maximising business value through enterprise risk management
Post on 19-Oct-2014
653 views
DESCRIPTION
This slide deck is one that I presented in Sydney in 2010. It highlights the link between governance, risk and compliance and how GRC is used to identify and maximise business value.TRANSCRIPT
![Page 1: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/1.jpg)
Maximising Business Value Through ERM
![Page 2: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/2.jpg)
1. Enterprise Risk Management
2. Risk Governance
3. Policy Compliance
4. Capital Budgeting
What am I on about … ?
![Page 3: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/3.jpg)
What is Enterprise Risk Management?
Best way to manage uncertainty to minimise
loss / threat
Needs to be holistic, no silos
Aligned with business objectives
![Page 4: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/4.jpg)
Rare Unlikely Possible Likely Almost Certain
Severe M H H VH VH
Major M M H H VH
Moderate L M H H H
Minor L L M M H
Negligible L L M M H
Impact: Business Assessment Likelihood: Technical Assessment
Risks need to be identified in a consistent manner. Ensure that you have
Both technical and business input on the assessment.
![Page 5: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/5.jpg)
Business Owner
What are you doing about the risk?
What is the result?
Create a place to store the risks and ensure you capture the appropriate
information that will help you manage those risks
When do we check it?
![Page 6: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/6.jpg)
What is Risk Governance?
Guiding coalition that will drive your risk strategy
Decision making framework for ownership and
treatment of risk
![Page 7: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/7.jpg)
Risk governance provides a way of streamlining the decision making processes related to risk ownership and treatment.
Who gets to make the decisions?
![Page 8: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/8.jpg)
Where does compliance fit in?
External Compliance - PCI-DSS; SOX; Privacy Act
Internal Compliance – Capital ratios; Security Policy
All compliance requirements should be internalised and
managed in accordance with your ERM framework.
![Page 9: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/9.jpg)
Policy exemptions should be assessed on risk and managed through your ERM Framework.
Risk Assessment
Governance
![Page 10: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/10.jpg)
What do we do about the finance decision?
Return on Investment (ROI) and Payback Period are only
financial ratios
Net Present Value (NPV) takes time and risk into account
Capital budgeting analysis using NPV requires us to identify
cashflows over the life of the project.
Use ERM framework to identify indirect cashflows
![Page 11: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/11.jpg)
Negative NPV: Project Declined!!
By incorporating indirect cashflows we can improve NPV
NPV Calculation without using ERM @ Discount Rate of 9%
NPV Calculation using ERM @ Discount Rate of 9%
Positive NPV: Project Approved!!!
Indirect cashflows
![Page 12: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/12.jpg)
In Summary…
ERM is all about managing uncertainty
Governance helps to identify decision makers and
streamline decision making processes
All compliance requirements should be internalised and
managed through a risk based approach
![Page 13: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/13.jpg)
In Summary…
Through identification of non-compliance instances we can
identify indirect cashflows associated with new projects.
Use NPV to incorporate those indirect cashflows into the
capital budgeting process.
By aligning compliance obligations to business initiatives
we can maximise the business value through ERM.
![Page 14: Maximising Business Value Through Enterprise Risk Management](https://reader033.vdocuments.us/reader033/viewer/2022042713/5444bf42b1af9f740a8b4a87/html5/thumbnails/14.jpg)
Questions …. ?
LEAD THE CHANGE…