Enterprise Risk Assessment
Determination of Top Risks to Value
ERA Objectives
• Identify top risks to value for Independent Health
– High level view, broad vs. deep
• Categorize risks, prioritize within categories
– Determine risk dependencies, risk relationships
– Identify risk category mitigation options
• Develop risk based annual internal audit plan
• Select highest priority risks
– Target for deep dive assessment (risk, controls,
exposure)
– Target for quantification of potential impact to value
• Establish value of repeatable process
2
ERA Process
Identify
key
potential
risks
to Value
1. Plan and scope
2. Pre-work data
collection
3. Prepare executive
orientation package
4. Develop initial risk
framework
5. Prepare and
distribute pre-interview
survey
6. Executives complete
pre-interview survey
7. Aggregate/
summarize executive
team pre-work results
8. Conduct executive
interviews
9. Prepare draft high
level risk assessment
summary re: key risks
to value
Survey,
interview
Execs for
risk
concerns
1. Survey EROs using
potential key risks
identified
2. Compile and
analyze survey
results
3. Develop personal
interview decks
comparing individual
results to aggregate
to develop deeper
understanding of
concern
4. Interview EROs,
validating sources of
survey concerns
5. Obtain high level
ERO estimate of level
of control and
residual risk
ERA
end
point
Analyze, score,
categorize
results,
determine risk
priorities
1. Analyze,
categorize, and
score risk concerns
2. Identify common
themes
3. Examine links to
strategic plan,
identifying
opportunities to
value creation
4. Examine risk
inter-relationships
5. Examine high
level controls,
remediation options
6. Report top risks
to value to senior
management, board
3
Target
specific
risks for
in-depth
assessment
1. Select top
residual risks for indepth assessment,
understanding of
drivers of value and
risk
2. Conduct detailed
operations review
of risk area,
controls strategy,
annual roadmap, &
related initiatives,
performance &
value drivers, risk
remediation
strategy, etc.
3. Report detailed
risks and
remediation
recommendations
Quantify risk
impact
to IH value
for specific
decision
support
1. Select target
risks for quant
based on business
decision, capital
allocation needs
2. Determine
SMEs for impact
analysis
3. Conduct FMEA
interview to
determine
component
impacts
4. Quantify shock
risk to value,
considering
component impact
against org. value
model
Top Down Enterprise Risk Assessment Process
the universe of
9 Consider
risks from industry &
Develop exec. risk survey, to
9 determine
top risk priorities, &
internal sources…
interview for add’l insights…
Emergency
Response
Campus
convergence/co
nverged premise
Location
Proof of
Delivery
Telemetry
Medical Mobile
Proof of
Delivery
Mobile
Security
Tracking
LMR
Integration
Voice VPN
DataLink
VoIP
IP PBX
IP Voice
Connect
Fiber Fed
DAS
Concierge
Services
VPN
MPLS
International
MPLS
Laptop
Location
IP Dispatch
Wireless
GeeksquardW’less/W’line
Router
Dual Mode
Network VoIP
WiFi
Long Haul
RFID
Unified
Messaging
Presence
CNS Coverage
Talent acquisition/bandwidth to execute various initiatives
Traffic Mgmnt
IP Dispatch
Navigation
LMR
Augmentation
PTX
Medical cost trend acceleration
Embedded
Laptop
Fleet Man.
M2M
WiMAX City
Networks
Call
Management
Mobile Video
Broadcast/Multicast
Vertical
MPLS
W’less
Local Loop
EvDo
Premise
Convergence
W’less IM
Sprint Provided
Ethernet
Wireless PBX
2006
Risk Prioritization Framework
Top 12
Risk List
M-Commerce
Mobile Bus.
Content
Extended
Office
Disaster
Recovery
HostedFFA
& FSA
SFA
Road Traffic
Modeling
Wireless
Payments
Mobile
Security
develop top risks list…
Exec risk input Survey
Universe of Possible Risks
Device
Manage
… Analyze, score,
9consolidate
exec. input to
Cable Fed
DAS
2008
Risk Prioritization
Impact
Probability
Total
Risk Priority
Score
8.13
7.88
Shifting Medical Costs
7.80
Medicare advantage reimbursement changes
7.75
Company executing consumer engagement strategy
7.56
Price comp./aggressive phase of underwriting cycle
7.00
Company executing physician engagement strategies
6.94
Nat’l comp. enters market via acquisition/under-pricing
6.88
Healthcare legislation - Federal - state
Company executing claims / Fin. platform upgrades
6.81
6.50
Local Economy
6.25
Industry consolidation / economies of scale
6.00
Nat’l player developing diff. advantage via integrated cap.
