Enterprise Risk Management: Getting your organization started, and improving corporate results John...
-
Upload
cynthia-dennis -
Category
Documents
-
view
218 -
download
1
Transcript of Enterprise Risk Management: Getting your organization started, and improving corporate results John...
Enterprise Risk Management: Getting your organization started,
and improving corporate results
John R.S. FraserSenior Vice President, Internal Audit & Chief Risk OfficerHydro One Networks Inc. For Directors Global & Grant Thornton LLP – TorontoDecember 2, 2010
Summary of Presentation
1. Background on Hydro One (2 - 4)
2. ERM Concepts and Clarifications (5 – 8)
3. Policy and Framework (9)
4. Risk Criteria (Tolerances) (10 – 13)
5. Corporate Risk Profile (14 – 18)
6. Risk Workshops (19 – 24)
7. Business Planning (25 – 27)
8. Conclusion (28 – 32)
1
Background on Hydro One 2
Background on Hydro One
• Ontario’s primary electricity transmission & distribution company
• One of the largest Tx companies in N.A.
• $15.8 B of assets
• $4.7 B of annual revenue
• $1.5 B annual capital and maintenance spend
• 5,400 employees
The Changing Electricity Marketplace in 2000
• Unprecedented change within the industry (Re-regulation, Commercialization, Reorganizations)
• Ontario Hydro broken up in April 1999
• Commercial Board of Directors appointed
• Asset Management Model introduced
• Retirement of 20% of workforce in 2000
• Purchased 88 municipal electric utilities in 2000
• For 2002, an IPO and Market Opening (unbundled bills)
3Background on Hydro One
History of ERM at Hydro One
• Previous attempts that did not engage
• Organizational realignment with CFO led to rethink
• Can the Head of Audit be the CRO?
• January 2000 - New Beginnings
• 2000 – 2003: Full Steam Ahead
• 2004 – Present: Sustainment
• 2011 - Regeneration
4Background on Hydro One
Is there a need in your organization ?
• Amount of change in the organization and/or industry
• Amount of change in senior management
• Appetite for:– governance (actual and optics)– clarity of decision making
5ERM Concepts and Clarifications
ERM – Scope of Mathematical Intensity
Detailed math is the answer
Broad ranges are the way to
go
AU/NZS 4360
COSO
ISO 31000
SOA
CAS
PRMIAS&P
Moody’sRIMS
6ERM Concepts and Clarifications
Notice - What our ERM is not about
• Sarbanes Oxley
• Compliance
• Audits
• Regulations
• Performance Measurement
• Credit, market or operational risk in isolation
Note - The world does not need more bureaucracy
7ERM Concepts and Clarifications
Notice - What our ERM is about
• Good Governance
• Good Management
– Agreed objectives and risk strategies
– Future outlook
– Prioritization of objectives and risks and mitigants
– Resource allocation based on risks to objectives
8ERM Concepts and Clarifications
ERM Processes
“Conversations” & “Prioritizations” via:
• Policy and Framework
• Risk Criteria (appetite /tolerances)
• Corporate Risk Profile
• Risk workshops
• Business Planning
Hydro One’s Approach
ERM Policy and Framework
• ERM Policy:– “ERM provides uniform processes to identify, measure, treat and
report on key risks.”
– This is the umbrella policy under which all other risk policies fall.
– Key principles include: portfolios of ALL types of risks, integrated with strategic and business planning, annual risk assessments, everyone’s responsibility.
– Key accountabilities: Audit & Finance Committee, the President, CFO, Management and CRO.
• ERM Framework:
– Establishes the basic process for all risk assessments
9
ERM Policy and Framework
BOARDCOMMITTEE
EXECUTIVEMANAGEMENT
LINEMANAGEMENT
CORPORATE RISK
PROFILEPOLICY &
FRAMEWORK
RISK PROFILES
RISK TOLERANCES
MANAGE RISKS, $$
ERM - Corporate View
ERM Process
Risk Criteria (Tolerances)
Risk Tolerances
Use of Risk Criteria (Tolerances)
•In order to run effective risk workshops•In order to create a common understanding of risks by both the leadership team and the board•Criteria for Business Planning/Resource Allocation prioritization
10Risk Tolerances
A more complex view
Risk Capacity
Risk Appetite
Risk Tolerance
RiskTarget/Range
Source: Web presentation by:
J. Chris Karow
E&Y
ERM Symposium
New York
March 28, 2007 RiskLimits
This is the box we play in
11Risk Tolerances
Turning Strategy into Risk Tolerances
Strategic Planning
How are we goingto achieve our
overall Corporateaims??
