Strategic ERM Atlanta RIMS Educational Conference Donna Galer

Transcription

1 Strategic ERM 2016 Atlanta RIMS Educational Conference Donna Galer

2 ERM Should Always Be Strategic Enterprise Risk Management (ERM): to manage risk holistically and horizontally across an organization. Both insurable and non-insurable risks are identified within all facets of the enterprise beginning with the major risks which could specifically negate the ability to accomplish the organization s strategic goals and objectives. Next, risks are prioritized and addressed while proactive monitoring and reporting are also being performed. 2

3 Role of Risk Manager R I S K S Insurance Buyer Transfers P&C risk cost effectively Risk Manager Uses more sophisticated approaches, SIRs, captives, Cat Bonds to finance risk. Chief Risk Officer Identifies all risks, including strategic risks & builds horizontal alliances through the organization to manage risk. O P P O R T U N I T I E S 3

4 Why Identify Strategic Risk? Strategic risks are different than non-strategic risks. In an ERM approach, they are the purview of risk management. The creators of the organization s strategy may not be in the best position to identify the risks associated with the strategy, yet it is necessary to address such risks. Strategic risks tend to pose more existential threats to the organization than non-strategic risks tend to do. 4

5 What Is Strategic Risk Risk that would more directly impact achieving the strategic direction or goals Risk that would seriously impact the organization s ability to carry out its core mission 5

6 What Are Examples of Strategic Risk? Strategic Risks/uncertainties around major product line Risks/uncertainties around target customer segments Risks/uncertainties around an M&A Risks/uncertainties around expansion into new geographies Risks/uncertainties around the preparedness to deal with a sizeable disaster Non-strategic Risks/uncertainties around protection of properties that are not mission critical Risks/uncertainties around new internal processes that are not customer facing or will not seriously affect achievement of strategic objectives or mission delivery Risks/uncertainties around internal policies that have little impact on strategic goals and objectives. 6

7 Non-Strategic Does Not Mean Unimportant Each risk must be weighed on its own merits i.e. the potential impact to the organization s profitability and future sustainability needs to be objectively estimated. Both strategic and non-strategic risks can be significant. 7

8 Strategic and Non-Strategic Risks Vie For Space In Heat Maps 8

9 I How Did These Companies Handle Strategic Risk? British Petroleum (BP) Circuit City Eastman Kodak 9

10 BP: Total $ Cost of Deep Water Horizon Oil Spill (11 people died) BP Agrees to Pay $18.7 Billion to Settle Deepwater Horizon Oil Spill Claims Settlement of all federal and state claims brings total costs to nearly $54 billion While the proposed settlement would resolve some of BP s biggest liabilities, the litigation over the spill isn t entirely over. The company faces about 3,000 civil cases in U.S. and foreign courts, which include lawsuits brought by shareholders, and has yet to set aside money for those potential costs. Wall Street Journal Online By DANIEL GILBERT & SARAH KENT Updated July 2, :31 p.m. ET 10

11 Strategic Risks??? Tony Hayward became CEO of BP in He was dubbed the Safety CEO. Most of all, Hayward would change BP s careless corporate culture; he pledged in an early speech to focus like a laser on safety. He outlawed carrying an unlidded coffee cup through the office, he banned texting while driving. 11

12 Strategic Risks The risk inherent in not having up to date control equipment that avoids critical incidents from occurring The risk inherent in a culture that fails to heed warning signs of deep water leaks or breaks while focusing on minor risks The risk inherent in not having contingency plans for when disasters, such as major deep water leaks, occur The risk inherent in a lack of public relations protocol for when disasters, such as major deepwater leaks, occur 12

13 Circuit City After the final date of operation for all Circuit City stores, the company's online store was replaced with a page that read as follows: Circuit City would like to thank the millions of customers who have shopped with us during the past 60 years. Unfortunately, we announced on January 16, 2009, that we are going out of business. Wikipedia "Circuit City". March 9, Archived from the original on Retrieved September 17, The brand Circuit City was purchased during bankruptcy and may be used again. 13

