Evolving risk management Risk-enabled performance management

Craig Faris

Federal Enterprise Risk Management Summit

Advancing Best Practices in ERM

September 9, 2014

Evolving Risk Management: Risk-Enabled Performance Management Page 1

The situation

Evolving Risk Management: Risk-Enabled Performance Management Page 2

Global risk and uncertainty levels are unprecedented … and growing

Political

Economic

Societal

Technological

Legal

Environmental

Volatility of the global economic environment

The degree of change in the world is increasing

significantly with introduction of new technologies,

heightened regulatory requirements, changing political

environments and economic conditions . Volatility is a

critical consideration in evaluating emerging trends.

Velocity of change and the flow information

The pace of change in the world is accelerating.

Emerging markets, rapid globalization, and the speed of

communications are all creating a demand for innovation

and forcing the evolution of traditional business models.

The pace of emerging trends will demand increased

operational agility.

Visibility to external forces & resulting impact

Demand for predictive insights based on external

indicators, as well as greater transparency to internal

performance has never been greater. The visibility to

metrics and measures of risk and performance are critical

to effectively guide decisions and resource allocation.

Evolving Risk Management: Risk-Enabled Performance Management Page 3

Challenge question

Evolving Risk Management: Risk-Enabled Performance Management Page 4

Is ERM up to the task of managing risk in this global environment?

What if in the Government Sector it also did this?

► Positioned risk and uncertainty as critical and focused decision criteria and

part of the normal management decision making process

► Served as a central point of alignment between strategy and operations

► Drove enhanced communication between agencies and stakeholders

► Created a focus on the drivers and relevant range of uncertainties

associated with plans and actions, then identified leverage over them

► Provided insights for reducing costs while increasing risk coverage

► Became a proactive enabling tool versus reactive response mechanism

Evolving Risk Management: Risk-Enabled Performance Management Page 5

The facts

Evolving Risk Management: Risk-Enabled Performance Management Page 6

EY research indicates a direct correlation between effectiveness of risk management and business results

“Companies in the top 20% of risk

management maturity delivered three times

the level of EBITDA than the bottom 20%.”

16.8%

20.3%

4.1%

8.3% 9.5%

2.5%

10.6%

7.4%

2.1%

Revenue EBITDA EBITDA/EV

Top 20%

Middle 60%

Bottom 20%

82%

of institutional investors

are willing to pay a

premium for effective

risk management

(Source: Ernst & Young research)

Compound annual growth rates 2004-2011 by risk maturity level

Evolving Risk Management: Risk-Enabled Performance Management Page 7

Business is about balancing risk and reward to create value Companies are re-evaluating how they manage this balance

Risk-taking is fundamental to economic reward – the challenge is to recognize

which risks differentially impact business outcomes and transform how those

risks are managed in order to best protect the business, enhance performance

and drive value creation.

Optimize

ProtectGrow

Innovate

This requires companies to find innovative and effective ways to:

► Grow revenues and market share

► Optimize performance

► Protect their organization

Evolving Risk Management: Risk-Enabled Performance Management Page 8

The solution

Evolving Risk Management: Risk-Enabled Performance Management Page 9

Most effective risk management not only helps protect, but also proactively helps drive positive results – it is a balance

All too confusing and overdone… except when we get in trouble

Must do it… but how do we do it better?

Keep us out of trouble

Goal Growing

number of restatements

Stiffer sanctions

Catastrophic reputational

consequences

Bigger fines and

settlements

Criminal indictments

Effective use of

technology

Coordinated risk activities

Expanding regulation

Enhanced business

processes

More efficient risk

spend

Risk-adjusted decisions

Improved risk reporting and

disclosure

Make our business better

Leading organizations expand their view of risks and enhance risk management beyond the traditional compliance and reporting to support better decision making and improved results

Evolving Risk Management: Risk-Enabled Performance Management Page 10

We believe the key to the future is better linking risk and performance management Shifting from risk monitoring to risk-enabled performance management

Value creation

Business

performance

Risk-enabled

performance

management

Leading practices

► Used to measure and drive performance

► Integrates risk and performance management

► Directly links key risks to performance drivers

► Enhances risk analysis using data analytics

► Provides forward looking insight

► Defines future trends and predictive indicators

► Expands consideration to emerging risks

► Allows scenario analysis and stress testing

► Action and results orientation

► Risk and uncertainty are key elements in

strategic and operational decision framework

and management processes

Value protection

Risk insight and

performance

improvement

Risk

identification

and reporting

Historical focus ► Independent enterprise risk identification and assessment process

► Designed to provide risk reporting to Leadership and the Board

► Process independent of operations and performance management

► Evaluation of current exposures based on historical perspectives

► Compliance and/or informational focus

Expanded focus

Foundational ERM

Integrate risk and

performance

management to

create a competitive

advantage

Evolving Risk Management: Risk-Enabled Performance Management Page 11

Embedding risk insights into the “Rhythm of the Business”

Evolving Risk Management: Risk-Enabled Performance Management Page 12

“Rhythm of the Business” REPM integrates risk management into the Rhythm of the Business

Perform environmental scan

Assess business concept & define

strategy

Approve risk vision & appetite

Update risk vision & appetite

Review strategy & strategic risk assessment

Board & board committee meeting

Executive-level strategic planning

Prioritize strategic initiatives

Define financial targets

Define operating plan & operational

objectives

Define performance goals / metrics

Operational & business-level planning

Monthly / quarterly performance reviews

Quarterly business close &

reviews

Continuous performance management and reporting

Continuous compliance and risk assurance activities

Financial and operational KPI monitoring risk targets / limits

Continuous compliance & risk assurance monitoring

(Internal Audit, Compliance, etc.)

