Presentation is loading. Please wait.

Presentation is loading. Please wait.

Organisational risk management

Published byGeorge Bartholomew Miller Modified over 9 years ago

Similar presentations

Presentation on theme: "Organisational risk management"— Presentation transcript:

1 Organisational risk management
Anton Usher 19 March 2014

2 Overview A whistle stop risk review
19/04/2017 Overview A whistle stop risk review Risk in Australian corporate governance The benefits of organisational risk maturity Risk management and in-house counsel The evolution of in-house counsel’s role In-house counsel’s contribution to risk management Integrating risk management within your organisation Using an enterprise risk management framework Using a compliance framework Using a risk based internal auditing approach Key takeaways © Sparke Helmore 2011

3 A whistle stop risk review
19/04/2017 A whistle stop risk review © Sparke Helmore 2011

4 A global view: top risks in 2013
Aon global Lloyds global Deloitte global Aon Asia-Pac Economic slowdown / slow recovery High taxation Economic trends Brand & image Regulatory / legislative changes Loss of customers / cancelled orders Business model Market environment (economic slowdown) Increasing competition Cyber risk Reputation Regulative / legislative changes Damage to reputation / brand Price of material inputs Competition Business interruption Failure to attract or retain top talent Excessively strict regulation Human resources Failure to innovate Changing legislation Lack of innovation Sources: Exploring Strategic Risk: A global survey, Deloitte, (2013) Survey completed by 300 companies (with annual revenues in excess of US$1 billion) representing consumer/industrial products, life sciences/health care, technology/media/telecommunications, energy and financial services industry sectors from the Americas, Europe/Middle East/Africa and Asia/Pacific < Lloyd’s Risk Index 2013, Lloyd’s, (2013) Survey completed by 588 companies (77% representing smaller businesses with an annual turnover of US$499 million or less and 23% representing larger companies with an annual turnover of US$500 million or more) across Asia-Pacific (31%), Europe (28%), North America (26%), Latin America (10%) and South Africa (5%) < Aon Global Risk Management Survey 2013, Aon Risk Solutions, (2013) Survey completed by 1,415 companies (encompassing small, medium and large entities) representing 28 industry sectors, in 70 countries from all regions of the world < Aon’s 2012/13 Australasian Risk Survey, Aon Risk Solutions Australia, (2013) Survey completed by 133 unique Australian and New Zealand organisations across 19 industries < © Sparke Helmore 2011

5 A selected industry view: top risks in 2013
1st risk concern 2nd risk concern 3rd risk concern Banks, Insurance, Investment & Finance Regulatory / legislative changes Economic slowdown Brand & image Education & not for profit Human resources Government Political risk & uncertainties Business interruption Utilities Natural disasters Natural resources Property damage Environmental risk Commodity price risk Non-aviation Transport Services Injury to workers Source: Aon’s 2012/13 Australasian Risk Survey, Aon Risk Solutions Australia, (2013) Survey completed by 133 unique Australian and New Zealand organisations across 19 industries < © Sparke Helmore 2011

6 Risk in Australian Corporate Governance
19/04/2017 Risk in Australian Corporate Governance © Sparke Helmore 2011

7 Increasing risk management prominence (1)
(Proposed) third edition of ASX Corporate Governance Principles and Recommendations Increases risk management prominence by recommending listed entities: establish a risk committee undertake risk management reviews at board / board committee level at least annually disclose whether, and if so how, they have regard to economic, environmental and social sustainability risks The ASX Corporate Governance Council issues the Corporate Governance Principles and Recommendations (Recommendations). The Recommendations are applicable to all ASX listed entities but reflect a contemporary view of appropriate corporate governance standards more generally. The Third Edition draft was issued in August 2013 and is planned to be introduced on 1 July 2014. The Third Edition is the first review of the Recommendations since the GFC. The Recommendations state that risk management reviews should enable the board to satisfy itself that the: entity’s risk management framework is sound, and entity is operating within the risk appetite set by the board. © Sparke Helmore 2011

8 Increasing risk management prominence (2)
New APRA risk governance measures: New Risk Management standard - CPS 220 Revised Governance standard - CPS 510 Increases risk management prominence by requiring: a separate board risk committee & designated CRO a risk management framework that: includes a risk management appetite and strategy addresses material risk (financial, operational, strategic) adopts a ‘three lines of defence’ risk governance model annual risk management declarations and three yearly risk management reviews at board risk committee level The APRA risk governance package was released on 31 January In addition to the Risk Management and Governance standards (which are effective from 1 January 2015), the package includes a draft Prudential Practice Guide CPG 220 Risk Management, on which comments are invited by 28 March You can find the package here: < The APRA risk governance package: Was foreshadowed in an important speech by the APRA Chairman, John Laker, delivered on 27 February This speech articulated the concept of risk governance and how it has risen to prominence following various global reviews into the governance failings in some major global financial institutions during the GFC. You can find the speech here: < Places a heavy emphasis on risk management for APRA regulated entities that is an understandable response to the GFC and other more recent global (but not Australian) banking scandals. Is an important governance development applicable to all corporations, especially in the listed sphere and also for large government owned corporations. © Sparke Helmore 2011

