Quantitative Enterprise Risk Management (ERM) Assessment

Similar documents
POLICY. Number: Title: Enterprise Risk Management. Authorization

Analyzing Risks in Healthcare. February 12, 2014

Enterprise Risk Management & Information Technology

San Francisco International Airport Enterprise Risk Management

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Performance Measures for Internal Auditing

Principled Performance & GRC

FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund

Risk Management Policy and Framework

Risk Management Procedure

CORP RISK MANAGEMENT POLICY & METHODOLOGY

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

ERM Program. Enterprise Risk Management Guideline

Privacy Management Program Toolkit Health Custodians Personal Health Information Act

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Incorporating Risk Assessment into Project Forecasting

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Crosswalk Between Current and New PMP Task Classifications

Fraud Risk Management

ASAE s Job Task Analysis Strategic Level Competencies

Policy : Enterprise Risk Management Policy

The Lowitja Institute Risk Management Plan

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

PMI Risk Management Professional (PMI-RMP ) - Practice Standard and Certification Overview

The Agile PMO. Contents. Kevin Thompson, Ph.D., PMP, CSP Agile Practice Lead cprime, Inc E. Third Avenue, Suite 205 Foster City, CA 94404

Manager, Corporate Planning & Reporting BC Oil & Gas Commission, Victoria Applied Leadership. Office of the Commissioner - Corporate Affairs

Risk Management Guide

ENTERPRISE RISK MANAGEMENT POLICY

Integrated Risk Management:

PROJECT MANAGEMENT PLAN CHECKLIST

How quality assurance reviews can strengthen the strategic value of internal auditing*

B408 Human Resource Management MTCU code Program Learning Outcomes

Portfolio Carbon Initiative

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

Enterprise Risk Management

Frank P.Saladis PMP, PMI Fellow

STANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices

SECURITY RISK MANAGEMENT

Moving Forward with IT Governance and COBIT

Aligning Compliance Program Priorities with Business Objectives

Risk Assessment & Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Competency Requirements for Executive Director Candidates

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Project Portfolio Management: James C. Brown Sr. Manager, Research PMO Pioneer Hi-Bred International

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

PUBLIC HEALTH Nurse. L. Michele Issel, PhD, RN University of Illinois at Chicago School of Public Health

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Department of Infrastructure and Planning: Governance Framework for Infrastructure Delivery Special Purpose Vehicles

ENTERPRISE RISK MANAGEMENT FRAMEWORK

How to stay competitive in a converging healthcare system kpmg.com

Project Governance Or Is It Governance of Projects?

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

Discipline: Technical Services Category: Procedure. Risk Management RM Applicability. ARTC Network Wide. Interstate Network.

and Risk Tolerance in an Effective ERM Program

Developing an Effective Enterprise Risk Management Program

Portfolio Management Professional (PfMP)SM. Examination Content Outline

Periodic risk assessment by internal audit

SAMPLE NPO SOCIETY FINANCIAL STATEMENTS. August 31, 2011

PRIORITIZING CYBERSECURITY

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

Matthew E. Breecher Breecher & Company PC November 12, 2008

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Audit of the Management of Projects within Employment and Social Development Canada

Third Party Risk Management 12 April 2012

AUSTSWIM Strategic Plan January 2014 December 2017

How to achieve excellent enterprise risk management Why risk assessments fail

Quality Assurance Checklist

SAI GLOBAL LIMITED Risk Management Policy

CLASSIFICATION SPECIFICATION FORM

The Communications Audit NEVER MORE RELEVANT, NEVER MORE VALUABLE:

Data Protection Breach Reporting Procedure

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Qlik UKI Consulting Services Catalogue

RISK MANAGEMENT FOR INFRASTRUCTURE

GAINING CONTROL: Building Your Existing Framework into an ERM Model

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

Solihull Clinical Commissioning Group

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Membership in Global Business Group on Health (GBGH)

Stakeholder Engagement Planning Overview

NHS Procurement Dashboard: Overview

ISO :2005 Requirements Summary

The Value of Vulnerability Management*

Nonprofit risk management

Sound Transit Internal Audit Report - No

Risk-Based Assessment and Scoping of IV&V Work Related to Information Assurance Presented by Joelle Spagnuolo-Loretta, Richard Brockway, John C.

