Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dealing with New and Emerging Risks in an Ever Changing World Paul J. Sobel Vice President/Chief Audit Executive – Georgia-Pacific, LLC Vice Chair – Professional.

Published byLogan Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Dealing with New and Emerging Risks in an Ever Changing World Paul J. Sobel Vice President/Chief Audit Executive – Georgia-Pacific, LLC Vice Chair – Professional."— Presentation transcript:

1 Dealing with New and Emerging Risks in an Ever Changing World Paul J. Sobel Vice President/Chief Audit Executive – Georgia-Pacific, LLC Vice Chair – Professional Development for The Institute of Internal Auditors

2 Presentation Outline The Changing World Impact of Emerging Risks Evolving Risk Assessment Approach Dealing with Risks in a Dynamic Business World Summary 2

3 The Changing World Global and organizational change Stressed financial structure and cash availability Bankruptcy and restructuring Fraud from many fronts Legislative imperatives and pressure Technological innovation Competition for market share Shareholders demanding increased accountability Client’s changing expectations Pressure/expectations from stakeholders and citizens Strategic alliances Mergers and acquisitions 3

4 Impact of Emerging Risks New risks keep emerging Risk interdependencies are creating almost unimaginable risk scenarios Speed of change has rendered static, annual risk assessments almost meaningless There seems to be very little tolerance for ineffective risk management 4

5 Evolution of Risk Assessments In the 1980’s a formal risk assessment was an uncommon, somewhat unsophisticated practice In the 1990’s risk assessment became a “leading practice” ◦ While it was more structured and sophisticated, it still left many “blind spots” In the early 2000’s, annual risk assessments were a standard practice ◦ Some were updating risk assessments more frequently ◦ Still had “blind spot” issues The financial crisis beginning in 2008 caused many to question the value of risk assessments 5

6 Risk Identification Approach Continually scan the risk environment ◦ Check available public documents ◦ Search for specialist publications  A lot of good stuff from outside the United States ◦ Deeper knowledge sharing with competitors Brainstorm previously unimaginable risk scenarios ◦ Disciplined structured process  Embedded in strategic planning (60% of failures relate to strategic risks) ◦ Extensive consideration of interdependent risks ◦ May need to bring in specialists (e.g., economists, analysts, deal makers, regulatory experts) Consistently challenge the completeness and veracity of all risk assumptions 6

7 Risk Assessment – The Past Traditionally focused on Impact and Likelihood Tends to be single point outcomes as opposed to range of outcomes A good foundation, but is it robust enough in today’s business world? LIKELIHOOD IMPACT RemotePossibleProbable High Low Medium 7

8 Other Risk Assessment Factors Velocity Readiness Capacity Controllability Monitorability Interdependencies Frequency of occurrence Volatility Maturity Degree of confidence 8

9 Risk Velocity This has become the risk assessment “criteria du jour;” however, there are different types of velocity Speed of onset ◦ How quickly does the risk descend upon us? ◦ Do we have much warning? Speed of impact ◦ Do we feel the effects right away, or does the pain slowly increase? ◦ Does it spread and impact us in other ways; e.g. reputation? Speed of reaction ◦ Even if we see it coming, do we have the agility to timely react? 9

10 Risk Readiness Given that risk represents uncertainty, how ready are we to deal with a risk event? Focus is on an organization’s ability to: ◦ Recognize the onset of the risk ◦ Respond timely and effectively Must also consider 3 rd parties’ ability to respond timely and effectively Risk readiness is really the response part of the risk velocity criteria 10

11 Risk Capacity Decisions regarding risk readiness must consider an organization’s capacity to absorb or take on risk First consider organization’s appetite and tolerance for the risk outcomes (before sustainability is impacted) ◦ Resilience to consequences ◦ Cost/pain to manage Also consider recovery time – i.e., how long until the outcomes/effects are no longer felt 11

12 Controllability – Do we even have the ability to mitigate/control the risk? Monitorability – Can we monitor: ◦ Risk signposts to anticipate risk onset? ◦ Risk impact to understand how much we’re bleeding? Interdependencies with other risks ◦ Vulnerability to other risks being triggered ◦ Correlation with other risks (Charles Kindleberger) Other Risk Characteristics 12

13 Frequency of Occurrence – Will a risk occurrence likely be a single event or will it occur multiple times? Risk Volatility – Does the risk lend itself to an infrequent assessment (e.g., annually) or should it be re-assessed on a regular basis? Risk Management Maturity – Is our risk management mature enough to trust our initial reaction to a risk event? Degree of Confidence – How confident are we in our risk assessment judgments? Other Risk Characteristics 13

