The Governance of Risk Agenda Introduction to Risk Management - PowerPoint PPT Presentation

The Governance of Risk

Agenda Introduction to Risk Management – Balancing Risk and Reward 1. Whose responsibility is the governance of risk? 2. Determination of Risk Tolerance / Appetite 3. Performance of Risk Assessment Frameworks and Methodologies Risk Response / Risk Monitoring / Risk Assurance 4. Risk Disclosure / Risk Dashboard Risk Registers “Black Swans”

Discussion Outline 1. Re-energising Our Purpose  Vision, Mission, Values and 5 year strategic objectives 2. How is the Landscape Changing?  Macro Environment – External Outlook  Internal Analysis 3. What Initiatives are Critical for us to Succeed?  Divisional strategic projects 4. Risk Assessment (facilitated by External Specialists)

Objectives of today: Discussion Outline  Re-energising our purpose. 1. Re-energising Our Purpose   Vision, Mission, Values and Help stimulate strategic dialogue amongst the 5 year strategic objectives Board and Exco on the changes in our strategic 2. How is the Operational context and strategic choices. Landscape Changing?  Macro Environment – External Outlook  Evaluate whether our strategic objectives are  Internal Analysis still relevant or there is a case for change . 3. What Initiatives are Critical for us to adopt to Succeed?  Update on key strategic initiatives / projects  Divisional strategic projects which are critical for us to succeed. 4. Strategic Risk  Assessment of top strategic risks .  Risk Assessment (facilitated by ORCA)

Seinfeld Risk Management

How much of your board’s time is devoted to formal risk management compared with three years ago? Source: Economist Intelligence Unit

Has your board reassessed risk management in light of any of the following? Regulatory risk Governance risk Country risk Dominant individual risk Terrorism Political risk Natural hazard Product recalls Weather risk Source: Economist Intelligence Unit

Which of the following best describes how your organisation manages risk? Centralised and firm-wide risk management that is overseen by the board as part of overall business strategy Decentralised risk management with formal co-ordination Decentralised risk management without formal co-ordination Other / don’t know Source: Economist Intelligence Unit

The Governance of Risk Board’s Responsibility for Risk Governance

The Link between Corporate Governance, Strategy and Risk Corporate Governance “Corporate governance is the system by which companies are directed and controlled” Cadbury Report, 1992

The Link between Corporate Governance, Strategy and Risk Strategy is the direction and scope of an organisation over the long-term, which achieves advantages in a changing environment through its configuration of resources and competencies with the aim of fulfilling stakeholder expectations.

The Link between Corporate Governance, Strategy and Risk Strategy Strategy is concerned with the long-term direction of the  organisation Concerned with scope of the organisation’s activities  Trying to achieve some advantage for the organisation  over competition

The Link between Corporate Governance, Strategy and Risk Search for strategic fit with the business environment  Creating opportunities by building on the organisation’s  resources and competencies Affected not only by environmental forces and strategic  capability, but also by the values and expectations of those who have power in and around the organisation

The Link between Corporate Governance, Strategy and Risk Risk The process of analysing an entity’s exposure to financial and non-financial risk and determining how best to mitigate / control such risk

What are the principal obstacles to making risk management integral with overall business strategy at your organisation? Competition with other priorities Fear of creating a risk-averse and bureaucratic culture A lack of cost-effective risk management tools Directors consider risk management a task for line management, not the board Poor awareness among staff inhibiting implementation The board does not understand or appreciate the principles and benefits of enterprise risk management Governance requirements (e.g. Sarbanes-Oxley) Opposition from a key board member or group of members Other Source: Economist Intelligence Unit

Which of the following have resulted from your board taking greater responsibility for risk management? Improved internal controls Improved standards of governance Improved business strategy Reduced compliance risks More robust corporate approach to risk-taking within the organisation Improved shareholder value Reduced cost of risk management Lower insurance costs Improved returns on investment Source: Economist Intelligence Unit

In your view, what is the board’s primary responsibility regarding risk management? To management risk as an integral part of day-to-day board-level planning and decision making To be proactive in determining the organisation’s level of appetite for risk To spot emerging risks and develop strategies to prepare for them To sanction or reject risk assessments conducted at lower levels of the organisation To respond to risks as they arise Other Source: Economist Intelligence Unit

In which of the following areas have your board members received the most training? Corporate governance and board responsibilities Ensuring business continuity Monitoring and identifying emergent risks Extending risk principles into the wider business strategy Implementing a risk management policy across the organisation Developing alternative risk strategies Communicating risk management policies to the workforce Evaluating insurance coverage Technical risk management skills (e.g., risk management, risk modelling) Source: Economist Intelligence Unit

RE-ENERGISING OUR PURPOSE

Vision, Mission & Values Vision • To be a centre of excellence in healthcare funding systems Mission • Providing all members with products and related services in a sustainable manner Values • Excellence, Respect, Integrity, Value Diversity, Honesty, Transparency, Accountability

2015 Strategic Objectives Key strategic objectives defining our agenda… Security of Safety and risk Product Sustainable supply – innovation and Business Model sufficient diversification Customer & Unity of Shared Vision purpose Values Stakeholder Relationship Optimise Sound technology for corporate Internal Talent Good corporate governance Processes Management citizenship Teamwork always wins…

HOW IS THE LANDSCAPE CHANGING?

WHAT INITIATIVES ARE CRITICAL FOR US TO SUCCEED?

Is Each Strategic Objective Supported by at Least One or More Projects? Number of strategic projects Objective No. Strategic Objectives / initiatives selected to support the objectives 1 Product Mix 1 2 Optimise Technology 4 3 Innovation & Diversification 2 4 Talent Management 1 5 Business Sustainability Model 3 6 Corporate Citizen 1 7 Customer & Stakeholder Relationship 1

Business Risks can be Divided into 5 Main Groups • Risks of plans failing: • poor marketing strategy • Poor acquisitions strategy • Changes in consumer behaviour Strategic • Political/regulatory change • Risks of financial controls failing: • treasury risks • lack of counterparty/credit assessment • sophisticated fraud Financial • systems failure • poor stock/receivables reconciliation • Risks of human error or omission: • design mistakes • unsafe behaviour Operation • employee practices risks • sabotage • Risks of business interruption: • loss of a key executive • supplier failure Commercial • lack of legal compliance • Risks of physical assets failing or being damaged: • equipment breakdown • infrastructure failure • fire Technical • explosion • pollution • drought and other natural perils

Looking at Risk from Both Sides Risk as an asset Risk as a liability We must manage risk to We must manage risk to  Attract members  Reduce the possibility of loss  Seize opportunities  Protect value  Create value  Stay in control  Push to the limits  Avoid falling behind  Attract investors  Reassure stakeholders  Avoid losing members

The Risk Management Cycle

Risk Management

The Board should be Responsible for the Governance of Risk  Exercise leadership  Responsible for governance of risk through formal processes  Demonstrate it has dealt with the governance of risk comprehensively  Disclose how it has satisfied itself that risk assessments, responses and interventions are effective

The Board should be Responsible for the Governance of Risk  Scope of responsibility of risk governance should be expressed in its board charter  Induction and training processes for all board members  Delegated responsibility for risk management to a board committee (?)  Documented risk management policy and plan

The Board should be Responsible for the Governance of Risk  Policy and Plan for approval by the board  Risk Management Policy sets the tone for risk management and indicates how risk management will support the organisation’s strategy  Risk Management Policy widely distributed throughout the organisation  Risk Management Plan considers maturity of risk management within organisation