2017
ERM Overview Evolution of Risk Management Enterprise Risk Management Workshop
Risk Traditional Definition The possibility Minimizing the that something adverse effects of bad or unpleasant accidental losses. will happen. The Institutes Merriam-Webster Enterprise Risk Management Workshop
Risk Broadened Definition Coordinated The effect of activities to direct uncertainty on and control an organization with objectives. regard to risk. ISO 31000 ISO 31000 Enterprise Risk Management Workshop
Why is Risk Management Important? 1. 3. 2. All organizations Many internal and The effect this exist to achieve their uncertainty has on external factors objectives. an organization’s affect those objectives is “risk.” objectives, causing uncertainty about whether the organization will achieve its objectives. In summary, the management of risk is central to the livelihood and success of all organizations. Enterprise Risk Management Workshop
The New View of Risk RISK can be a threat or opportunity Anything that can harm, prevent, delay, or enhance an organization’s ability to achieve objectives = RISK Enterprise Risk Management Workshop
The New View of Risk Organizational Objective Threat Opportunity Opportunity Threat Threat Opportunity Opportunity Threat Opportunity Threat Enterprise Risk Management Workshop
The Changing Focus of Risk Management Enterprise-Wide Risk Management • Broad range of risks analyzed • Combination of risk controls & opportunities Advanced Risk Management • ERM alignment with strategy • Alternative risk transfer techniques • Helps manage growth, allocate capital & • Proactive prevention & risk reduction resources Historic Risk Management • Integrated approach to claims, • Risks owned by SME’s • Insurance contracts, insurance, etc. • Specific hazards • Greater availability of risk mitigation and • Increased education & accountability analytical tools • No compliance input • Collaboration across departments • Risk Manager = risk moderator, partner, • Separate safety & emergency • Risk Manager may be the risk owner leader; not the owner of every risk management • “Silo” approach • Risk Manager = insurance buyer Risk is bad – focus is on Risk is an expense – focus is on Risk is uncertainty – focus is on transferring risk reducing cost-of-risk optimizing risk to achieve goals Enterprise Risk Management Workshop
ERM Overview Importance of ERM in governance Enterprise Risk Management Workshop
Risk Management as an Integral Pillar of Governance Governance Assurance A strong management structure and culture Stewardship is maintained to Strategy Mission ensure proper Quality Risk reporting and accountability, and internal and external audits are utilized to bring board assurance. Assurance Enterprise Risk Management Workshop
Centralized Oversight-Decentralized Implementation Oversight Centralized Decentralized Where some have developed, but centralized implementation requires Centralized significant staff and does not Implementation take advantage of current subject matter expertise Oversight is at highest levels, Where most entities have including board, but been, although with some implementation is pushed out limited departmental Decentralized to experienced subject matter oversight, but does not experts through risk incorporate board-level “ownership” reporting and accountability Enterprise Risk Management Workshop
Who is Interested in Enterprise Risk Management? Board Community External Senior Leaders Government Faculty Vendors Stakeholders Staff Creditors Affiliates Rating Agencies Alumni Accrediting Bodies Enterprise Risk Management Workshop
ERM Overview How does ERM impact strategy? Enterprise Risk Management Workshop
Case for Enterprise Risk Management “When we first began our URM (University Risk Management) program in 2013, I could not have imagined the value proposition that was about to transcend our institution. What started out as mostly defensive and guarded discussions of threats and barriers to achieving the University mission, quickly and completely turned around into a robust conversation about opportunities and strategic planning . Our senior-level risk committee meetings are lively and well-represented. It is amazing how our cross-functional committee, while staying focused on our risk and compliance-based decisioning model, is driving real innovation and progress throughout the University.” Doug Huffner, J.D. Senior Director and Chief Risk Officer The Ohio State University Enterprise Risk Management Workshop
What Makes ERM Work? Focuses on mission and objectives Preserves and creates value Emboldens innovation Enhances agility and resilience Formalizes process and governance Improves quality of decisions Helps in allocation of resources Empowers subject matter experts Improves stakeholder confidence and trust Enterprise Risk Management Workshop
ERM Overview The importance of senior leaders Enterprise Risk Management Workshop
Support & Tone at the Commitment Top Role of Board Build in Senior Reporting Accountability Leaders Risk-Aware Continual Culture Improvement Enterprise Risk Management Workshop
Integrated into Existing Business Practices • Not new functions • Incorporated into: - Strategic Planning - Quality Improvement - Budgeting - Employee Engagement - Committee Structure - Decision-Making - ….. Enterprise Risk Management Workshop
Reporting & Accountability Clearly Addressed Accountability Pushes Down Reporting Flows Up Enterprise Risk Management Workshop
Embracing the “Ownership” Model • Identifying subject matter experts is essential to success • Risk owners: - Develop risk treatment plans - Assemble work teams - Communicate and report - Monitor and evaluate • At what level of the organization should ownership reside? - Based on risk, institutional culture, and where in process maturity Enterprise Risk Management Workshop
Risk-Control-Action Hierarchy Risk Vehicle accident involving University driver Control Control Control Annual MVR checks on drivers Annual driver training Annual discussion with depts on use Action Action Action Action Action Discussion with Dept Risk Mgmt gathers Training assigned to 1 Risk Mgmt provides driver data from Dept 1 Risk Mgmt runs access to defensive depts checks and reports driver training exceptions to depts Action Action Discussion with Dept 2 Training assigned to Dept 2 Action Action Discussion with Dept 3 Training assigned to Dept 3 Enterprise Risk Management Workshop
Accountability Strategies • Committees - ERM committee - Senior leaders - Board audit committee • Governing board reports • Build into annual cycles - Budgeting - Planning • ERM system - Workflow management Enterprise Risk Management Workshop
Three Levels of Risk to Consider Decision- Strategic Operational Making Enterprise Risk Management Workshop
Where is TTUS ERM Program Now? Introduction of Risk Maturity Models Enterprise Risk Management Workshop
ISO 31000 Risk Management Model Principles Framework Process • Creates value • Integral part of Mandate & organizational Establish the Commitment processes context • Part of decision making • Explicitly addresses uncertainty Risk assessment • Systematic, structured Design framework Communicate and consult and timely for managing risk Monitor and review Risk identification • Based on best available information • Tailored • Takes human and Implement Risk analysis Continually cultural factors into improve the risk account management framework • Transparent and Risk evaluation inclusive • Dynamic, iterative and responsive to change • Facilitates continual Monitor and review Risk treatment improvement and the framework enhancement of the organization Enterprise Risk Management Workshop
Recommend
More recommend