14 How Do You Make Sense of all This Information? Mapping Multiple Dimensions Won’t Work! 14

15 A Possible Approach? 1. Start with traditional impact/likelihood assessment 2. Determine which Other Risk Assessment Factors are relevant and meaningful 3. Assess whether those factors will significantly, moderately or negligibly affect: How the risk is managed How the risk is prioritized relative to other risks How the risk is monitored and reported 15

16 One Example RiskImpactLikelihoodFactor AFactor BPriority AAAHigh 1 BBBHighMedium2 CCCMediumHigh3 DDDHighLow4 EEEMedium 5 FFFLowHigh6 GGGMediumLow7 HHHLowMedium8 IIILow 9 16

17 One Example RiskImpactLikelihoodFactor AFactor BPriority AAAHigh 1 BBBHighMedium3 CCCMediumHigh5 DDDHighLow2 EEEMedium 4 FFFLowHigh6 GGGMediumLow8 HHHLowMedium7 IIILow 9 17

18 A Few Cautions A Few Cautions Don’t make it too formulaic – it’s still primarily about judgments! Never lose sight of the fact that risk assessment must tie back to strategy Plan ahead for how you’ll respond to significant risk events ◦ Decisive decision vs. consensus building ◦ Initial response may differ from long-term response 18

19 Dealing with Risks in a Dynamic Business World No one-size-fits-all or simple answers Starts with good risk information ◦ Identify risk events early ◦ Initiate risk actions quickly ◦ Monitor effectiveness of risk actions Must have a good escalation process ◦ Who needs what information and when? Don’t just treat the symptoms; cure the disease Be flexible to change; don’t become too attached to what worked in the past 19

20 In Summary We live in a dynamic, ever changing business world ◦ The speed of change will continue to increase ◦ The impact of mistakes will become even greater Identifying possible emerging risk scenarios will be critical to success ◦ In particular, scenarios among interdependent risks Risk assessment must consider criteria beyond Impact and Likelihood ◦ But don’t make it too complex; it’s still about judgments Dealing with risk events requires a structured and disciplined approach; an ad hoc, reactionary approach won’t cut it 20

21 QUESTIONS? paul.sobel@gapac.com 21

Download ppt "Dealing with New and Emerging Risks in an Ever Changing World Paul J. Sobel Vice President/Chief Audit Executive – Georgia-Pacific, LLC Vice Chair – Professional."

Similar presentations

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Entrepreneurial Mind-Set

Entrepreneurial Mind-Set
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
NEW DEMANDS ON OUTSOURCING: THE LONG-RUN PERSPECTIVE.

NEW DEMANDS ON OUTSOURCING: THE LONG-RUN PERSPECTIVE.
Organization Development and Change

Organization Development and Change
Copyright ©2015 Pearson Education, Inc Strategy Review, Evaluation, and Control Chapter Nine 9-1.

Copyright ©2015 Pearson Education, Inc Strategy Review, Evaluation, and Control Chapter Nine 9-1.
Managing the Information Technology Resource Course Introduction.

Managing the Information Technology Resource Course Introduction.
8 Managing Risk Teaching Strategies

8 Managing Risk Teaching Strategies
CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.

CORPORATE RISK MANAGEMENT & INSURANCE BY R P BLAH D.G.M. INCHARGE THE ORIENTAL INSURANCE COMPANY LIMITED REGIONAL OFFICE BHUBANESWAR.
© 2009 Factory Strategies Group LLC. All rights reserved. Competitive Intelligence Enterprise Excellence Series.

© 2009 Factory Strategies Group LLC. All rights reserved. Competitive Intelligence Enterprise Excellence Series.
Supply Chain Management (SCM) Forecasting 3

Supply Chain Management (SCM) Forecasting 3
Strategy Review, Evaluation, and Control

Strategy Review, Evaluation, and Control
Chapter 2 Strategic Training

Chapter 2 Strategic Training
Sustaining Change in Higher Education J. Douglas Toma Associate Professor Institute of Higher Education University of Georgia May 28, 2004.

Sustaining Change in Higher Education J. Douglas Toma Associate Professor Institute of Higher Education University of Georgia May 28, 2004.
DEVELOPMENT OF PERFORMANCE MEASUREMENT SYSTEM ACCORDING TO BUSINESS ENVIRONMENT: AN SME PERSPECTIVE Lina Kloviene, Kaunas University of Technology, 2013.

DEVELOPMENT OF PERFORMANCE MEASUREMENT SYSTEM ACCORDING TO BUSINESS ENVIRONMENT: AN SME PERSPECTIVE Lina Kloviene, Kaunas University of Technology, 2013.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Strategy Review, Evaluation, and Control Chapter Nine.

Strategy Review, Evaluation, and Control Chapter Nine.

Similar presentations

Ads by Google