9 Risk governance: three lines of defence model
Source: Draft Prudential Practice Guide CPG 220 Risk Management, APRA, January 2014, p19. © Sparke Helmore 2011

10 The benefits of organisational risk maturity
19/04/2017 The benefits of organisational risk maturity © Sparke Helmore 2011

11 Prosperity is connected to risk maturity
19/04/2017 Prosperity is connected to risk maturity Lacking Basic Defined Operational Advanced Prosperity Current global research studies show a clear and direct statistical link between higher levels of risk maturity and an organisation's prosperity – particularly: increased share price returns reduced share price volatility higher return on equity performance higher revenue / EBITDA, and increased organisational resilience. See for example: Aon Risk Maturity Index Insight Report, November 2013, Aon Risk Solutions (2013): < Turning risk into results: How leading companies use risk management to fuel better performance, EY (2013): < Risk management maturity © Sparke Helmore 2011

12 Some characteristics of risk maturity
Board set risk management strategy & commit to it being critical in decision making A senior executive drives & facilitates implementation of risk management Transparency of risk communication Risk culture encourages full engagement & accountability at all levels Risk identification uses internal & external information Operational & financial risk information included in decision making processes Risk & risk management options are leveraged to extract value Adapted from: Aon Risk Maturity Index Insight Report, November 2013, Aon Risk Solutions (2013): <

13 Risk management & in-house counsel
19/04/2017 Risk management & in-house counsel © Sparke Helmore 2011

14 Evolution of in-house counsel’s role
19/04/2017 Evolution of in-house counsel’s role An Australian in-house counsel survey % response What does your executive team expect from you? Contributions to risk management Help in making commercial decisions 75% 51% What recent development has most impacted your role? Technological developments Increased regulations 66% 53% What is the greatest challenge for in-house counsel? Maintaining a work/life balance Keeping pace with legislative changes 32% Source: Institute of Knowledge Development, The role of legal counsel survey (2005) © Sparke Helmore 2011

15 In-house counsel’s contribution to risk management
19/04/2017 In-house counsel’s contribution to risk management HELP your Executive/Board answer these questions: Do we have a handle on critical organisation risks and our ability to respond? Is the top-down strategic view of critical organisation risks right? Is the effort being put into risk processes aligned with the risk priorities? Are our systems and people capable of responding to these risks? Is risk management “built into” the way we do business or is it “added-on”? USE an enterprise risk management approach that is: Consistent with ISO AS/NZS 31000 Tailored to your organisation Practical and value adding © Sparke Helmore 2011

16 Integrating risk management
19/04/2017 Integrating risk management © Sparke Helmore 2011

17 Enterprise risk management framework
19/04/2017 Enterprise risk management framework © Sparke Helmore 2011

18 Identifying risks that matter
19/04/2017 Identifying risks that matter Risks that don’t matter Risks that matter Successfully achieved corporate objectives © Sparke Helmore 2011

19 A risk to successful delivery of objective
19/04/2017 A risk to successful delivery of objective Objective Critical success factor 1 Critical success factor 2 Risk © Sparke Helmore 2011

20 Using sources of risk to identify risk
19/04/2017 Using sources of risk to identify risk External Stakeholders Community Political / Government Clients Suppliers Competitors Reputation Regulatory / contractual Internal Strategic and business Budgetary Governance Legal IT Human resources and skills Knowledge management Change management © Sparke Helmore 2011

21 Critical success factors
19/04/2017 An example risk Objective Critical success factors Reduce workers compensation premium by 10% by FY14/15 renewal Existing claims liability reserves are reduced Systemic claim causes are mitigated Risk: poor incident data quality © Sparke Helmore 2011

