Evolving risk management Risk-enabled performance ... … · Page 2 Evolving Risk Management:...
Transcript of Evolving risk management Risk-enabled performance ... … · Page 2 Evolving Risk Management:...
Evolving risk management Risk-enabled performance management
Craig Faris
Federal Enterprise Risk Management Summit
Advancing Best Practices in ERM
September 9, 2014
Evolving Risk Management: Risk-Enabled Performance Management Page 1
The situation
Evolving Risk Management: Risk-Enabled Performance Management Page 2
Global risk and uncertainty levels are unprecedented … and growing
Political
Economic
Societal
Technological
Legal
Environmental
Volatility of the global economic environment
The degree of change in the world is increasing
significantly with introduction of new technologies,
heightened regulatory requirements, changing political
environments and economic conditions . Volatility is a
critical consideration in evaluating emerging trends.
Velocity of change and the flow information
The pace of change in the world is accelerating.
Emerging markets, rapid globalization, and the speed of
communications are all creating a demand for innovation
and forcing the evolution of traditional business models.
The pace of emerging trends will demand increased
operational agility.
Visibility to external forces & resulting impact
Demand for predictive insights based on external
indicators, as well as greater transparency to internal
performance has never been greater. The visibility to
metrics and measures of risk and performance are critical
to effectively guide decisions and resource allocation.
Evolving Risk Management: Risk-Enabled Performance Management Page 3
Challenge question
Evolving Risk Management: Risk-Enabled Performance Management Page 4
Is ERM up to the task of managing risk in this global environment?
What if in the Government Sector it also did this?
► Positioned risk and uncertainty as critical and focused decision criteria and
part of the normal management decision making process
► Served as a central point of alignment between strategy and operations
► Drove enhanced communication between agencies and stakeholders
► Created a focus on the drivers and relevant range of uncertainties
associated with plans and actions, then identified leverage over them
► Provided insights for reducing costs while increasing risk coverage
► Became a proactive enabling tool versus reactive response mechanism
Evolving Risk Management: Risk-Enabled Performance Management Page 5
The facts
Evolving Risk Management: Risk-Enabled Performance Management Page 6
EY research indicates a direct correlation between effectiveness of risk management and business results
“Companies in the top 20% of risk
management maturity delivered three times
the level of EBITDA than the bottom 20%.”
16.8%
20.3%
4.1%
8.3% 9.5%
2.5%
10.6%
7.4%
2.1%
Revenue EBITDA EBITDA/EV
Top 20%
Middle 60%
Bottom 20%
82%
of institutional investors
are willing to pay a
premium for effective
risk management
(Source: Ernst & Young research)
Compound annual growth rates 2004-2011 by risk maturity level
Evolving Risk Management: Risk-Enabled Performance Management Page 7
Business is about balancing risk and reward to create value Companies are re-evaluating how they manage this balance
Risk-taking is fundamental to economic reward – the challenge is to recognize
which risks differentially impact business outcomes and transform how those
risks are managed in order to best protect the business, enhance performance
and drive value creation.
Optimize
ProtectGrow
Innovate
This requires companies to find innovative and effective ways to:
► Grow revenues and market share
► Optimize performance
► Protect their organization
Evolving Risk Management: Risk-Enabled Performance Management Page 8
The solution
Evolving Risk Management: Risk-Enabled Performance Management Page 9
Most effective risk management not only helps protect, but also proactively helps drive positive results – it is a balance
All too confusing and overdone… except when we get in trouble
Must do it… but how do we do it better?
Keep us out of trouble
Goal Growing
number of restatements
Stiffer sanctions
Catastrophic reputational
consequences
Bigger fines and
settlements
Criminal indictments
Effective use of
technology
Coordinated risk activities
Expanding regulation
Enhanced business
processes
More efficient risk
spend
Risk-adjusted decisions
Improved risk reporting and
disclosure
Make our business better
Leading organizations expand their view of risks and enhance risk management beyond the traditional compliance and reporting to support better decision making and improved results
Evolving Risk Management: Risk-Enabled Performance Management Page 10
We believe the key to the future is better linking risk and performance management Shifting from risk monitoring to risk-enabled performance management
Value creation
Business
performance
Risk-enabled
performance
management
Leading practices
► Used to measure and drive performance
► Integrates risk and performance management
► Directly links key risks to performance drivers
► Enhances risk analysis using data analytics
► Provides forward looking insight
► Defines future trends and predictive indicators
► Expands consideration to emerging risks
► Allows scenario analysis and stress testing
► Action and results orientation
► Risk and uncertainty are key elements in
strategic and operational decision framework
and management processes
Value protection
Risk insight and
performance
improvement
Risk
identification
and reporting
Historical focus ► Independent enterprise risk identification and assessment process
► Designed to provide risk reporting to Leadership and the Board
► Process independent of operations and performance management
► Evaluation of current exposures based on historical perspectives
► Compliance and/or informational focus
Expanded focus
Foundational ERM
Integrate risk and
performance
management to
create a competitive
advantage
Evolving Risk Management: Risk-Enabled Performance Management Page 11
Embedding risk insights into the “Rhythm of the Business”
Evolving Risk Management: Risk-Enabled Performance Management Page 12
“Rhythm of the Business” REPM integrates risk management into the Rhythm of the Business
Perform environmental scan
Assess business concept & define
strategy
Approve risk vision & appetite
Update risk vision & appetite
Review strategy & strategic risk assessment
Board & board committee meeting
Executive-level strategic planning
Prioritize strategic initiatives
Define financial targets
Define operating plan & operational
objectives
Define performance goals / metrics
Operational & business-level planning
Monthly / quarterly performance reviews
Quarterly business close &
reviews
Continuous performance management and reporting
Continuous compliance and risk assurance activities
Financial and operational KPI monitoring risk targets / limits
Continuous compliance & risk assurance monitoring
(Internal Audit, Compliance, etc.)