Business Objectives
KeyPerformance
Indicators
RiskTolerances
What is ourattitude toward
failure for each KPI??
How will wemeasure successfor each Business
Objective?
What 6-10 objectivesdo we want to
factor in todecision-making?
12Risk Tolerances
Example of HOI “risk tolerances”
Risk Tolerances Business
Objectives Event Impact Description 5
Worst Case 4
Severe 3
Major 2
Moderate 1
Minor
Financial
Net Income shortfall (after tax, in one year)
$>150M shortfall $75-150M shortfall $25-75M shortfall
$5-25M shortfall <$5M shortfall
Reputation
Negative Media Attention; Opinion leader and Public Criticism
National media attention; opinion leaders/customers nearly unanimous in public criticism
Provincial media attention; most opinion leaders/customers publicly critical
Significant local attention; Several opinion leaders/ customers publicly critical
Credible letter(s) to Ministry of Energy, to Premier, to Chair of OEB, or to Minister of Environment, that require action
Letter(s) to Senior Management
Customer /Reliability
Outages on the Hydro One system
One of: >100,000 Customers Distribution or >1000MW Tx for more than 7 days
One of: 40k-100k Customers Dx or 400-1000MW Tx for 4-7 days
One of: 10k-40k Customers Dx or 100-400MW Tx for 2-4 days
One of: 1k-10k Customers Dx or 10-100MW Tx for 4-24 Hrs
One of: <1000 Customers Dx or <10MW Tx for <4 Hrs
Worst Case:
- threatens the survival of
Hydro One Inc. in its current form
Minor:
- noticeable deterioration
in results
Major:
- significantdeterioration
in results
13Risk Tolerances
Corporate Risk Profile
Hydro One’s Approach
Corporate Risk Profile
•Purpose and Benefits•Semi-annual based on:
– Interviews & Databases–Trends & Emerging risks
• Reviewed by:•Executive (Risk) Committee•Audit Committee
• Input to Business Planning
• The Corporate Risk Profile
14Hydro One’s Approach
Risk Interviews
•Strategic Objectives•List of major events since last Risk Profile•Prior list of top risks: to capture trend and rating•Listings of all possible existing and evolving risks
15Risk Interviews
Structured Risk Interviews/Workshops
Human Resources(R=2.6 / C=2.9)
RetainingExpertiseR=2.6 / R=2.1)
Training
(R=2.5 / C=2.8)
LabourAgreements
R=2.4 / C=2.0)
Commercial Culture
(R=3.4 / C=2.1)
Volatile WorkSchedule
(R=2.4 / C=2.1)
Budget
(R=2.8 / C=2.6)
Skills
(R=2.5 / C=2.6)
Demographics
(R=3.5 / C=2.3)
Competition
(R=2.7 / C=2.5)
R = Residual RiskC = Control
16Risk Workshops
Corporate Risk Profile
SOURCES OF RISK
IMPACTED OBJECTIVES
MITIGANTS
RISK # 1
RISK # 2# 3
# 4# 5
CHARTOF
RISKS
SCOPE,METHODS
&CHANGES
SPECIFIC RISKS
17Risk Profiles
Risk Source March 2001 Dec. 2001 Risk Trend
Cost Reduction Very High Very High
Regulatory Uncertainty High Very High
Initial Public Offering High High
Customer Relationships High Medium
Human Resources Medium Medium
Safety High Medium
Corporate Risk Profile
Note: Each risk category is explained with a half page analysis outlining the sources of the risk and the mitigants in place or planned.
