Download presentation
Presentation is loading. Please wait.
Published byShanon Newton Modified over 8 years ago
2
All Change! Seminar 8 th June 2016 Board Engagement – framing the board’s risk conversation
3
The risk train is gathering speed There is a trend towards increased board engagement with risk managers There is an emerging gap in board expertise and a need for advice This presents an opportunity for Airmic members Risk managers need to understand corporate strategy and partner with their peers Our members need tools to help discussions with the board Airmic is working with ICSA, CBI, FRC and the Chairman's Forum to develop the risk agenda and raise the risk profile
4
To share the draft outline of joint guidance aimed at boards to be published by the working group in the autumn. A key message will be that that there is a real need to support the board and Airmic’s objective is that our members are given the opportunity to provide this support. To counsel feedback from Airmic members based on the draft outline of the joint guidance at this critical stage in its progress. Tom Teixeira Julia Graham Leslie Kurshan Objectives of this seminar
5
The Management and Reporting of Risk
6
A Research and Consultation Programme into the impacts of the changes to the UK Corporate Governance Code on Risk conducted by a partnership of The Chairmen’s Forum, CIMA, AIRMIC and Alvarez & Marsal. A series of one-to-one meetings and Consultative Breakfasts with Chairmen, CEOs, CFOs and NEDs from across the FTSE 350. Chairs have included Sir Win Bischoff, Chairman of the FRC, Sir Roger Carr, Chairman of BAE Systems PLC, and Steve Marshall, Chairman of Wincanton. More events planned include a breakfast meeting on 16th June with David Styles. FRC Director of Corporate Governance, and group meetings and one-to-ones with CFOs, CoSecs, CROs and Committee Chairs. PROGRAMME UPDATE
7
A rich collection of views, concerns and ‘top tips’ from business leaders including :- It is the responsibility of the Board to properly understand the business that they have governance oversight of. Risk should move beyond a process requirement to become a business plan contributor. Whilst changes to the code have been driven primarily by the 2008 financial crisis, it is applicable to other sectors (not just the financial) where high levels of regulation and oversight are evident. The broader commercial sector must come to terms with the increased reporting requirements without it resulting in over-regulation. Guidance on the code has been deliberately limited to allow Boards to determine their own response. Clearer direction is anticipated after three years of ‘bedding in’. The timescale required for the Viability Statement has been left ‘open’ but three years appears to be the general expectation. Companies in highly regulated sectors may see an advantage in taking a longer term view. The Viability Statement helps to ensure that risks are incorporated into the running of the business - this will help to remove the risk ‘glass ceiling’. KEY FINDINGS TO DATE I
8
A rich collection of views, concerns and ‘top tips’ from business leaders including :-. Too much transparency in reporting risk is dangerous and will lead to negative consequences. Leadership needs to make a judgement call as to what should be reported. Tangible risks are generally well understood but Boards must gain greater visibility and understanding of non-tangible risks in light of: The world is moving faster; greater connectivity and complexity; a wide array of challenges – for example, globalisation, environmental factors; technological disruption, social and political challenges, and a lack of trust in business. The key is to manage risk and Boards must equip themselves better to do so – process has replaced leadership and the ability to manage risk effectively in a crisis and to lead, has been lost. Getting the culture of an organisation right is vital for the effective management of risk – and culture starts at the top. KEY FINDINGS TO DATE II
9
© Copyright 2014. Alvarez & Marsal Holdings, LLC. All rights reserved. ALVAREZ & MARSAL®, ® and A&M® are trademarks of Alvarez & Marsal Holdings, LLC.
10
Pre-conference survey Risk management and risk education not fully integrated with wider business units (58%) Budget constraints (46%) Risk culture not embedded within organisation (38%) Risk management not integrated with strategy (32%) Lack of leadership / support (15%) Risk management team not given access to the Board (6%) Lower levels of confidence for less ‘traditional’ risks Airmic member views Question: How can risk management and risk education be integrated more effectively?
