1 2010 RMIA Members Forum Primary focus for RMIA in 2011 Risk Management How to manage your brand & build business resilience to improve your bottom line Grant Whitehorn RMIA Chief Executive Officer CPA Congress - Brisbane, Melbourne & Sydney October /05/2012 0
2 Overview What is your Brand and reputation worth Risk Management vs. Business Resilience... what s the difference? What are the essential elements of a resilient organisation How to achieve Business Resilience & KPI s for measuring success
3 What is your Brand & Reputation worth?
7 What is Reputation Risk Management? The effective management of risks associated with your corporate reputation (identity, brand and stakeholder perceptions).
8 What is Corporate Reputation? Corporate Identity: Name, logo, typeface, look & feel, colour scheme, etc + Corporate Image: Total impression the entity makes on people + Perceptions: Appropriate role and behaviour of the entity = Corporate Brand or Reputation
9 Reputation risks are important as they impact on your stakeholders... Customers Employees Regulators Suppliers Advisers Banks / Investors Ratings Agencies Shareholders Competitors Communities
10 And is increasingly important because... The move from products and services to the customer experience customer expectations The rise of consumer power Globalisation and ease of access eg: shopping online, e-commerce, etc Regulatory and reporting requirements Brand value = $$$ (considered a commodity) Share Market expectations Competitive advantage
11 The consequences of a damaged reputation... Loss of Share Price Reduction in Brand Value Poor Employee Morale Loss of Sales / Turnover Loss of Clients / Customer Retention Loss of Staff / Recruitment and Retention Damage to Strategic Relationships Bankruptcy
14 The benefits of effective reputation risk management... Improve relations with shareholders Increase customer satisfaction Increase investment attraction Recruit and retain valued employees Customer loyalty Supplier stability Secure premium pricing for products and services Minimise threat of litigation or more regulation Reduce the potential for crisis Reinforce trust and market credibility
15 Who is responsible for managing reputation risks?
18 Risk Management vs. Business Resilience......what s the difference?
19 Risk Management Philosophy: All Management is Risk Management!
20 What is a Risk? Risk is defined as: the effect of uncertainty on objectives (AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines)
21 What is Risk Management? Coordinated activities to direct and control an organisation with regard to risk (AS/NZS ISO 31000:2009 Risk Management Principles and Guidelines)
22 What s the Difference between Risk & Uncertainty? Uncertainty Things that will happen uncertainty about their magnitude Risk Things that may or may not happen Have a probability of occurrence & an impact if they happen
23 What is the Relationship between a Hazard and a Risk? RISK = [HAZARD] x [EXPOSURE] Hazard x Exposure = Iceberg x Travelling too close to it = Risk Risk of Collision
24 What is an Opportunity or Upside Risk? The occurrence of a favourable event that is due to: Changes in the environment Risks that were managed efficiently and effectively A chance to save time or money or improve capability A chance to sell a positive message
25 Business Resilience It is not the strongest or most intelligent that survive, it is the most adaptable to change Charles Darwin,
26 Defining Resilience... The adaptive capacity of an organisation in a complex and changing environment. Source: ISO Guide 73
27 Defining Resilience... Resilience is an organisation s state of being resulting from the management of uncertainty in a complex adaptive system. An indicator of this state of being is an organisations adaptive capacity. Source: RMIA Resilience White Paper, 2009
28 There are 4 different types of Resilience: 1) Individual Resilience 2) Community Resilience 3) Organisational Resilience 4) Sector Resilience
29 For example Individual Resilience Healthy or weak, support from Family & Friends, educated or ignorant, etc. Community Resilience Rural vs. Urban, Transportation, Internet access, Electricity, Bushfires, etc. Organisational Resilience Proactive vs. reactive leadership, adaptive culture, survival vs. injury/death, profit or loss, etc. Sector Resilience Global Financial Crisis or business opportunity?