SOX 302 / 404 certifications
A
B
C1
D
C2
E
G
F
Q Q Q Q
Monthly closings
Strategic Oversight and Planning
Business Level Planning/Budgeting
Operational Execution
Coordination of Monitoring & Compliance Activates
C3
Evolving Risk Management: Risk-Enabled Performance Management Page 13
REPM examples
Evolving Risk Management: Risk-Enabled Performance Management Page 14
Capital allocation planning is risk-adjusted to enhance cash flow
Generation Input Marketing Output
Over optimistic projection
Most likely
projection
► Issue: Maintenance capital allocated to a
power plant relied on the plant’s
historical availability. Risks to the plant’s
aging infrastructure were known but not
reflected in its historical performance.
► Complication: The company was unable
to effectively understand and
communicate how the known risks
could impact future plant availability.
► How the REPM framework helped:
► Isolated the key risks to plant
availability
► Quantified and aggregated risks into a
risk-adjusted profile of plant availability
► Facilitated more effective capital
allocation to cover risk mitigations
► Insight: Plant was at greater risk of
deteriorating performance than history
indicated, warranting additional investment
to prevent service degradation and reduced
cash flow.
Evolving Risk Management: Risk-Enabled Performance Management Page 15
Executive level reporting is changed to support a new dialogue
Key
performance
indicators align
risk monitoring
with
performance
management
Assessments are consolidated
into risk-adjusted ranges around
KPIs: Key Risk
Indicators
(KRIs) are
tracked to
monitor relative
threat levels
Individual risks
that contribute
most to the
exposure are
isolated Management-declared tolerances
inform decisions and risk-mitigation priorities
Evolving Risk Management: Risk-Enabled Performance Management Page 16
Questions
Evolving Risk Management: Risk-Enabled Performance Management Page 17
Presenter bio – Craig Faris
Craig Faris is a Principal in the firm and is the Americas Risk Advisory Leader for the Oil & Gas/
Chemicals Sectors. He was previously the Global Lead for Emerging Risk Services and was
responsible for developing EY’s Risk-Enabled Performance Management approach. He has more
than 20 years experience in risk management across a broad spectrum of industries, which he brings
to bear in helping clients achieve top tier business results through effective risk management.
Craig has worked with numerous global corporations in creating top to bottom risk management
programs and supporting capabilities, linking Board governance and oversight of risk with executive
leadership and operational execution to enhance business performance.
Previously, Craig was a risk leadership Partner with both Accenture and Oliver Wyman, and was a
leading force in integration of risk management with strategy development, analytics and operational
practices. Prior to his consulting career, he was the Global Director of Enterprise Risk Management
for Wal-Mart, and also held numerous positions at Amoco Corporation, such as Global Exploration
Coordinator, Director of Strategy, Director of Process Improvement, Geotechnical Operations Lead
and Exploration Geologist.
Craig holds an MBA from the Kellogg School of Management, an MS from Virginia Tech and a BS
from the University of Missouri.
Craig Faris
Principal
Americas Risk Advisory
O&G/Chemicals Sector Lead
Contact information:
Ernst & Young LLP
Westpark Corporate Center
8484 Westpark Drive
McLean, VA 22102
Mobile: +1 202 531 8299
0ffice: +1 703 747 0946
Email: [email protected]
Further reading on Craig’s talk today can be found on EY.com.
Simply enter Expecting more from risk management in the main
site search field.
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and
advisory services. The insights and quality services we deliver
help build trust and confidence in the capital markets and in
economies the world over. We develop outstanding leaders
who team to deliver on our promises to all of our stakeholders.
In so doing, we play a critical role in building a better working
world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or
more, of the member firms of Ernst & Young Global Limited,
each of which is a separate legal entity. Ernst & Young Global
Limited, a UK company limited by guarantee, does not provide
services to clients. For more information about our
organization, please visit ey.com.
Ernst & Young LLP is a client-serving member firm of
Ernst & Young Global Limited operating in the US.
© 2014 Ernst & Young LLP.
All Rights Reserved..
1408-1308059
This material has been prepared for general informational purposes only and is not
intended to be relied upon as accounting, tax, or other professional advice. Please
refer to your advisors for specific advice.