Risk Management and Risk Transfer
Transcript of Risk Management and Risk Transfer
Risk Management and Risk Transfer A MULTI-PRONGED APPROACH
Presented by Remonde Brangman, CBIZ MHM Financial Risk Advisory Practice Leader Email: [email protected] | Phone: (301) 951-3636, Ext. 6719
linkedin.com/in/rbrangman
Tony Consoli, President, CBIZ Insurance Services, Mid-Atlantic Region Email: [email protected] | Phone: (877) 251-5345
linkedin.com/pub/anthony-consoli/5/248/abb
2
What is Risk Management?
What is Risk Transfer?
Why are they relevant?
How do we integrate them?
Value to your organization
Q&A
Topics
4
A Risk Factor is something that can cause harm. It is a poor business condition or practice that can negatively impact a company.
Risk is the likelihood of harm. The likelihood that profitability and shareholder value will be negatively impacted.
Definitions - in business terms….
RISK MANAGEMENT: Coordinated activities to direct and control an organization with regard to risk. RISK MANAGEMENT FRAMEWORK: A set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring (2.28), reviewing and continually improving risk management (2.2) throughout the organization.
Note 1: The foundations include the policy, objectives, mandate and
commitment to manage risk (2.1). Note 2: The organizational arrangements include plans, relationships,
accountabilities, resources, processes and activities. Note 3: The risk management framework is embedded within the
organization's overall strategic and operational policies and practices.
ISO 31000 Definitions
Risk and Insurance Overview
Strategic Risk
Hazard Risk Financial Risk
Operational
Categories of
Risk
Risk retention
Contractual risk transfer, i.e. noninsurance
Risk control
Risk avoidance
Insurance risk transfer
Financial tools, ala hedges, swaps, etc.
Risk and Insurance Overview
DEFINED: A risk management technique whereby risk of loss is transferred to another party through a contract (e.g., a hold harmless clause) or to a professional risk bearer (i.e., an insurance company).*
Risk Transfer
* International Risk Management Institute (IRMI)
Continuum of traditional and alternative insurance arrangements
12
Risk Profile Risk Aware
Risk
Aware Risk
Attentive Risk Attentive
Risk Enabled
Risk Enabled
Description Management is aware of the benefits of implementing risk management principles organization wide
Management is ready to embrace risk management in everyday processes and practices. It is attentive to some, if not all, of its risks.
Management recognizes risk management as a core competence and is successfully using it as a competitive advantage in chosen markets.
§ Risks managed in silos § Management holds decision
power § Financial risk focus only § No risk management training
Risks managed in silos Management holds decision power Financial risk focus only No risk management training
§ Risk management committees § Decision power devolved § Operational risk focus § Balanced scorecard in place
Risk management committees
Decision power devolved
Operational risk focus
Balanced scorecard in place
§ Self sufficient committees in place § All involved in decision making § Business risk focus § Risk management is core
competence
Self sufficient committees in place
All involved in decision making
Business risk focus
Risk management is core competence
Characteristics
Reactive Financial focus
Career internal auditors Low profile
Role of Internal Audit
Proactive Operational focus Role rotation
Higher profile
Change agents
Business focus
Integrated risk management Risk & control educators
Risk Management Continuum
13
65% of Public Firms
Financial Services
Energy Sector
Health Care
Transportation
Education
Newcomers: Construction
& Mining Source: Excellence in Risk Management VI, Marsh | RIMS
Industries That Have Adopted ERM
14
ERM: Both Negative & Positive Mindsets
Controlled Risk Maximum Performance
vs.
Uncontrolled Risk Under Performance
Risk Management Heat Map
321
3
2
1 O - 8
12
R - 3
3
3
2
1
Opportunities RisksLikelihood Likelihood
Impa
ct o
n O
bjec
tives
Impa
ct o
n O
bjec
tives
Management addresses these key risks andopportunities in its plans and prioritiesNote: Some adjustment to current priorities may be required
O - 14 R - 34
R - 72
O - 21 R - 11
Developed byJay Mattingly
16 Vary by Industry & Importance
Characteristics of Risk Factors
17
Transparency
Technology Competition
Compliance
Public Companies
Public and Private Companies
ERM Implementation Drivers
How do leaders determine which techniques or approaches to risk management are the most appropriate for their organization?
