FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
description
Transcript of FRT - 110530 - BED - Why are some companies luckier than others - Frank Leenders
Transforming risk to create strategic valueFlevum Roundtable, May 2011
Why are some companies luckier than others?
Frank LeendersSenior Manager Advisory Services
Ernst & Young Advisory - Risk ServicesSolution Manager GRC BeNe
Transforming risk to create strategic value| 1© 2011 EYGM LimitedAll Rights Reserved
Competing in the “new normal”
Increasing market variation
Pressure on margins
Globalization and increasing competition Changing
business models
Enhancing transparency
Improving investor confidence Managing stakeholder
expectations
Improving shareholder value
Securing requisite capital
Increasing regulatory pressure
Greater market volatility
Greater stakeholder scrutiny
Increasing executive accountability
Addressing the risks that matter
Avoiding risk/security breaches
Three focus areas: Value, cost and risk
Transforming risk to create strategic value| 2© 2011 EYGM LimitedAll Rights Reserved
Observations on risk management Risk management survey results
„ Fundamental need to enhance the GRC functions of the company
„ Companies recognize increasing external pressure on their GRC functions and experience that shareholders as well as investors keep an eye on companies’ GRC efforts.
„ There is a difference between leadership and operational levels in evaluating the value for money of the GRC functions.
„ In the light of increasing GRC needs and necessary improvements, 41% of the companies plan GRC investments:
„ Assessing GRC function, revising risk management and intensifying the internal audit efforts are the top three GRC initiatives in the upcoming 12 to 18 months.
„ A clear view on the “what” and “why,” but a lot of uncertainty about the “how”:„ The main investment focus is on risk management because GRC seems to be
synonymous with companies’ risk management function. „ Almost three out of four companies believe that they already have a fully integrated
GRC function, which might not be the case when just 5% of the companies say that they have their GRC implementation completed when asked for more details.
„ Finally, three out of four companies believe that their GRC needs are aligned between the corporate and business unit levels but there are concerns due to the different reporting lines of GRC functions.
Transforming risk to create strategic value| 3© 2011 EYGM LimitedAll Rights Reserved
Observations on risk management What we are seeing with our clients
Companies are … Risk management remains a concern
Gaps — CEO’s and CFO’s indicate their risk oversight processes are immature and insufficient to deal with the rapid change in risks in the near futureScrutiny — Boards and executives face greater scrutiny for risk management oversight from regulators and external stakeholdersValue — 82% of institutional investors are willing to pay a premium for companies that are transparent and can demonstrate effective risk managementSilos — 73% of companies have seven or more separate risk functions operating independentlyEfficiency — 62% of companies believe they can get more risk coverage for less spend through better aligned and coordinated efforts
Overspending on risk by at least 30%
„ Hidden costs in risk spend
„ Inefficient activities
„ Overlap and redundancy
Not focused on the risks that matter and create value
„ Capital structure and strategic
„ New market entry and product development
„ Merger and acquisition
Failing to anticipate and respond to unforeseen risks
„ Risk not integrated with planning and performance management
„ Risk exposure in major initiatives and programs
„ Lack of alignment and communication at all levels of the enterprise
Transforming risk to create strategic value| 4© 2011 EYGM LimitedAll Rights Reserved
Cost
Risk Value
Cost
RiskValue
Balancing risk, cost and valueManaging upside opportunity with the potential of downside threat
Value
„ What are the risks that matter most?„ How do we know we are accepting the right level of risk? „ How effective is our risk reporting for executive
management and the Board?„ How do we know if our risks are being properly
managed?„ How comprehensive is our existing risk framework?„ What is internal audit doing to understand the risks that
our company faces?
„ What are we spending to manage our key risks? „ Where are there possible duplicative or overlapping risk
functions? „ Where can we further leverage automated controls versus
manual controls? „ Do we have the right mix of skills at the right cost? „ How effective are we in using technology to manage risk?„ How effective are we in using alternative sourcing strategies
to reduce costs?
„ How effective are we at aligning the risks we take to our business strategies and objectives?
„ What is the return on our risk investment? „ What process improvement ideas are we obtaining?„ What risks are we taking to achieve competitive
advantage? „ Is risk management slowing me down or helping me go
faster?