22 Use a heat map to assess and report risk
19/04/2017 Use a heat map to assess and report risk Definitions: Risk: the effect of uncertainty/chance on successful achievement of Corporate objectives Inherent risk: the level of risk without regard to the effect of planned risk mitigation strategies Residual risk: the level of risk with regard to the effect of planned risk mitigation strategies External risks: risks that emanate from external factors and/or involve external parties Internal risks: risks that emanate from within the organisation Risk tolerance: the level of risk beyond which the organisation is not prepared to tolerate and which must be reduced Preparedness: the extent to which the organisation is prepared for the consequences of the risk and/or to implement proposed risk mitigation strategies Likelihood: the probability or chance of the risk occurring Consequence: the impact on the organisation if the risk does eventuate Risk level: determined by combining risk likelihood with risk consequence © Sparke Helmore 2011

23 Using a compliance framework
A compliance framework defines what you: HAVE to do (legal and regulatory obligations) WANT to do (organisational requirements) VOLUNTARILY do (organisational commitments) Legal and regulatory obligations might include: Corporations Act ASX Listing Rules Employment law Workplace health and safety law Mining and resources law (Commonwealth and State), and many many more! Organisational requirements include: industry codes of practice, and voluntary industry body membership requirements (e.g. Chamber of Commerce requirements). Organisational commitments are usually: found in organisational policies & procedures, and designed to meet a specific business need. Note: Internal policy is not normally a legal MUST do, but it can be a MUST do if it is: included within terms of employment, and/or designed to meet a regulatory need. © Sparke Helmore 2011

24 An empowering compliance framework
Compliance = achieving business objectives safely Compliance Standard - AS/NZS 3806:2006: Provides a compliance framework that is about designing controls (policy and procedure) to achieve compliance with obligations Recognises organisation size, structure and nature affects compliance program design and management Comprises 12 principles covering: Commitment (principles 1 – 5) Implementation (principles 6 – 9) Monitoring and Measuring (principles 10 and 11) Continuous Improvement (principle 12) © Sparke Helmore 2011

25 Prioritising legislative compliance obligations
Using a legislative compliance register helps prioritise key areas of legislative / regulatory compliance. Prioritisation is risk based having regard to the impact of non-compliance on: the organisation (including penalties), and the organisation’s clients/customers (losses etc). A legislative compliance register enables: compliance risk to be rated compliance requirements to be clearly identified compliance accountability to be clearly identified, and effective compliance monitoring. © Sparke Helmore 2011

26 Why use a risk based internal auditing approach
Risk based internal auditing (RBIA): is independent and objective evaluates and improves risk management effectiveness helps achieve corporate objectives © Sparke Helmore 2011

27 RBIA adds value RBIA is linked to the risk assessment process
RBIA focusses on: areas of high risk key control systems for high risk areas, testing: control design – operational effectiveness control operation – operational compliance © Sparke Helmore 2011

28 Use risk based internal audit ratings
Internal audits should be given overall risk ratings reflecting the level of inherent risk associated with the activity within the audit scope and the effectiveness of internal controls Other RBIA benefits Assurance audits with extreme/high audit ratings become key inputs in the risk assessment process and inform future risk management plans. Risk based assurance auditing of internal controls for high risk areas: reinforces a shared common view of key risks relative to others at senior levels challenges risk assessment and controls, and helps identify common themes. © Sparke Helmore 2011

29 Key takeaways Risk management is becoming more prominent in Australian corporate governance Risk mature organisations do better In-house counsel has a key role in contributing to effective organisational risk management Enterprise risk management adds value by: prioritising risk mitigation effort prioritising and helping to ensure compliance obligations are met helping to ensure risk mitigation effectiveness helping to achieve corporate objectives © Sparke Helmore 2011

30 Thank you

Download ppt "Organisational risk management"

Similar presentations

Board Governance: A Key to Quality Organizations

Board Governance: A Key to Quality Organizations
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Evolutionary not Revolutionary: Coming to grips with the 3 rd edition of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations.

Evolutionary not Revolutionary: Coming to grips with the 3 rd edition of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
MODULE 3 THE ENVIRONMENTAL PRINCIPLES Session 2: Principle 8

MODULE 3 THE ENVIRONMENTAL PRINCIPLES Session 2: Principle 8
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
ISO General Awareness Training

ISO General Awareness Training
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
USING ANALYTICS What to Take Away?

USING ANALYTICS What to Take Away?
PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
PAINTING THE FULL PICTURE

PAINTING THE FULL PICTURE
Planning for the Future Board approved Board approved o 10+ Year Envisioned Future o 3-5 Year Strategy Map o FY14 Operational Objectives o Input was obtained.

Planning for the Future Board approved Board approved o 10+ Year Envisioned Future o 3-5 Year Strategy Map o FY14 Operational Objectives o Input was obtained.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Forging a Risk Management Career Path: How Industry Leaders Are Developed.

Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Forging a Risk Management Career Path: How Industry Leaders Are Developed.

Similar presentations

Ads by Google