Key Question:
Answer: Risk Assessment Process
19
Risk Analysis Analyze presence of risk - Assess the level of risk - Quantify the results - Report the findings - Recommend action
Risk Response Develop an action plan; determine what risks to control and assign responsible individuals Risk Control
Implement a solution to reduce or transfer the risk
Risk Monitoring Observe the completed implementation and report the results
Risk Factor Identification Identify all potential risk exposures
The ERM Process
20
Top-Down / Bottom-Up Risk Based Approach High Risk Processes
Moderate Risk Processes
Low Risk Processes
RiskGovernance
RiskOversight
Risk Management
Board of Directors
Executive Management
Process Owner
Executive Management
Management
Process Owner
Design
Implementation
Top-
Dow
nB
otto
m-U
p
Risk Management Evolution Traditional Risk Management Modern Risk Management
ISO 31000 Methodology
Principles
Framework
Process
Compliance oriented Financial focus Negative risk events Driven from credit and market risk modeling
Top down approach Complex methodologies Lacking front line involvement and buy-in
Not seen as a model for small businesses
Management oriented
Broad organizational focused
Positive and negative risk events
Driven from strategic and organizational objectives
Both top down and bottom up
Simplified methodologies
Organizational buy-in
Excepted model for all businesses
Knowledge, understanding and development of a plan for continuous improvement.
Risk Control Techniques
Safety Programs Security Systems Fire Suppression Construction Materials Driver Training Pre Employment Screening
Insurance Policy
SafetyLoss
Contro
l
Claims ManagementFinan
cial A
nalysis
Insurance Policy
SafetyLoss
Contro
l
Claims ManagementFinan
cial A
nalysis
Insurance Policy
Review of risks − Operational − Hazard − Financial
Coverage Review
Building & Equipment Insurable Valuation
Review Current Risk Processes: − Safety Program − Claims Handling − Lease
Agreements
Loss Analysis & Trending
Total Cost of Risk
Business Interruption limit calculation
Benchmarking
Risk Transfer Options • Fully Insured • Large Deductible • Self Insurance • Captive
Placements
Brokerage Services
Coverage Recommendations
Implementation
Periodic Review & Analysis
Risk Management Services: − Safety − Claims
Management − Contract Review
Identify Quantify Fund Manage
Consultative Risk Management Process
25
!?
Ensures Sound Decision Making How: By adjusting managerial business approach and policies
Benefits of Controlling Strategic Risk
26 Improves Operational Efficiencies
How: By installing more cost effective and accurate internal systems
Risk Management Evolution
27
Maintains Availability of Credit and Manages Cost of Funds How: By improving outside relationships and considering all “what if” scenarios
Benefits of Controlling Financial Risks
28
Reduces the Consequences of Uncontrollable Losses How: By increasing safety and obtaining adequate coverage for potential losses
Benefits of Controlling Hazard Risks
29
By removing business conditions that can
have a negative financial impact
By installing business
practices that can have a positive financial
impact
ERM Maximizes Profitability and Shareholder Value
Increase the likelihood of achieving objectives
Encourage proactive management
Be aware of the need to identify and treat risk throughout the organization
Improve the identification of opportunities and threats
Comply with relevant legal and regulatory requirements and international norms
Why Implement Risk Management?
Improve mandatory and voluntary reporting
Improve governance
Improve stakeholder confidence and trust
Establish a reliable basis for decision making and planning
Improve controls
Effectively allocate and use resources for risk treatment
Why Implement Risk Management? Continued
Improve operational effectiveness and efficiency
Enhance health and safety performance, as well as environmental protection
Improve loss prevention and incident management
Minimize losses
Improve organizational learning
Improve organizational resilience
Why Implement Risk Management? Continued
33
Organization A was a Non-Profit organization with a large source of Government Grant funding. The organization believed that it had a good handle on risk and had recently updated its Governance structures.
During a review of the organization we noted that the governance structure did not include a structure for risk management.
After performing a one day review of risk exposures it was noted that the organization’s compliance program did not cover all relevant compliance requirements.
Further tests revealed that it was not in compliance with a Government regulation and had utilized the Grant inappropriately.
The amount of the misappropriation was significant to the survival of the organization. A simple Risk Management infrastructure would have prevented this loss from occurring.
Risk Management Case 1 – “Lesson Learned”
34
Company B had a database with over 2500 outside contractors for various levels of technical support. They realized that they were vulnerable to significant operational risk if their contractors did not adequately fulfill their contracts but were struggling to manage such a vast contractor base. A risk based framework was developed to determine which contractors presented the greatest risk to the organization and procedures were developed to monitor the specific risks identified.
Of the 2500 contractors, only 15 were critical to Company B requiring extensive oversight, an additional 35 vendors were moderate risks and required a minimum level of oversight and 300 low risk contractors. The remainder represented inactive vendors.
Company B was able to develop a more efficient oversight program utilizing fewer resources with increased risk coverage than provided by their previous business model.
The organization also ended up with a risk profile that allowed them to reduce the number of supporting contractors without impacting the level of service being provided.
Risk Management Case 1 – “Performance Improved”
You may also be interested in
Abandoned / Unclaimed Property by
Marshal Kline Managing Director, CBIZ MHM, LLC