PMP Exam Prep Training - 5 Days

Business Principles September 2014

RISK ASSESSMENT. Australian Risk Management Standard AS/NZS 4360:200 defines a risk as;

Building Trust in Communications

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

The Evolution of HR Audits

Program Management Professional (PgMP) Examination Content Outline

Transcription:

Quantitative Enterprise Risk Management (ERM) Assessment Using @RISK Palisade 2013 Risk Conference November 20-21, 2013 Dr. Mark Krahn, Ph.D., PMP Revay & Associates Ltd. Calgary, Canada 1

Sub-title: The quantitative project risk consultants approach to ERM assessment 2 2

Set the context Revay Entrance into ERM ERM Definition Challenges Two Case Studies Approaches to ERM Qualitative and quantitative ERM assessment Agenda Conclusions lessons learned 3 3

About Revay 4

Risk Management Dispute Resolution Management Consulting Project Management Calgary (403) 777-4900 Montreal (514) 932-2188 Ottawa (613) 721-6801 Toronto (416) 498-1303 Vancouver (604) 737-2005 Wilmington (302) 427-9340 www.revay.com 5

Project event risk Getting into the ERM Business Identify risks that don t fit project or operations buckets Cost and schedule assessment of certain risk areas Health Safety Environment Project risk clients wanting more 6 6

ERM Context 7

Growing Interest in Risk Management Project Risk Risk management is the fastest growing area of interest in project management (several sources) Project management is among the top 3 skills most desired by employers (other two are leadership and business analysis) (US News and World Report) Enterprise Risk 26% of executives believe having the ability to analyze value and risk is the most important skill in their arsenal 50 percent of executives rated it as the first or second most important skill ( Deloitte Survey) 8 8

Enterprise / Project / Operations Context Mission Increasing Structure / Hierarchy Opportunities Strategic Goals Lessons Learned Operations Corporate Values Clarity / Alignment Practicability Practicality (Resources) Correct Metrics (Goals) Measurability (Success) Priority (Utility Factor) Strategic Planning Deliverables Projects Handover Sustainability Health and Safety Environmental Property Damage Public Liability Reliability Operations Organization Staff Resourcing Public Relations Criminal Liability Cost Time Quality (Scope) Detail Planning Project Environment Project Economics Project Organization Start-up and Commissioning Tactical Planning 9 9

What is ERM? Methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives and corporate strategy (Wikipedia) Process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings 10 10

Honest Definition! Is difficult to define, but generally it's a relatively new (less than a decade old) management discipline that calls for corporations to identify all the risks they face, to decide which risks to manage actively, and then to make that plan of action available to all stakeholders (not simply shareholders) as part of their annual reports Question How? 11 11

Why Growing Interest in ERM? 20,000 staff Over 100B in revenue (2000) "America's Most Innovative Company" for six consecutive years. Bankrupt in 2001 due to many factors including elaborate and creatively planned accounting fraud and corruption Ripple effect: Investors and employees lost everything Creation of Sarbanes-Oxley Act Dissolution of Arthur Anderson 12 12

Sarbanes-Oxley Act Recent ERM Trends Section 404 requires U.S. publicly traded corporations to utilize a risk control framework in their internal assessments NYSE Corporate Governance NYSErequires the Audit Committees of its listed companies to disclose and discuss risk exposure and risk management policies Standard & Poor's (S&P) debt rating Includes ERM and risk assessment metrics 13 13

ERM Risk Framework ISO 31000-International Standard for Risk Management 14 14

Operational risk Reputational risk Strategic risk Personal Safety and Health risk Financial risk Environmental / Containment risk Productivity/Morale risk ERM Risk Categories 15 15

Example -ERM Risk Descriptors People Information Property Insignificant Negligible Moderate Extensive Significant Minor injury or first aid treatment Compromise of information otherwise available in the public domain. Injury requiring treatment by medical practitioner and/or lost time from workplace. Minor compromise of information sensitive to internal or sub-unit interests. Minor damage or vandalism Minor damage or loss of to asset. <5% of total assets Single death and/or multiple Major injury / hospitalization Multiple deaths major injuries Compromise of information sensitive to the organizations operations. Damage or loss of <20% of total assets Compromise of information sensitive to organizational interests. Extensive damage or loss <50% of total assets Compromise of information with significant ongoing impact. Destruction or complete loss of >50% of assets Econonic 1% of budget (organizational, division or project budget as relevant) 2-5% of annual budget 5-10 % of annual budget > 10% of budget > 30% of project or organizational annual budget Reputation Local mention only. Quickly forgotten. Freedom to operate unaffected. Selfimprovement review required Scrutiny by Executive, internal committees or internal audit to prevent escalation Short term local media concern. Some impact on local level activities Persistent national concern. Scrutiny required by external agencies. Long term brand impact. Persistent intense national public, political and media scrutiny. Long term brand impact. Major operations severely restricted. International concern, Governmental Inquiry or sustained adverse national/international media. Brand significantly affects organizational abilities. Capability Minor skills impact. Minimal impact on non-core operations. The impact can be dealt with by routine operations. Some impact on organizational capability in terms of delays, systems quality but able to be dealt with at operational level Impact on the organization resulting in reduced performance such that targets are not met. Organizations existence is not threatened, but could be subject to significant review. Breakdown of key activities leading to reduction in performance (eg. service delays, revenue loss, client dissatisfaction, legislative breaches). Protracted unavailability of critical skills/people. Critical failure(s) preventing core activities from being performed. Survival of the project/activity/organization is threatened. 16 16

