Risk Management @ TNT NV
Playtime is over – Game on!
Dr Rodney Irwin
Group Director Risk Management & Internal Control
TNT NV
2
Hoau
3
Speedage
4
Introduction to TNT
5
1. Principles for Building a Risk Intelligent
Enterprise
6
1. Building the Risk Intelligent Enterprise
Risk Intelligent Enterprises adopt a balanced perspective of risk management,
The Risk Intelligent Enterprise
supported by fundamental principles:
Nine Principles for Building a
Risk Intelligent Enterprise
Risk Governance
Board of Directors
Common Definition of Risk
Common Risk Framework
Roles & Responsibilities
Risk Infrastructure
and Management
Transparency for Governing Bodies
Executive
Management
Common Risk Infrastructure
Executive Management Responsibility
Objective Assurance and Monitoring
Business Unit Responsibility
Support of Pervasive Functions
7
Risk
Ownership
Business
Units and
Supporting
Functions
2. Risk Management at TNT – Current State
Assessment and Actions for Enhancement
8
Stakeholder Value
2. Risk Management at TNT - ERM Capability Maturity Model
Where is TNT today?
Where does TNT want to be?
Risk
Intelligent
Systematic
Unaware
Fragmented
Top Down
Integrated ERM capability
9
Unaware
Fragmented
Top Down
Systematic Risk Mgmt
Risk Intelligent
• No tone at the top for
managing risks,
• No risk governance
structure;
• No risk framework, no
risk process;
• Heavy reliance on
manual processes to
report, communicate and
monitor risk related
activities;
• Unassigned roles and
responsibilities;
• No risk ownership for
business units.
• Written charters include risk
management roles and
responsibilities;
• Limited accountability of
senior executives;
• Disconnected risk
management programs and
tools in various silos;
• Sporadic risk assessments
considering expected event
on a limited basis;
• Controls are adequately
designed but have
inconsistent operating
effectiveness results;
• Ownership of risks is siloed.
• Tone for managing the risks is set
by the Board but not embraced.;
• Enterprise wide, industry specific
risk framework;
• The Board establishes the risk
appetite;
• Few executives are held
responsible;
• Risk assessments are performed
considering only financial impacts;
• Enterprise-wide policies,
procedures and controls to mitigate
risks are developed and
communicated;
• Monitored through separate
evaluations by top management.
• The tone for managing risks and
risk awareness is widely adopted
throughout the enterprise;
• Standardized risk framework
• Technology enabled processes
are used for risk reporting ;
• The Board establishes thresholds
(financial and non financial) and
tolerances in accordance with the
risk appetite;
• Appropriate executives consider
risk as part of the decision
making;
• Training is provided to employees
to understand the risk
management responsibilities;
• Controls are robust and support
an effective and reliable
operation.
• Board considers risk
management as a competitive
advantage;
• There is a common risk language
including the value protection and
value creation;
• Senior executives constitute a
executive-level committee;
• Integrated with corporate
strategy:
• Risk management is monitored
extensively;
• Tools and techniques (such as
stress testing, sensitivity analysis)
are used to identify how the
enterprise might fail;
• Risk scenarios are prepared;
• There is an early warning system
based on thresholds to the Board.
2. Risk Management at TNT - ERM Capability Maturity Model
Risk Governance
Risk Infrastructure & Oversight
Roles &
Common Risk Responsibiliti Transparency/ Executive
Risk
Risk Definition Framework
es
Visibility
Management Infrastructure
Current State
3
4
3
3
3
4
Future State
5
5
5
5
5
5
Strong program areas:
Common Risk Framework
Risk Infrastructure
Supporting functions
Functions
(IA, Risk
Mgmt.)