18Risk Profiles
Risk Workshops
Risk Workshops
Risk Workshops are Facilitated for:
•Major Projects, e.g. construction, I.T., M&A
•Major Types of Risks, e.g. environmental
•Lines of Business, e.g. for business planning
•Leadership Team and Full Board of Directors
Note: A Full Report is Provided within 24 hours
“Risk Management is a contact sport.”
Diana Del Bel Belluz
19Risk Workshops
ERM Workshops
– Objectives articulated– Risk Criteria (tolerances) developed– Magnitude (“largest credible risk”)– Probability (always to specific time-
frames)– Risk Trends for the future– Risk Maps show quality of controls
• Unique Workshop Design
20Hydro One’s Approach
Risk Workshops - Process
•Champion: identified & used
•Attendees: number, qualities
•Pre-voting: methods & benefits/disadvantages
•Timing: length & agenda
•Software: voting and data capture
•Facilitation techniques: how to
•A Full Report is Provided within 24 hours21Risk Workshops
Environmental Hazards
0 20 100%806040
Worst Case
Severe
Major
Moderate
Minor
8
2
1
7
Risk Workshops
5
4
3
2
1
Number of participants
who voted for each category
22Risk Workshops
0 20 100%806040
Environmental Hazards
Worst Case
Severe
Major
Moderate
Minor
5
4
3
2
1
3
10
5
Risk Workshops23
2
3
4
2 3 4
Probability
Mag
nit
ud
e
NOTE: Size of bubbles depicts confidence in
controls
Briefing Sessions: voted results & meaning
“Molecules”• themes, patterns in discussion• common causes
Risk Workshops 24
Business Planning
Spending Prioritization: Making choices based on value
Vehicles??
House??
Medical??
Travel??
Intolerable Risks
Highest “Risk Mitigation” Value for money
+
25Business Planning
“True” tolerances: “Red Zone”
5Worst Case
4Severe
3Major
2Moderate
1Minor
5 Very Likely
4 Likely
3 Middle Odds
2 Unlikely
1 Remote
26Business Planning
Program Level Cost Cuml. Cost Risk if not done
Bang for Buck (1)
Vehicles Highest Risk $2 $2
100.0 House Highest Risk $6 $8 100.0 Medical Highest Risk $1 $9 100.0 Vehicles Level 1 $1 $10 2.8 2.80
House Level 1 $3 $13 3.0 1.00
Vehicles Level 2 $2 $15 1.9 0.95
House Level 2 $5 $20 3.2 0.64 Medical Level 1 $12 $32 2.3 0.19
Ranking across Work Programs
(1) value for $’s
IntolerableRisk
“BANGfor
BUCK”
Resources = $14
27Business Planning
Framework Initiated Formulated Implemented Robust
ERM Policy
ERM Framework
Executive Risk Committee
Common Language
Dedicated Corporate Risk Group
Champions
Integration with loss control
Integration with Strategic Planning
Integration with Business Planning
Hydro One ERM Status - April 2002
28Hydro One’s Approach
Tools & Techniques Initiated Formulated Implemented Robust
Approved Risk Tolerances
Workshops - Line
Workshops - Leadership
Voting Software
Measurement – broad ranges
Measurement – detailed metrics
Risk Register One sub only One sub only
Business Plan Templates
Scenario analysis
Sign-off by Line Management One sub only One sub only One sub only
Key Risk Indicators
ERM in VP’s Personal Contracts
Hydro One ERM Status - April 2002
29Hydro One’s Approach
Deliverables Initiated Formulated Implemented Robust
Corporate Risk Profile
Reporting to Leadership/IRC
Reporting to Audit & FinanceCommitteeReporting to Board
Hydro One ERM Status - April 2002
30Hydro One’s Approach
Staying in Business“We have been in business since 1906, and we have been pleasing and displeasing the public ever since. We have been cussed and discussed, boycotted and investigated, talked about, lied about, hung up, held up and robbed. The only reason we are staying in business is to see what happens next.”
Sir Adam Beck, 1922As quoted in “Adam Beck and The Ontario Hydro”
by W. R. Plewman, published March 1947
31Conclusion
Questions?
32