30 Reference: Page 5
31 What are the essential elements of a resilient organisation?
32 Resilience arises from a combination of culture and attitude, process and framework.
33 Are these practices embedded into your organisation s policies, processes, systems, values & culture? Enterprise Risk Management or Risk & Opportunity Management Business Continuity Management & Crisis/Emergency Management Security Risk Management Safety Management Environmental Management Sustainability & Ecologically Sustainable Development (ESD) Corporate Social Responsibility Quality Management Ethics, Integrity, Fraud Control, AML & Corruption Control Corporate Governance, Strategy & Business Planning Compliance & Audit Management - Legal, Regulatory, Policy, Process, Performance, IT, Finance, etc Cultural Change Management & Organisational Development
34 INTERNAL COMPONENTS Physical Components Human Components Process Components Risks, Hazards, Risk Management & ERM what s the difference? Buildings Offices / Sites Comms Board Direct Planning ERM and IT Hardware and Management Continuity Plans Equipment Security Relationships Staff Emergency Management Hazard - a source of potential harm (HB ) Vehicles Management Leadership Cash flow Occupational Health and Safety (OH&S) refers mainly to hazards. Software/IP Succession Brand knowledge Inventory Staff Welfare Insurance Risk the chance of something happening that will have an impact on objectives (AS/NZS 4360:2004) Services Generators Information & Backup Fuel Supplies Knowledge Privacy Risk the effect of uncertainty on objectives (ISO31000 Draft International Risk Management Standard, due for release in late 2008) IT Networks Training/review EXTERNAL COMPONENTS Risk Management coordinated activities to direct and Physical control Components an organisation Human with Components regard to risk Process Components (Draft ISO31000) Services Electricity Comms Emergency Services Indirect Interconnectedness The purpose Water of managing and risk is to Local give authority you more Planning control over Govt. your Legislation business to maximise the achievement of objectives. Sewerage Relationships Customers Contracts Telecomms Suppliers Reputation/Image Transport Media
35 How to achieve Business Resilience & KPI s for measuring success
37 Situation Awareness Indicators: Situation Awareness Attribute Indicator Description Roles and Responsibilities Hazards and Consequences SA 1 SA 2 Awareness of roles and responsibilities of staff internally in an organisation and the roles and responsibilities of the organisation to its community of stakeholders Awareness of the range of hazard types and their consequences (positive and negative) that the organisation may be exposed to. Network Interdependencies SA3 Awareness of the links between the organisation and its entire community of stakeholders, internally (staff) and externally (customers, local authorities, consultants, competitors etc). Insurance SA 4 Awareness of the obligations and limitations in relation to business interruption insurance and other insurance packages that the organisation may have or have available, business advice and mentoring services, government aid etc. Recovery Priorities SA 5 Awareness of minimum operating requirements and the priorities involved in meeting these requirements, together with expectations of key stakeholders.
38 Keystone Vulnerabilities Indicators: Key Vulnerabilities Attribute Indicator Description Planning KV 1 The extent to which the organisation has participated in planning activities including risk management, business continuity and emergency management planning. Exercises KV 2 The extent to which the organisation has been involved in external emergency exercises or created exercises internally for staff and stakeholders. Internal Resources KV 3 The capability and capacity of physical, human and process related resources to meet expected minimum operating requirements in a crisis. Includes economic strengths, succession and structural integrity of buildings. External Resources KV 4 The expectations of the organisation for the availability and effectiveness of external resources to assist the organisation in a crisis. Connectivity KV 5 The extent to which the organisation has become involved with other critical organisations to ensure the availability of expertise and resources in the event of a crisis.
39 Adaptive Capacity Indicators: Adaptive Capacity Attribute Indicator Description Silo Mentality AC 1 The degree to which the organisation experiences the negative impacts of silo mentality and the occurrence of strategies in place for mitigating them. Communications and Relationships AC 2 The effectiveness of communication pathways and relationships with all stakeholders, both internally and externally in day-to-day and crisis situations. Strategic Vision AC 3 The extent to which the organisation has developed a strategic vision for future operations and the degree to which that is successfully articulated through the organisation. Information and Knowledge AC 4 The degree to which information and knowledge is acquired, retained and transferred throughout the organisation and between linked organisations. Leadership and Management AC 5 The degree to which leadership and management encourage flexibility and creativity in the organisation and how successful decision making is in times of crisis.