3
5
Risk Ownership
Business Supporting
Units
Functions
3
4
5
5
Risk Definition
5
4
Supporting Functions
Common Risk Framework
3
2
1
Business Units
Roles and Responsibilities
0
Key areas of attention:
- Risk Definition
- Executive management
Functions
(IA, RM, Mgt)
Transparency / Visibility
Risk Infrastructure
Executive Management
Risk Infrastructure
& Oversight
10
3. Recommendations for Enhancement:
−
−
−
11
Redefine Risk Programme at Regional and Local Level
Functional Risk Assessment at GHO / DHO
Risk Management Council
3. Recommendations of Enhancement
1.
Upgrade existing risk management processes to embed a local culture of risk identification,
ownership and accountability. Move away from the mindset of compliance towards
responsible management with informed decision making. Specifically (in order or priority)
focus more attention on the quality of risk identification and the effective follow-up on corrective
actions by local management. Allocate sufficient skilled facilitation resources to the role of risk
coordinator locally.
require regions and certain material local entities to perform risk workshops more frequently
than once a year and to update the risk profile accordingly in the risk register. e.g. require
quarterly management meetings to review risk profile and to adjust based on current knowledge.
Re-define the risk management definition at TNT and replace it with a more time focused factor
as is the case in current best practice.
2.
Develop functional risk assessments for key Group wide and division specific activities to add
bridge the gaps in the current silo model.
3.
Create a virtual Risk Council to recommend risks for Board evaluation, monitor and (in some
cases) drive the corrective actions of known significant risks and improve the decision
making of key projects by evaluating the risks attached to such projects.
12
2. ERM at TNT – Current State Assessment
Develop functional risk
workshops for selected GHO
and DHO functions
Redefine the risk
management definition
Implement group wide the 8
categories of risk
Address timing of risk by
moving away from likelihood
towards speed of occurrence
Risk Definition
5
4
Supporting Functions
Common Risk Framework
3
2
1
Business Units
Roles and Responsibilities
0
Keep risk workshops at local
level but increase the
frequency with which it is
updated to a minimum of
quarterly (currently once a
year)
Functions
(IA, RM, Mgt)
Transparency / Visibility
Risk Infrastructure
Executive Management
Risk Infrastructure
& Oversight
13
Create a virtual risk council of senior
management to advise the Board of
emerging risks and to drive risk
management corrective actions across
the business (Council will reflect
functional responsibilities of the 8 risk
categories).
3. A fresh approach to risk identification:
−
−
14
Reengaging Management to ERM
Tools and Techniques
Metaphor and Story Telling
Gareth Morgan (1986) – Images of Organisations
1900 – 1980: The Mechanical Metaphor
o
o
o
Levers for change
Tool kits
Team building
1980 – 2000: The Living System Metaphor
o
o
o
2000 - :
The Linguistic Metaphor
o
o
o
15
Nurtured, Gardeners,
Self Organise
Emerging (strategy etc).
Network of interacting stories
Culture is the emergent result of conversations
Commitment
The Art of GOOD Conversation
16
Different Approaches to Conversations
Dialogue
Dialogic Leadership
N-logue
Circular questioning
Conversation Mapping
Crucial Conversations
Stories
17
•
•
•
•
•
•
•
•
•
•
•
•
•
•
!
•
"
#
•
•
$
•
•
'
"
%
#
&
!
•
%
(!
#
%
"
"
•
•
)
•
•
(
#
!
•
"
•
#
*
+
•
,
%
•
•
•
•
•
-
•
!
•
•
#
•
#
•
!
•
"#
•
•
•
+
.
!
#
$
•
18
Source: “Squirrel Inc.: A Fable of Leadership and Storytelling” by Steve Denning, published by Jossey-Bass in June 2004
Voyage Mapping at TNT
The business cycle is a Journey similar to a voyage
All businesses / organisations are like sailing ships with captains,
crew, merchants and supplies who navigate across unchartered
waters (the future) who may have to manage encounters with fog,
sharks and sea monsters, bad weather and storms.
They might have the wrong maps (strategy) and they might get stuck
in calm weather with no wind in the sails.
They might have problems with the ship such that the rudder falls off
or pirates might come on board and take over the ship and its crew.
