shaping your culture via risk appetite
TRANSCRIPT
Shaping Your Culture via Risk Appetite Embedding the tone from the top
Prepared for:
StratexSystems Webinar Series 18 October 2012
Page § 2
About StratexSystems
“StratexPoint enabled us to reduce the value of our opera6onal losses by 94%, the volume by 63% and our economic capital provision by 23%” -‐ Head of Opera=onal Risk, HML -‐ Skipton group
Our mission To provide an integrated strategy and risk management solu8ons which enhances strategy execu=on, enhance capital efficiency by 15% and reduce opera=onal losses 25% while providing 100% confidence that your business is opera=ng within appe=te.
Page § 3
Agenda
§ What is Risk Appetite? § What do we mean culture & risk culture ? § Embedding the ‘tone from the top’
Page § 5
The credit crunch and subsequent fall-out is rewriting the rules on strategy execution and risk management
Page § 6
Corporate governance weaknesses related to Risk Appetite contributed to the credit crunch
Supervisors see insufficient evidence of board involvement in seOng and monitoring adherence to firms’ risk appe=te. Risk appe=te statements are generally not sufficiently robust; such statements rarely reflect a suitably wide range of measures and lack ac8onable elements that clearly ar8culate firms’ intended responses to losses of capital and breaches in limits.
Board-‐level engagement in risk oversight should be materially increased, with par8cular aKen8on to the monitoring of risk and discussion leading to decisions on the en=ty’s risk appe=te and tolerance. Remunera=on structures for all such “high end” employees are appropriately aligned with the medium and longer-‐term risk appe=te and strategy of the en8ty. In essence, the obliga8on of the board in respect of risk should be to ensure that risks are promptly iden8fied and assessed; that risks are effec8vely controlled; that strategy is informed by and aligned with the board’s risk appe=te; and that a suppor8ve risk culture is appropriately embedded so that all employees are alert to the wider impact on the whole organisa8on of their ac8ons and decisions.
Page § 7
Organisations are increasingly looking to ‘Risk Management’ as a source of competitive advantage
Neither too cau=ous nor too reckless, the best companies use their risk management capabili=es to adjust either their capacity or their appe=te to make more prudent— and ul=mately
successful— investment decisions.
Source: Accenture 2011 Global Risk Management Study
64%
Almost two-‐thirds of Risk Masters 64% indicate that their risk management capabili=es provide compe==ve advantage to “a great
extent,” compared with only 42% of the peer set.
Page § 8
Evidence suggests many corporate governance weaknesses and Board level challenges still exist
“the Board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic goals.” UK Corporate Governance Code, 2010
21%
“only 21% align their risks with their business strategy”
– Grant Thornton Corporate Governance Review 2011
Where the Board need to spend more =me…
70% Strategy
42% Execu=on
47% Performance Management
67% Risk Management 21%
“Only 21% of directors surveyed claim a complete understanding of their companies’ current strategy”
– Mckinsey Global Survey – Corporate Governance, 2011
“results indicate a need to be0er educate Boards on industry dynamics and how their companies create value...”
Approx. 1500 par=cipants
Page § 9
What is Risk Appetite?
§ The COSO definition provides ‘What, Who, When and Why’ of risk appetite § What: the amount and type of risk § Who: an organisational entity § When: over a defined time horizon § Why: to achieve the objectives of the entity
Risk appe8te is the amount and type of risk that is acceptable to be taken by an organisa8onal en8ty over a defined 8me period, to achieve the objec8ves of that en8ty – COSO Enterprise Risk Management
Risk appe<te sets the boundaries within which strategy is executed
– StratexSystems
Page § 10
Risk Appetite should be integrated into your organisational strategic
framework Business Goals
Business Model
Business Drivers
Internal Analysis External Analysis
Business Objec=ves
Strategy
Appe=te
Appe=te Alignment
Risk Management Performance Management
Appe=te
Iden8fy strengths & weaknesses
Iden8fy threats & opportuni8es
Is our business model fit for purpose?
Is our business model fit for purpose?
Are we opera8ng within appe8te?
Manage threats & opportuni8es
Are we on-‐track to deliver?
Manage strengths & weaknesses
Appe=te
SeYng
Execu8
on
Form
ula8
on
SeOng § From high-‐level strategies to specific business objec8ves § Define specific business objec8ves and appe8te for specific en8ty’s § Alloca8on of scarce resources by en8ty, risk category, product lines
Execu=on § Are we on-‐track to achieve our business objec8ves § Are we opera8ng within appe8te (are we taking too much, or not enough risk?) § Do we have the right level of controls in place to meet internal and external compliance drivers? § Are we aligning our change agenda to our strategic agenda?
Formula=on § Development of high-‐level strategies and alloca8on of scarce resources, including capital § Given our business context, what is our appe8te for risk? § Given our appe8te, have we got the right business model? § Are we comfortable with the assump8ons we have made?
Page § 11
Risk Appetite is the ‘glue’ that brings together Strategy & Risk Management
Performance Management
Risk Management
Strategy Management
Appe=te
What are we trying to achieve?
Are we on track?
What is our Risk Appe=te?
Are we opera=ng within appe=te?
Governance & Communica=ons
Culture
Page § 13
What is Culture?
The thing I have learned at IBM is that culture is everything – Louis V. Gerstner, Jr. former CEO
IBM
Culture Eats Strategy For Breakfast - Peter Drucker
Culture comprises an organisa<on’s widely shared values, symbols, behaviours and assump<ons – Rob Goffee & Gareth Jones
The way we get things done around here
Page § 14
What is Risk Culture?
Risk culture can be defined as the norms and tradi8ons of behaviour of individuals and of groups within an organiza8on that determine the way in
which they iden8fy, understand, discuss, and act on the risks the organiza8on confronts and the risks it
takes.