11
FRC CODE REQUIREMENTSTARGETED ‘GOOD OUTCOMES’ 1. Robust management processes Appropriate risk management and internal control systems designed and implemented Risk management roles and responsibilities articulated and embedded in role profiles Risk Management System in place and operated to an agreed level of Risk Maturity Risk Maturity performance assessed as part of the system for internal audit. 2. Principal risks and risk appetite Assessment of the nature and extent of the principal risks and the risks the organisation is willing to take Risk Appetite agreed, embedded in Risk Policy and communicated Risk evaluated against Risk Appetite Principal Risks identified, assessed, responsibility assigned and reported to the Board Principal Risks subjected to regular scenario analysis Continuous horizon scanning undertaken and integrated with the review of Strategic Business Objectives and Principal Risks 3. Culture and risk assurance Development of appropriate culture and reward systems embedded throughout the organisation Reward and incentive structures in place to support the agreed risk strategy 4. Risk profile and risk mitigation The means by which the principal risks are managed or mitigated to reduce the their likelihood and/or impact Principal risk controls identified, assessed and responsibilities assigned and reported to the Board 5. Monitoring and review processes The monitoring and review of risk systems to ensure they are functioning effectively Crisis management plans in place and responsibilities assigned Plan tested against scenarios Lessons learned from scenarios documented and integrated within plans 6. Risk communication and reporting The implementation of internal and external information and communication processes Board well informed on critical risk issues (no risk management ‘glass ceiling’)
12
The cost and probability of risk is often underestimated – including the time to fix the problem Risk taking remains a fundamental driving force in business The FRC state that risk management should support better decision making in line with sustainable strategies All boards must understand risk and opportunity Risk guidance is intended to raise the bar of governance and includes updated reporting requirements for: principal risks the company’s risk management system the requirement to publish a viability statement Context of the Report
13
Key principles Key principles: Frame the board conversation Reflect the importance of resilience Emphasise that the board conversation must be integrated with other governance and management processes Acknowledge real time constraints and challenges faced by the board How the boards can do this: Key areas boards need to address to meet code requirements Within the context of the business model Provocations for action to address ‘hot spots’ Specific focus on cyber and culture A Tool Kit to help boards lead ‘better businesses’
14
The tool kit The Toolkit: Guidance on the core risk management responsibilities of the board within the business model A series of specific ‘provocations’ Risk Culture barometer The Cyber risk governance D & O liability issues
15
Proposed provocations 1.Risk Appetite 2.Board Diversity 3.Behaviour and Culture 4.Responsibilities and Performance Review 5.Risk Glass Ceiling 6.Changing Data into Insight 7.Learning from Experience 8.Agility 9.Rapid Response and Crisis Management 10.Principal Risks Scenarios Question: Are these provocations fit for purpose?
16
1. Aligning decision making with risk appetite Definition.......................... Board check list 1.Business units defined 2.Risk appetite defined for each unit 3.Decision making assigned 4.Decision making measured 5.Residual risk exposure measured 6...... 7...... Board agenda Who makes the decisions? Is risk taking within agreed boundaries? Is risk being measured? Is risk being reported? Is best practice shared? Question: Would a template like this help you?
17
Cyber risks dominate concerns of today’s large companies Cyber risk is predicted to increase in severity Senior business leaders report they are comfortable with: understanding of the organisation’s key information and data assets understanding of the potential impact from the loss of/disruption to key information and data assets cyber risk framework, culture and expertise However the same surveys indicate the subject is not fully discussed or understood at the top Risk managers report limited risk integration and education There is a cyber governance gap The cyber governance gap
18
Looking at behaviour down the risk culture lens Project Purpose and Objectives To understand and develop the role of boards in shaping and embedding a healthy corporate culture. To add value by identifying best practice and developing practical, market-led ‘how to’ type resources to help boards take effective action on culture. Question: Do you have or would you use a culture metrics tool?
19
Culture Architecture Risk governance Risk appetite Metrics Metrics Leadership: e.g. risk appetite People: e.g. avoiding blame culture Reward and Recognition: e.g. performance reviews Communication: e.g. effective information sharing Operations: e.g. effective training Performance and Evaluation: e.g. feedback practice Continuous improvement: e.g. assessment of emerging risks
20
Directors and Officers (D&O) Insurance Evolving Risks and Solutions LESLIE KURSHAN Head of Product Development for Financial and Professional Lines Marsh UK
21
MARSH Evolving Risk Landscape Concern for the “Innocent Executive” Falsely accused by a whistle-blower or subordinate. Participated in longstanding customary conduct later attacked as illegal. Criticised conduct, but persuaded to withdraw those criticisms. Companies Pressure to show commitment to lawfulness. Increased role in investigation and enforcement. Potential conflicts with individuals.
22
MARSH D&O Insurance Evolving Solutions Traditional construct of D&O cover, protection available. For individuals – proceedings, demands in relation to wrongful acts, formal investigations. For company – securities proceedings by shareholders. Challenges: Investigations. Potential criminal liabilities. Conflicts of interest. Insurer responses.
23
Statements concerning legal, tax or accounting matters should be understood to be general observations based solely on our experience as insurance brokers and risk consultants and should not be relied upon as legal, tax or accounting advice, which we are not authorised to provide. This PowerPoint™ presentation is based on sources we believe reliable and should be understood to be general risk management and insurance information only. Marsh Ltd is authorised and regulated by the Financial Conduct Authority. Copyright © 2016 Marsh Ltd All rights reserved Registered in England and Wales Number: 1507274, Registered Office: 1 Tower Place West, Tower Place, London EC3R 5BU.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.