Risks are Key, Processes Follow. Michiel Schuijt Chief Risk Officer, Mn Services

Transcription

1 Risks are Key, Processes Follow Michiel Schuijt Chief Risk Officer, Mn Services

2 Mn Services & Our Risk Management Philosophy 8 June 2011 ProcessWorld

3 Pension Companies in the Netherlands APG Groep 250 Billion euro PGGM 100 Mn Services 71 Blue Sky 12 SPF 13 BlackRock 20 ING / AZL 25 ) Syntrus Achmea 33 F&C Netherlands 35

4 Company profile Mn Services Mn Services administrates the pension plans for a range of pension funds in the Netherlands Some 1.9 million Dutch people rely on Mn Services for their pensions With assets under management of 71 billion Mn Services is in the top three pension investment managers in the Netherlands 980 fte in two countries (NL / UK) 8 June 2011 ProcessWorld

5 Challenge: Increase Risk Management Maturity Own ambition Mn Services organisation Positioning as a reliable business partner Balance between business and threats (management information) In Control Statement itself is not the objective, but appliances Driven by law and regulation and the supervisors Comply (demonstrable) to law- and regulations Adequate response on (changing) law- and regulations Pension funds are on the radar of Supervisors Driven by client responsibility (outsourcing activities) 8 June 2011 ProcessWorld

6 Risico Risk Management framework Audit Committee Commissie 8 June 2011 ProcessWorld Mn Services: Lines of Defense internal external Toezichthouders Regulator External Extern supervision toezicht Externe External accountant Externe External beoordeling evaluation Derde Third beheersings - line of defence - lijn Tweede Second beheersings - line of defence lijn Internal audit audit Control Risk Compliance Management Reguliere Regular testing toetsing van of framework het framework Coordination Co ö rdinatie Ontwikkeling Development of van policies beleid en and rapportage reporting structuur structure Audit Commissie Eerste First beheersings - line of defence lijn Besturingsprocessen Control processes Primaire Primary processes processen Ondersteunende Supporting processes processen Uitvoering Execution of van policies beleid Dagelijkse verantwoordelijkheid Daily accountability Rapportage Reporting & management info

7 Risks are Key, Processes Follow Analysis Processes consist of lots of controls Not always clear why controls are implemented, to comply to what law & regulation or to mitigate what risk(s) No visible balance between effort and cycle time (costdrivers) versus effectiveness (revenue-driver) Layer of Drivers Layer of Processes New Law Law New Objectives New Risks Risks Decision Objectives and Risk Identification as staring point Processes follow: possibly new/changed/outsourced Risk and Control Assessment results, created issues, are input for (flexible) processes Mn Services uses a top-down Risk based approach, with a flexible Process layer as intermediate. Layer of assessment results Risk Assessments Results (Losses) Control Assessments Results Created Issues Sign-off ISAE,ERM 8 June 2011 ProcessWorld

8 Enterprise Risk Management Implementation enabled by the ARIS Platform 8 June 2011 ProcessWorld

9 8 June 2011 ProcessWorld Enterprise Risk Management ERM ERM ISAE SAS 70 Financiële Financial verantwoording Beheersmaatregelen Controls audited Geaudit ERM covers ISAE and SAS70 as well COSOII ERM Framework is starting point of the program ERM processes are designed in ARIS Mn Services is in the middle of executing them, let s guide you through our ERM process Management assurance Risks Strategic, Tactical & Operational risks Strategisch, Tactisch & Operationele risico s All processes in scope Alle processen in scope Tested, Audited and Reported getest, geaudited& gerapporteerd In Control Statement In controlstatement

10 8 June 2011 ProcessWorld Decide on ERM Ambition Minimum Common Good Best Period of time declaration Ad hoc Year end Whole year Continuous Range F F/O/S/C Integrated F/O/S/C Certainty Limited IAD indirect Monitoring + IAD Risk paragraph Limitative generic list Enumeration Control framework Unstructured Structured Descriptive + impact and vulnerability Materialiteit driven Business control Not described Described Principle based Business-driven F/O/S/C Automated + integrated montoring Scenario s + choices Business-driven Leading cultural assessment Risk assessment BU / Process Ad hoc Incident driven Periodically Yearly (Year planning cycle) Integrated part of decision making Framework Unstructured Individual Structured Bottom up No Materialiteit Structured Top down Materialiteit Systematic Business-driven Governance Not described Unclear Described Silos Alignment Strengthening Awareness Limited Control Management Integrated part of business

11 Perspective Perspective Perspective Perspective Strategy Top Management identifies Objectives & Strategic Risks Workshops with: Top management identifying Strategic Risks Middle management identifying Tactical Risks Alignment of all Risks and their relation to Objectives and Processes Rel. perspectives Cause-and-effect Cause-and-effect Cause-and-effect CEO, Ruud Hagendijk (middle) Waarde voor aandeelhouders op lange termijn Realisatie rendement van 15% van de verwachte omzet in 2012 Bijdrage aan strategische ambities opdrachtgevers dmv een optimale integrale dienstverlening Realisatie financieel resultaat Groei in UK Verstevigen fundament Financieel Professionele dienstverlening Verhogen klanttevredenheid Behoud klantenbestand vermogensbeheer Besturing klantrelatie Klanten Versterken propositie processen en organisatie Succesvolle bediening nieuwe opdrachtgevers Organisatie inrichting Realisatie projectenportfolio (IPP) Verstevigen fundament Compliancy en invoeren risk management Interne Processen Leren en groeien Optimale inzet medewerkers Ontwikkeling medewerkers Formatie Innovatieve processen en systemen Huisvesting CFO, Kor Bosscher (right) 8 June 2011 ProcessWorld

12 8 June 2011 ProcessWorld Perform Risk Assessments Define Key Risks Planning assessments Execute Assessments and Reviews Decide on Risk response Reports

13 8 June 2011 ProcessWorld Implement and Monitor Control Activities Controls implementation & testing Issue solving Monitoring results Information and Communication

14 8 June 2011 ProcessWorld Compliance Management Compliance is integrated in ERM approach: same control to mitigate a risk and to comply to regulation Electronic Publisher provides relevant law & regulations (towards ARIS) Impact Analysis in ARIS to decide on actions

15 Business Benefits & Lessons Learned 8 June 2011 ProcessWorld

16 8 June 2011 ProcessWorld Benefits ERM within Mn Services ERM gives more insight than only Financial Risks Increased efficiency,by integration controls for SAS70 / ISAE and ERM and by that a decrease of test effort and number of issues Process improvement, processes became more lean: many controls from the past are abolished, because they simply added no value; new process controls are implemented, mitigating several risks and complying to multiple articles at once More risk awareness and better alignment of Risk Framework Mn Services with those of customers Keep competitors ahead by demonstrable In Control and better protection of the image of Mn Services

17 8 June 2011 ProcessWorld Risks are Key (to success), Thanks for Your Attention! Michiel Schuijt, CRO Processes Follow