A robust risk culture is a substan8al determinant of whether a firm is able successfully to execute its chosen strategy within its defined risk appe8te.
Page § 15
Risk Culture Framework
Source: Taking Control of organisa=onal risk culture -‐ McKinsey & Co, 2010
Page § 16
Risk Culture failings fall into relatively predictable categories
§ Disregard for risk § Over-confidence § Business Units evading or distorting risk
management efforts § Risk Management failing emerge, with
no apparent consequences § Sweeping problems under the carpet
§ Assumptions are not challenged § Blind spots as a result of lack of
challenge or excessive challenge § Shoot-the-messenger mentality § Siloed risk management processes
§ Passivity § Not sharing warning signals § Indifference § Denial § Excessive hierarchical organisations no
listening to the front-line § Tribal culture
§ Ignorance § lack of understanding of risk or risk
management issues § Faulty communication of the firms risk
appetite § Failure to be clear about who is in
charge of risk issues § Ignorance can reflect lack of insight
§ Failure to correct bad behaviours § Frequent breaches of procedure,
ignoring of limits, failures to complete reports, or disregard of compliance requirements, can contribute to issues above
§ Excusing the behaviour of those who are generating high revenue volumes
§ Focusing on ‘hit’ while overlooking ‘Near Misses’
§ Failure to send the correct signals
Page § 17
Culture was seen as a main contributory factors to the Libor scandal
We place considerable emphasis on the CEO seDng the right culture, risk appe6te and control framework….
Hector Sans, FSA
Page § 18
In the wake of a $3B fine for mis-selling drugs, GSK are transforming their culture
A culture of putting patients first is our priority
Page § 20
The Right Culture should ensure…
The right people…
Are doing the right things…
At the right =me…
With the right amount of challenge…
To seize opportuni=es and manage threats…
While opera=ng within appe=te
Page § 21
The seven key characteristics of a Strategy-focused, Risk-aware culture
Strategy-‐focused, Risk-‐aware culture
1. Driven by a compelling vision
2. Live by a clear set of values
3. Led with integrity
4. Align risk-‐taking to strategy
7. Incen=ves are aligned to appe=te
6. Engage in high quality conversa=ons
5. Established clear accountabili=es
Page § 23
Tone from the top is critical is shaping culture
Vision Mission Values
Shareholder value
Risk Appe=te
Processes
Key Controls
Tone from the Top
What we do on a day-‐to-‐day basis
What we think on a day-‐to-‐day basis
Strategy
Controls Risks indicators
Shared values Behaviours
Incen=ves Leadership
Symbols
Page § 25
Using drivers to frame appetite setting enables the Board to set clear a clear ‘tone from the top’ and operating boundaries
Business drivers
Capital
Income
Reputa=on
Shareholder value
Share price
Economic value add
Profit
Strategy
Align Risk-‐taking to Strategy
Manage Risk
Manage Performance Appe=te
Governance Communica=on
Culture
Appe=te
Page § 26
Using drivers to frame appetite setting enables the Board to set clear a clear ‘tone from the top’ and operating boundaries
Business Drivers Low Moderate High Extreme Capacity Limit
Income X% Capital @Risk
X% Capital @Risk
X% Capital @Risk
X% Capital @Risk
Capital Up to X £M
X £M to Y £M
X £M to Y £M
X £M to Y £M
Above X £M
Reputa=on Up to X vol.
Bad coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Page § 27
Using drivers to frame appetite setting enables the Board to set clear a clear ‘tone from the top’ and operating boundaries
Business Drivers Low Moderate High Extreme Capacity Limit
Income X% Capital @Risk
X% Capital @Risk
X% Capital @Risk
X% Capital @Risk
Capital Up to X £M
X £M to Y £M
X £M to Y £M
X £M to Y £M
Above X £M
Reputa=on Up to X vol.
Bad coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Up to X vol. Bad
coverage
Page § 28
Those same drivers are used in the risk assessment process
Capital @Risk
Reputa=on @Risk
Impact x Likelihood (over a =me horizon)
Page § 29
Appetite Alignment Matrix is a key tool for monitoring the alignment of Risk-taking to Strategy
§ Enabling monitoring of risks which are outside of Appe8te
§ Shows where we are taking to much and not enough risk
§ Changes the risk conversa8on
§ Answers the ques8on:
Are we opera=ng with in Appe=te?
Page § 32
An accountabilities model is ‘baked’ into our solutions
“The buck stops here”
Those with Yes/No authority related to the objec8ve, risk or
control.
“Keep in the loop”
Those involved prior to decisions or ac8on related to the objec8ve, risk or control.
“The doers”
Those people working on delivering the objec8ve, managing the risk or applying the control.
“Keep in the picture”
Posi8on(s) that need to know about decision or ac8on related to the objec8ve, risk or control.
P
Page § 34
Our solutions provide a number of ‘tools’ to help embedding the tone from the top
Strategy Map Risk Map
Appetite Alignment Matrix
Page § 35
About StratexSystems
“StratexPoint enabled us to reduce the value of our opera6onal losses by 94%, the volume by 63% and our economic capital provision by 23%” -‐ Head of Opera=onal Risk, HML -‐ Skipton group
Our mission To provide an integrated strategy and risk management solu8ons which enhances strategy execu=on, enhance capital efficiency by 15% and reduce opera=onal losses 25% while providing 100% confidence that your business is opera=ng within appe=te.
Page § 37
Examples of where our solution has added real and tangible business value
60%
23%
182
Op losses HML seen a 60% reduc8on in opera8onal losses within 18 months
Regulatory capital HML also seen a 23% reduc8on in regulatory capital
Ini8a8ves Consolidated global pormolio of major ini8a8ves to enable single view of status & risk