40 What s your risk appetite?
42 Questions? Grant Whitehorn Chief Executive Officer Risk Management Institution of Australasia Limited Phone: (02)
43 Representing the practice of Risk Management for over 30 years.
44 We value your feedback. Visit Congress Mobile and rate this session Join the conversation:
A guide for members APES 325 Risk Management for Firms An explanation and introduction to APES 325 Risk Management for Firms Overview of the scope and application of a risk management framework. APES 325
Reputation competitive advantage speed to market safety Further excellence trust Data security risk management business continuity HOW CAN YOU CREATE AND SECURE SUSTAINABLE BUSINESS? SOLUTIONS FOR MANAGING
Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review
Benchmarking resilience Organisational Resilience to Extreme Climatic Events This project compares Sydney Water s organisational resilience and practices with other water utilities to identify strengths
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and
Role Profile: Risk and Compliance Manager Location: Adelaide, South Australia. Reports to: Executive Director School Services. Qualifications: Relevant tertiary qualifications. Remuneration: Based on skills,
International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
Health, Safety and Environment Management System For Bridgeport Energy Ltd Level 7, 111 Pacific Highway North Sydney 2011 June, 2010 DOCUMENT CONTROL Title: Document Number: Health, Safety and Environmental
Integrated Management Policy Document reference number Document developed by Quality and Patient Safety Directorate Revision number 4 Document approved by Quality and Patient Safety Directorate Approval
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval
Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies Owner / Principal Advance Profitplan Understanding Principles & Concepts Page 1 of 10 Revision
SAI GLOBAL LIMITED Risk Management Policy SAI Global Ltd ABN 67050611642 Last Updated: February 2012 Contents 1. Risk Management... 3 2. Policy... 3 3. Risk Management Philosophy... 3 4. Risk Appetite...
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well
Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous
Effective risk management Our holistic and disciplined risk management program is designed to mitigate risks at all levels of our business in order to protect our clients interests. 2 Vanguard > Effective
Strategic Plan New Zealand Fire Service Commission to 2005 2010 Table of contents Forward from the Chairperson...3 Summarises the purpose, content and logic behind the Commission s strategic direction.
Australian Work Health and Safety Strategy 2012 2022 Healthy, safe and productive working lives Creative Commons ISBN 978-0-642-78566-4 [PDF online] ISBN 978-0-642-78565-7 [Print] With the exception of
Risk Management in the HSE; An Information Handbook Document reference number Revision number OQR011 Revision date October 2011 Review date Document developed by 5 Document approved by October 2013 Responsibility
1 Risk management + Strategic planning IT TAKES AN ENTIRE ORGANIZATION Background 2 Technology has become the central component of business operations Businesses have become more vulnerable to risks associated
The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute
15 December 2015 General Risk Control and Management Policy Content 1. Purpose 3 2. Scope 3 3. Risk Factors - Definitions 3 4. Basic Principles 4 5. Comprehensive Risk Control and Management System 4 6.
COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY 1. INTRODUCTION The effective management of risk is central to the ongoing success and resilience of Coca-Cola Hellenic Bottling Company (CCHBC).
Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
Risk Management Policy DOCUMENT CONTROL Developed by: Date: Origination: Quality, Systems & Shared s March 2014 Authorised by: Colette Kelleher April 2014 DOCUMENT REVIEW HISTORY Original Circulation date:
Risk Management Risk Policy and Procedures Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
Module 4 Risk assessment for your AML/CTF program AML/CTF Programs Risk assessment for your AML/CTF program Page 1 of 27 Module 4 Risk assessment for your AML/CTF program Risk assessment for your AML/CTF
CLIENT INFORMATION PACK VICTORIAN OFFICE Ground Floor, 51-65 Clarke Street Southbank Victoria 3006 Fax: +61 8689 1888 INTRODUCING BRI BUSINESS RISKS INTERNATIONAL WAS INCORPORATED IN 1989. DURING THE FIRST
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
Release: 1 BSBCON601B Develop and maintain business continuity plans BSBCON601B Develop and maintain business continuity plans Modification History Release Release 1 Comments This version first released
Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
EXECUTIVE SAFETY LEADERSHIP EXECUTIVE SUMMARY This guide offers clear explanations of health and safety concepts that are important to executives and board members, and provides practical solutions that
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
The Institute of Risk Management The Institute of Risk Management Accreditation Application Forms Universities and Professional Associations The Institute of Risk Management Accreditation Application Forms
A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Contents Executive summary Introduction Acknowledgements Part 1: Risk, risk management and ISO 31000 1 Nature
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
ERM Program Enterprise Management Guideline Table of Contents PREAMBLE... 2 When should I refer to this Guideline?... 3 Why do we need a Guideline?... 4 How do I use this Guideline?... 4 Who is responsible
TO GAS TRANSMISSION OPERATOR GAZ-SYSTEM S.A. CONTENTS INTRODUCTION 2 Our commitments and values 2 Objectives 3 Scope 3 Application 4 Compliance 4 Cooperation with Suppliers 5 TO GAS TRANSMISSION OPERATOR
St Patrick s Catholic School Risk Management Policy Date 2012 Version No 1 Responsible Person Rodney Linhart Approved By Rodney Linhart Review Date 2016 Related Documents 2a WHS Hazard and Risk Register,
Reputation and the Board Guidance for PR Consultants and Board Directors Contents Foreword... 3 About This Guidance... 4 What is Reputation?... 4 Why is Reputation Important?... 4 Reputation: A Board s
risk decisions 2011 Five steps to Enterprise Risk Management by Val Jonas CEO Risk Decisions Group www.riskdecisions.com management solutions Val Jonas: Five steps to Enterprise Risk Management Five steps
COUNTING THE COST Managing risk, insurance and terrorism produced by NaCTSO wishes to acknowledge the contributions made by many individuals associated with the following organisations: Home Office: The
Page 1 of 6 Coordinate, develop, and manage the sales team to achieve objectives Level 6 Credits 10 Purpose People credited with this unit standard are able to: develop objectives for sales team; evaluate
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
Want to exceed customer expectations and stand out from the crowd? Third party approval of management systems from BRE Global www.bre.co.uk Demonstrate your commitment to quality Quality Management Systems
Care Providers Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Care providers are there to help those in need. But who helps the care
Position Title: Reports To: Marketing Communications Specialist CEO initially Department: Business Services Direct Reports: NA Location: Fairfield or Parramatta Position Purpose: This position is responsible
Emergency Planning and Crisis Management initiatives rolled up into a viable Business Continuity and Enterprise Risk Management Program. Or: How I Learned to Stop Worrying and Love the ERM! Is this You?
MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade
BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of
Integrating Risk Management with Performance Management * Margaret Woods Aston Business School Why Risk Management Matters Sometimes it is the things you don t see that really matter. Source: Enron Corporation
1. Introduction This questionnaire will help you think about your company s efforts towards responsible entrepreneurship by raising questions on the possible ways you could improve your business in a profitable
Procurement of Goods, Services and Works Policy Policy CP083 Prepared Reviewed Approved Date Council Minute No. Procurement Unit SMT Council April 2016 2016/0074 Trim File: 18/02/01 To be reviewed: March
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,
BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification is a unique new certification which
ICSH Guidance Document: Preparing a Risk Register/ Risk Management Plan What is a Risk Register? A Risk Register is a document which outlines the potential threats to the ongoing operation of an organisation,
106 LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 Leicestershire County Council believes that managing current and future risk, both opportunity and threat, is increasingly vital
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.
Need to reassure customers that your cloud services are secure? Inspire confidence with STAR Certification from BSI What is STAR Certification? TM STAR Certification differentiates you from your competition.
Victorian Government Risk Management Framework March 2015 This document reproduces parts of the AS/NZS ISO 31000:2099 Risk Management Principles and Guidelines. Permission has been granted by SAI Global