19
Voyage Mapping
Is a process that allows a team to:
- Log and Learn from past experience (Travellers Tales)
- Planning for the future and rehearsing future change (Charting
the Future)
The process allows the team assessing their risk profile to share the
stories of the journey they have taken and this allows for others to
learn from the challenges and success over the past period.
Is a medium through which team members can express themselves
using imagery that depersonalises “issues” and provides a vehicle
through which they can be candid. It also allows people to “open up”
and share ideas and views previously hidden or avoided.
20
Storms and Whirlpools
Where and why was sailing difficult?
What do we remember as being the
‘rough seas’?
Which of these storms were
forecast and which, like the
whirlpools, took us by surprise?
Fog
Where and why might there be a
lack of clarity?
In what areas are we lacking the
‘vision’ that will help us to move in
the right direction?
21
Pirates
What might our competitors do
which would have a negative impact
for us?
Is there any suggestion that there
could be attempts to ‘take over’ our
ship?
Sharks and Sea monsters
Is there the possibility of hostile
attack? What are people finding
stressful?
Where does this fear and stress
come from and how can we deal
with it?
22
Icebergs
Lost Rudder
Are there any possible hazards in
our operational environment?
Could these bring greater
problems?
Are we aware of anything that
represents the ‘tip of the iceberg’
that we need to
keep a watchful eye upon?
What could cause us to lose or
change direction?
How can we ensure that any
change of direction is by choice and
not forced upon us?
23
Mad Captains
Sometimes management decisions
seem mad or bizarre!
How do we build understanding
between management and staff?
How do we respond to management
decisions which disturb us or which
we don’t understand? How can we
influence or change management
thinking?
24
Calms
What do we anticipate as being the
smooth, calm times?
How can we take advantage of
these times to build for the future?
How can we ensure that we do not
find ourselves in ’the Doldrums’?
Asleep at the Wheel
25
How can we continue to make good
progress without burning out our
staff?
How do we get the life balance right
so that people can look after their
own needs?
Merchants
News of Dry Land
26
How do we manage our resource
issues?
What can we do to maintain strong
links with our suppliers and achieve
excellent service?
Is there the possibility our suppliers
could let us down? How do we
prevent this?
Where do we need to look for
information to help us on our
voyage? Who are the key people
we need to keep in touch with, even
if we are in a remote location?
How do we ensure this
communication is maintained?
Celebrations
What are the big successes we
anticipate?
What should give us cause for
celebration on the journey?
How can we mark and celebrate our
successes?
Treasury Chest
27
What is the valuable buried treasure
we could find on the journey?
What might we bring home from the
journey that we would treasure for
the future? What are the ‘bonuses’
we might find if we are prepared to
spend time looking for them?
Risk Identification – Voyage Map
28
Voting Rules
Impact
This risk has occurred.
What is the most foreseeable impact on the
achievement of the Company objectives?
29
Voting Rules
Vulnerability
Based on what you know today, the experience in
the department and the existing control measures
that are already in place, how vulnerable is the
company to this risk?
30
6
Impact
Risk Map
5
Big risks we believe
we can manage
Killer risks:
need management now!
(managed in short term 1-6 months)
Risks on our radar screen
Vulnerable risks we need
to start managing
4
(evidence available)
3
2
(monitoring)
(managed in mid term 4-8 months)
1
1
2
3
4
5
6
Vulnerability
31
Risk sourcing
Group sourcing activities
Identify potential (root) causes
Identify potential consequences
Determine key risk drivers and their inter-relationships
32
ERM Register (risk register)
33
The next generation of Games at TNT
Serious Gaming technology used to simulate the TNT business
environment and familiarise participants on the downside and upside
risks of running a business.
To create a safe environment in which staff can learn and develop
their decision making skills (learn by doing).
Created jointly by TNT and Deloitte Netherlands
Brings risk management to life and combines it into the day to day
operations of the business – this has the combined effect of
illustrating that individuals or teams can be the most significant risk
due to their decision making abilities.
The Story (telling) continues …………..
34