17 17

Key Challenges of ERM Establishing a common risk language or glossary. Developing action plans to ensure the risks are appropriately managed. Developing consolidated reporting for various stakeholders communication strategy Monitoring the results of actions taken to mitigate risk. Implementing a risk-ranking methodology to compare and prioritize risks within and across functions. 18 18

Questions: Risk Ranking Methodology Challenge How do you compare risks in different categories? How do you know what the top overall risk are? How do you know how significant the risks are on a relative basis (vs. the corporate objective, vs. another risk)? How do you know what the overall impact of the risks are on the organization s strategic goals? How likely is the organization to achieve its strategic goals? 19 19

KISS principle Keep it Simple! Solution to ERM Problems Apply project risk management principles Single qualitative and quantitative scale ** Key is to find the impact currency that allows all risk categories to be scored (risk impacts) on the same scale Utils (Utility) 20 20

Case Study 1 Growing International Airport 21 21

Case Study 1 Growing International Airport Unique location International airport Undergoing a major expansion (new $250M Terminal) New runway coming in future 22 22

Case Study 1 -Context of ERM Comprehensive strategic planning complete prior to ERM assessment Key Success Drivers (KSDs): Optimized Customer Experience (40%) To Lead a High Performing Airport Team (25%) To Achieve Environmentally Responsible, Sustainable and Profitable Growth (20%) To Foster Effective Stakeholder Relationships (15%) Each KSD area is broken into various Corporate Objectives with weightings 23 23

Corporate Objectives Example KSD1 Optimized Customer Experience (40%) Weight Corporate Objectives 5% 1.1 Achieve 100% Operational Status within the parameters of the Airport Operating Certificate. 3% 1.2 Play a lead role in the CRISP Air Transportation Process 15% 1.3 Implement the 2012 Phase of the Major Capital Project 2% 1.4 Implement the 2012 Maintenance Capital Expenditure Plan 4% 1.5 Develop and implement the 2012 Phase of the Customer Satisfaction Plan, including participation in the ACI/NA Benchmarking Metrics Survey and the development of branding for YMM and Team FlyFortMac. 5% 1.6 Achieve the 2012 Phase of Optimal Air Service 3% 1.7 Achieve and implement the 2012 Phase of a Management Contract for the Fort Chipewyan Airport (YPY) 3% 1.8 Continue the 2012 Phase of the process to achieve International Airport Status 24 24

Single Scale Utils Approach Risks and opportunities identified around each corporate objective The utils is the impact on the weighting percentage should the risk occur Scale Probability Impact (Utils)* VH Very High > 67% > 2% (>200) H High 33-67% 1 2% (100-200) M - Moderate 10-33% 0.5 1% (50-100) L - Low 1-10% 0.1 0.5% (10-50) VL Very Low < 1% < 0.1% (<10) *Percent impact is a direct reduction to the percent impact of the Corporate Objectives weghting 25 25

ERM Risk Register 26 26

OVERALL RISK SCORE 600 500 400 300 200 100 0 OVERALL RISK SCORE PRE-ACTION RISK CRITICALITY PROBABILITY POST-ACTION Very High 5 10 15 20 25 High 4 8 12 16 20 Moderate 3 6 9 12 15 Low 2 4 6 8 10 Very Low 1 2 3 4 5 IMPACT Very Low Low Moderate High Very High Dashboard 60 PRE-ACTION RISK COUNT AND CRITICALITY 60 POST-ACTION 50 50 40 40 30 30 20 20 10 10 0 0 KSD1: Optimized Customer experience 200 180 160 140 120 100 80 60 40 20 0 KSD2: Lead a High Performing Team 200 180 160 140 120 100 80 60 40 20 0 KSD3: Responsible Sustainable Growth 200 180 160 140 120 100 80 60 40 20 0 KSD4: Effective Stakeholder Relationships 200 180 160 140 120 100 80 60 40 20 0 27 27

Case Study 2 Oil Development Joint Venture 28 28

Context of ERM within JV No formal strategic planning had been completed beyond creation of JV) No KSD s or specific corporate objectives Approach was to take a leadership role in helping the JV determine their strategic plan and corporate objectives Questionnaires Conducted interviews Facilitated workshops and discussions to develop alignment around the key corporate objectives to be assessed through ERM 29 29

ERM Model 30 30

ERM Model 31 31

ERM Matrix 32 32

Goals/objectives ERM Approach -Lessons Learned There must be specific corporate goals/objectives in place in order to conduct ERM Clear, concise and well-understood Education Risk team, management, stakeholders must understand and buy-in to the methodology, approach, expected outcomes Results Must be clear, transparent and well-understood 33 33

Next steps for Revay June 2013 Calgary experienced its worst flood ever 34 34

Emergency Response Planning Next steps for Revay 35 35

Thank you! 36 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information