14 Strategic Risks The risk inherent in over-expansion The risk inherent in changing compensation systems The risk inherent in a lack of innovation The risk inherent in M&A/Divestitures 14

15 Eastman Kodak Kodak Moments Just a Memory as Company Exits Bankruptcy Eastman Kodak Co., the photography pioneer overcome by digital competition, emerged from bankruptcy today as a commercial-printing company that sells nothing to consumers. Bloomberg by Beth Jinks September 3, :05 PM EDT 15

16 Strategic Risks The risk inherent in disruptive technologies -digitization The risk inherent in customers changing lifestyles internet communication, social media The risk inherent in not being first to market with new products The risk inherent in not being innovative with product line 16

17 How To Achieve Strategic ERM Prerequisites: Board or CEO must want strategic ERM The CRO s (or whoever leads the ERM process) remit must include strategic risk assessment CRO must have strong general business knowledge CRO must be involved or, at least, be privy to strategic discussions, decisions and documents CRO must be able to engage with senior managers from various parts of the enterprise to gather information, input and feedback, preferably CRO chairs a risk committee of such senior managers 17

18 Legitimizing The Scope Board and/or CEO must want strategic ERM The CRO s (or whoever leads the ERM process) remit must include strategic risk assessment 18

19 Gaining Credibility For CRO CRO have strong general business knowledge Do risk managers need to augment their knowledge base and improve their skill sets to earn a seat at the table for strategic risk discussions? Advisen/FM Global Enhancing risk managers strategic influence October

20 RMs Have To Be Concerned About What Concerns the CEO and C-Suite The answers are complex..but depend even more so on risk managers aspirations and willingness to challenge the status quo, senior management and board of directors attitudes towards risk and risk management, how thoroughly risk management is embedded within an organization s corporate governance framework, and how effectively risk managers translate their risk vocabulary into the language of growth and financial performance. Advisen/FM Global Enhancing risk managers strategic influence, October

21 Ensuring Needed Information Is Available CRO must be involved or, at least, be privy to strategic discussions, decisions and documents 21

22 Getting the Necessary Perspectives Involved CRO must be able to engage with senior managers from various parts of the enterprise to gather information, input and feedback, preferably CRO chairs a risk committee of such senior managers 22

23 ERM and Strategy Form a Natural Intersection SWOT Analysis Used In All Strategic Planning Strengths Weaknesses Opportunities Threats 23

24 Opportunities and Threats Are Uncertainties Uncertainties Opportunities Threats 24

25 Strategic ERM Helps To Mitigate Threats But Can Also Help With Opportunities and Risks To Those Opportunities ERM focuses on the risks that need to mitigated. Threats 25

26 How To Approach Identification of Strategic Risks What are the strategy and goals What is the core strategy What strategic goals exist What risks could affect achieving goals What plausible risks to the strategy exist? What plausible risks to achieving specific strategic goals exist? Prioritize, mitigate, monitor risks Prioritize risk (impact, likelihood) Develop action plans to address most significant risks or modify strategy/goals 26

27 Risk Categories That Tend To Be More Strategic Competitive Marketplace Risks Product Line Risks Distribution Risks (Disruptive Technologies) Geopolitical Risks (Involving Whole Countries or Industries) Customer Risks (Demographic Shifts, Buying Habit Changes) Macro-economic Risks Reputational/Brand Risks 27

28 Ten Years Ago Strategic risk management needs to examine how well a business strategy will perform under different scenarios and events. It must look closely at scenarios where the strategy could perform so poorly that it could potentially result in significant losses, destruction of shareholder value, or a damaged corporate reputation. When Strategy and ERM Meet by Mark Frigo, January 2006 (Presented at the 2006 RIMS Annual Conference) 28

29 Our New Book Discusses Strategic ERM 29