Risk
Cost
Transforming risk to create strategic value| 5© 2011 EYGM LimitedAll Rights Reserved
There are significant opportunities to improve the current state risk management landscape
Transforming risk to create strategic value| 6© 2011 EYGM LimitedAll Rights Reserved
Realignment and refocused effort can reduce the risk spend, increasing value
Board oversightAudit
committeeCompensation
committeeRisk
committeesOther
committee
Executive managementCEO CFO CRO General Counsel
Intern
al con
trol
Aligned mandate and scopeCoordinated infrastructure and people
Consistent methods and practicesCommon information and technology
Businessunit
Businessunit
Businessunit
Businessunit
Increased value, reduced costs and improved business performance
Future State
GovernanceEffective, responsive,
accountable risk oversight
Risk management
and integrated capabilities Reduce or eliminate
redundancy, overlap and
duplication in the
identification and
assessment, analysis,
control, measurement,
monitoring, mitigation,
testing
and reporting of risk
Business-level
PerformanceValued-
Added, improved
operational risk
performance
Transforming risk to create strategic value| 7© 2011 EYGM LimitedAll Rights Reserved
Leading practices are emerging
„ Changing attitudes: Risk is now everybody’s responsibility and plays a major role in decision-making across the organization
„ Comprehensive: Organizations are taking a more holistic risk view to better understand risk interdependencies and aggregate impacts
„ Proactive: Companies are becoming more forward-looking and predictive, incorporating stress-testing and scenario analysis
„ Risk tolerance: Leading organizations are defining risk tolerances and building a consistent organizational risk management culture
„ Transparency: Sharing of data, open decision-making and enhanced reporting to executive management has become increasingly important
„ Board communications: A majority of organizations indicate they are changing the frequency and substance of their Board-level risk discussions
„ Risk committees: Companies have added committees focused on enterprise risk and / or crisis management
„ Specialty Skills: Leading companies are enhancing their risk and control functions and leveraging specialty skills to address business risk on a comprehensive basis
„ Monitoring: Ongoing monitoring and the escalation of risk has become more robust with greater clarity or information and enhanced consistency across risk functions
„ Governance: Overall, leading organizations are driving “Risk Governance” from a holistic business perspective
Transforming risk to create strategic value| 8© 2011 EYGM LimitedAll Rights Reserved
Leading companies transform their risk landscape to achieve strategic advantage
Strengthening risk governance
Embedding risk management principles
Integrating multiple risk functions
Enhancing business level performance
by... to achieve...Improved visibility, accountability and
transparency to stakeholders
Cost efficienciesand businessperformance
Risk management that supports
strategic objectives
EY Risk Performance ModelEY Risk Performance Model
Governance
Transforming risk to create strategic value| 9© 2011 EYGM LimitedAll Rights Reserved
Agenda/session overviewRisk Transformation Workshop topics
1. Setting the stage 60 minutes
„ Marketplace challenges„ Strategic risk management issues„ Achieving strategic advantage„ <Company> strategies and initiatives
2. Understanding your risk philosophy 45 minutes
„ Exercise 1: Desired risk outcomes„ Exercise 2: Continuum„ Exercise 3: Risk vision statements
3. Risk performance model discussions 180 minutes
„ Overview/Prioritize four levels„ Drill-down discussions
„ Leading practices„ Current state observations„ Maturity assessment„ Improvement opportunities
4. Prioritization, roadmap and next steps 45 minutes
„ Validation/prioritization of proposed efforts„ Business case development„ Action plan/next steps
Phase 1 Phase 2 Phase 3 Phase 4
Business- level
performance
Integrated
capabilit ies
Risk
management
Governance
Assess GRC
process maturity
Adopt a common risk
framework
Refine and operationalize
governance
model
Identify gaps to
achieve future state
Validate GRC business
objectives
Demonstrate
technology
enablement
Pilot risk
integration
Define risk
appetite
Ide
nti
fy/D
iag
no
se
Understand
risk capabilities
Identify,
redundancies
and overlap
Document the rhythm of
the business
Embed risk capabilities
into the business
Measure and
monitor risk
performance
Roll-out risk
integration strategy
enterprise-wide
Improve on and
implement at the
business level
Leverage risk data
analytics/predictive modeling to
Improve decision making
Dia
gn
os
e/D
es
ign
De
sig
n/D
eliv
er
De
liv
er/
Su
sta
in
Internal
AuditRisk
Management
Businessunit
Businessunit
Businessunit
Businessunit
ComplianceInternal
Control
Informat ion
Technology
Legal and
Regulatory
External
Audit
Board/ senior management oversight
Audit
committee
Risk
committee
Other
committees
Siloed risk funct ions impede value, increase costsand reduce business level performance
EY Risk Performance Model
Governance
Transforming risk to create strategic value| 10© 2011 EYGM LimitedAll Rights Reserved
Defining a practical path forwardConduct a visioning session