SOX 302 / 404 certifications

A

B

C1

D

C2

E

G

F

Q Q Q Q

Monthly closings

Strategic Oversight and Planning

Business Level Planning/Budgeting

Operational Execution

Coordination of Monitoring & Compliance Activates

C3

Evolving Risk Management: Risk-Enabled Performance Management Page 13

REPM examples

Evolving Risk Management: Risk-Enabled Performance Management Page 14

Capital allocation planning is risk-adjusted to enhance cash flow

Generation Input Marketing Output

Over optimistic projection

Most likely

projection

► Issue: Maintenance capital allocated to a

power plant relied on the plant’s

historical availability. Risks to the plant’s

aging infrastructure were known but not

reflected in its historical performance.

► Complication: The company was unable

to effectively understand and

communicate how the known risks

could impact future plant availability.

► How the REPM framework helped:

► Isolated the key risks to plant

availability

► Quantified and aggregated risks into a

risk-adjusted profile of plant availability

► Facilitated more effective capital

allocation to cover risk mitigations

► Insight: Plant was at greater risk of

deteriorating performance than history

indicated, warranting additional investment

to prevent service degradation and reduced

cash flow.

Evolving Risk Management: Risk-Enabled Performance Management Page 15

Executive level reporting is changed to support a new dialogue

Key

performance

indicators align

risk monitoring

with

performance

management

Assessments are consolidated

into risk-adjusted ranges around

KPIs: Key Risk

Indicators

(KRIs) are

tracked to

monitor relative

threat levels

Individual risks

that contribute

most to the

exposure are

isolated Management-declared tolerances

inform decisions and risk-mitigation priorities

Evolving Risk Management: Risk-Enabled Performance Management Page 16

Questions

Evolving Risk Management: Risk-Enabled Performance Management Page 17

Presenter bio – Craig Faris

Craig Faris is a Principal in the firm and is the Americas Risk Advisory Leader for the Oil & Gas/

Chemicals Sectors. He was previously the Global Lead for Emerging Risk Services and was

responsible for developing EY’s Risk-Enabled Performance Management approach. He has more

than 20 years experience in risk management across a broad spectrum of industries, which he brings

to bear in helping clients achieve top tier business results through effective risk management.

Craig has worked with numerous global corporations in creating top to bottom risk management

programs and supporting capabilities, linking Board governance and oversight of risk with executive

leadership and operational execution to enhance business performance.

Previously, Craig was a risk leadership Partner with both Accenture and Oliver Wyman, and was a

leading force in integration of risk management with strategy development, analytics and operational

practices. Prior to his consulting career, he was the Global Director of Enterprise Risk Management

for Wal-Mart, and also held numerous positions at Amoco Corporation, such as Global Exploration

Coordinator, Director of Strategy, Director of Process Improvement, Geotechnical Operations Lead

and Exploration Geologist.

Craig holds an MBA from the Kellogg School of Management, an MS from Virginia Tech and a BS

from the University of Missouri.

Craig Faris

Principal

Americas Risk Advisory

O&G/Chemicals Sector Lead

Contact information:

Ernst & Young LLP

Westpark Corporate Center

8484 Westpark Drive

McLean, VA 22102

Mobile: +1 202 531 8299

0ffice: +1 703 747 0946

Email: craig.faris@ey.com

Further reading on Craig’s talk today can be found on EY.com.

Simply enter Expecting more from risk management in the main

site search field.

EY | Assurance | Tax | Transactions | Advisory

About EY

EY is a global leader in assurance, tax, transaction and

advisory services. The insights and quality services we deliver

help build trust and confidence in the capital markets and in

economies the world over. We develop outstanding leaders

who team to deliver on our promises to all of our stakeholders.

In so doing, we play a critical role in building a better working

world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or

more, of the member firms of Ernst & Young Global Limited,

each of which is a separate legal entity. Ernst & Young Global

Limited, a UK company limited by guarantee, does not provide

services to clients. For more information about our

organization, please visit ey.com.

Ernst & Young LLP is a client-serving member firm of

Ernst & Young Global Limited operating in the US.

© 2014 Ernst & Young LLP.

All Rights Reserved..

1408-1308059

This material has been prepared for general informational purposes only and is not

intended to be relied upon as accounting, tax, or other professional advice. Please

refer to your advisors for specific advice.