The Campaign for McMaster University The Campaign for McMaster University Using Risk Assessment to Inform Strategy Debbie Sabatino Senior Manager, Enterprise Risk Office of the Chief Risk Officer McMaster University Hamilton, Ontario CAUBO Conference June 17, 2013 Facts about McMaster § Founded in 1887 by Senator William McMaster – first president of the Bank of Commerce § Consistently ranked as one of the top 100 universities in the world § McMaster pioneered problem-based learning and has demonstrated an unwavering commitment to student success, service and community engagement § Research enterprise is consistently ranked as one of the top three in Canada, garnering more than $390 million annually § More than 156,000 alumni in 140 countries, McMaster’s reach is truly global § 24,000 students and 7,000 full-time and part-time employees 2 Our Mission At McMaster, our purpose is the discovery, communication and preservation of knowledge. In our teaching, research, and scholarship, we are committed to creativity, innovation, and excellence. We value integrity, quality, inclusiveness, and teamwork in everything we do. We inspire critical thinking, personal growth and a passion for lifelong learning. We serve the social, cultural and economic needs of our community and our society. Our Vision To achieve international distinction for creativity, innovation, and excellence. 3 A couple of questions…. § Does your institution have a Enterprise Risk Management program? § What words would you use to describe its value? § What words would you use to describe challenges? Presentation Overview § § § § § § § § § § Introduction Value of Enterprise Risk Management ERM Benefits ERM Framework and Risk Assessment Relationship between ERM and Strategy Planning ERM Challenges Integration of Risk Assessment into Strategic Planning q Scenario Planning ERM Maturity Model Summary Questions 5 What Organizations Want Keep Us Out of Trouble Reputation Damage Loss of Funding More Legislation & Regulations Make Our Institution Better Goal Litigation, Fines and Settlements Loss of Workforce Effective stakeholder relations Risks are identified and monitored Goal Improved reputation Controls are optimized Nimble, aligned Opportunities are exploited Organization 6 Enterprise Risk Management § Institution-wide process of planning, organizing, leading and influencing § § § § the activities of an institution ERM informs, manages and helps senior management and the board make better decisions It’s about knowing which risks to take and how far to take them Working with existing processes within the institution will help ensure: q Risk identification process goes to the right level of detail q Institution is expending the optimal level of resources to address the risks that can be mitigated q See the opportunities in risks that will bring results to advance the institution’s objectives Investment in an integrated, efficient and value-driven approach to ERM is key to contributing to future success 7 ERM Benefits Creates ability to be proactive: q Systematically identify, assess and prioritize risks q Promote pan-organization learning – spot trouble or opportunities easily q Reduce chance of repeat problems Promotes resilience: q q Provide assurance that key risks are understood , mitigated and/or leveraged Prevent and rapidly respond to potential failures – turn into possible opportunities q Supports need critical staff, processes, and technology q Align organizational objectives with stakeholder requirements Enhance value: q Seek growth, ensuring threats are understood and vulnerabilities are handled q Accelerate ability to respond to change and opportunities q Identify opportunities to improve performance and reduce costs 8 * Based on ISO 31000 Enterprise Risk Management Framework* awareness confirmed • Communication strategy • Training strategy Establishing the Context Communication and Consultation Continual improvement • Stakeholders engagement & Risk Assessment Risk Identification Risk Analysis Risk Evaluation Risk Treatment Managing Risk Process Continual improvement Implementation Review, Monitor & Improve • Enterprise Risk Plan progress • Enterprise Risk Program maturity assessment • Benchmarking (Internal & External) • Governance Reporting Communicate & Train Implementation Monitoring and Review Mandate & Commitment • Mandate statement • Enterprise Risk Plan • Enterprise Risk Policy • Enterprise Risk Procedures • Links to Strategic Plan and Internal Audit Plan Organization • Audit Committee of the Board • Enterprise Risk Steering Committee (PVP) • Enterprise Risk Management Team (SMT /AVP) • Chief Risk Officer & team • Faculty Risk Champion(s) • Risk Owners 9 Enterprise Risk Assessment Internal Audit § Supporting organization’s annual audit plan § Contributes to assurance process validating risk mitigation § Focuses efficient use of oversight resources Core of ERM Framework Informs Internal Audit & Strategic Planning Strategic Planning § Supports a quicker grasp of opportunities & adaptation to unexpected changes in strategy § Identification of emerging risks § Provides additional data for informed decision making 10 ERM Challenges § Board wants more information on enterprise risks due to: q q q q Increasing complexity of external and internal business environments Increasing demands for transparency and accountability Changing stakeholder demands Compliance with new legislation and regulations § Often ERM initiatives are carried out for defensive purposes § Organization functions in silos with no real cross-organization view of risks § Value is added by exploiting opportunities and improving institutional performance – done through assessing all opportunities, uncertainties and threats 11 ERM Challenges § Main reasons for ERM inadequacies include: q q q Insufficient Planning • Differing views of what is considered a risk • Inconsistent risk prioritization (Ranking according to departmental objectives rather than organizational objectives) • Ineffective decision-making Failure to link and integrate differing ERM frameworks throughout the organization Process focus as opposed to strategic decision-making focus on risk management § Enterprise Risk management inadequacies can lead to uninformed strategic planning When environment is unpredictable… § Often times, both environmental and risk factors alike are impossible to predict q q q q Black Swan events Changing economic trends Emerging competitors Political environment § Mitigation of “known unknowns” Risk Assessment Informing Strategic Planning § Identification and assessment of risks across the organization is invaluable to strategic planning q q Exploiting identified risks in favour of overall organizational performance Enhancing knowledge of the degree to which risks will affect organization’s performance potential, building relevant resilience § Understanding the interdependencies of internal and external organization wide risks is critical § Leveraging scenarios affecting all risks categories is key § Challenging assumptions to ensure remain valid 14 Integration of Risk Assessment into Strategic Planning § Outline strategy and define strategic objectives § Definition of risk appetite of achieving strategic objectives § Definition of key risks that pose the most threat to the achievement of strategic objectives § Conducting risk assessment q Regular risk assessment is crucial, as environmental factors change, thus altering strategic objectives and corresponding risks, § Mapping risk exposure against risk appetite Scenario Planning – stimulates future thinking § Process that fuels imaginative, creative thinking to better prepare for the future § Several steps in the process: 1. Conduct research to understand major forces that may impact the environment in different directions 2. Map out a few possible alternatives 3. Develop descriptions for selected options 4. Identify management strategies for options selected § Useful where uncertainty and change are high, costly surprises have occurred and the quality of strategic thinking and the supply of new opportunities is low (site this) Scenario Planning Mechanism Strategic Choice Major Forces Early Alert Signals Critical Uncertainties Implications & Options Scenario Process Scenarios Descriptions Scenario Planning Steps Orientation Defining Strategic Focus Examination Major forces defined Scenarios Creation Scenarios created with descriptions Options Consideration Define strategies, actions and changes Integration Early alerting signals developed ERM Maturity Model Advanced Integrated Defined Basic Fragmented § Components & activities limited § Implemented on an ad hoc basis § Limited capabilities to identify, assess, manage or monitor risks § Sufficient capabilities to identify, measure, manage, report and monitor major risks § Policies and techniques are defined and used (possibly independently) across the organization § Consistent ability to identify, measure, manage, report and monitor risks § Consistent application of policies and techniques across the organization § Integration of risk based planning in all operational, functional and strategic aspects § Risk accountabilities driven to department plan § Well-developed ability to identify, measure, manage, monitor risks across the organization § Process is dynamic and able to adapt to changing risks and opportunities and varying business cycles § Explicit consideration of risk and risk management in management decision and driving value § Risk accountabilities driven to individual performance plan 19 Summary § Risk assessment is valuable in aligning and informing the organizational strategic development plan by: q q q Ensuring continuation of operations through operational resilience Aiding in calculated risk-taking Increasing risk awareness and ability to take advantage of risks § Typically ERM program is at the integrated or advance level of maturity to be totally successful in consistently and effectively linking with strategic planning § CRO has a critical planning, leading and promotional role in creating the value proposition 20 Questions 21
© Copyright 2026 Paperzz