5.81
National economy
4.31
In-Depth Risk Evaluation & Response
•
ERA Process
Identify
key
potential
risks
to Value
1. Plan and scope
2. Pre-work data
collection
3. Prepare executive
orientation package
4. Develop initial risk
framework
5. Prepare and
distribute pre-interview
survey
6. Executives complete
pre-interview survey
7. Aggregate/
summarize executive
team pre-work results
8. Conduct executive
interviews
9. Prepare draft high
level risk assessment
summary re: key risks
to value
Survey,
interview
Execs for
risk
concerns
1. Survey EROs using
potential key risks
identified
2. Compile and
analyze survey
results
3. Develop personal
interview decks
comparing individual
results to aggregate
to develop deeper
understanding of
concern
4. Interview EROs,
validating sources of
survey concerns
5. Obtain high level
ERO estimate of level
of control and
residual risk
ERA
end
point
Analyze, score,
categorize
results,
determine risk
priorities
1. Analyze,
categorize, and
score risk concerns
2. Identify common
themes
3. Examine links to
strategic plan,
identifying
opportunities to
value creation
4. Examine risk
inter-relationships
5. Examine high
level controls,
remediation options
6. Report top risks
to value to senior
management, board
Target
specific
risks for
in-depth
assessment
1. Select top
residual risks for indepth assessment,
understanding of
drivers of value and
risk
2. Conduct detailed
operations review
of risk area,
controls strategy,
annual roadmap, &
related initiatives,
performance &
value drivers, risk
remediation
strategy, etc.
3. Report detailed
risks and
remediation
recommendations
Quantify risk
impact
to IH value
for specific
decision
support
1. Select target
risks for quant
based on business
decision, capital
allocation needs
2. Determine
SMEs for impact
analysis
3. Conduct FMEA
interview to
determine
component
impacts
4. Quantify shock
risk to value,
considering
component impact
against org. value
model
15
4
•
The ERA, with minimal effort,
prioritizes the top risks to value,
across the organization, as
determined by our senior
management team, with multiple
views and considerations for
action.
Later, more detailed steps,
examine risks in detail, and
quantify impact for decision
support
ERA Method: Step 1 (Determine Risks for Review)
• Purpose: Identify initial, consolidated list of potential risks
that can be used to develop an objective survey.
• Process:
√
√
√
√
√
Research potential risks to industry, segment, region
Research for-profit competitor 10K reports, etc.
Leverage strategic SWOT work, competitive analysis
Consider potential risks vs. strategic roadmap
Pair down to top 40-60 potential risks to org. value
• Product:
√ ERA risk survey questions, ready for internal ranking
√ Categorized, organized list of top potential industry risks
5
2008 Enterprise-wide Risk Assessment - Steps
1.
Determine Risks for Review - Identify initial, categorized list of approx.
50 potential risks for development of questions for an objective survey.
Industry Risk
Type
Source
Significant changes in market interest rates affect the value of
financial instruments that promise a fixed return and, could have
an adverse effect on results of operations.
Financial
Aetna (2007, 10K)
Cigna (2006, 10K)
United Healthcare Group (2006, 10K)
Information systems and data integrity
Operational
United Healthcare Group (2006, 10K)
Apria (2003, 10K)
Compliance risks unique to PBM
Compliance
United Healthcare Group (2006, 10K)
Litigation
Operational
Aetna (2007, 10K)
Cigna (2006, 10K)
United Healthcare Group (2006, 10K)
Government scrutiny/frequent changes in government regulation
Compliance
Cigna (2006, 10K)
United Healthcare Group (2006, 10K)
Funding risks re: revenue received from participation in
Medicare/Medicaid
Financial
Aetna (2007, 10K)
Apria (2003, 10K)
United Healthcare Group (2006, 10K)
Relationships with Employer Groups
Strategic
United Healthcare Group (2006, 10K)
Ability to develop new products given inherent uncertainties and
government regulations
Strategic
Aetna (2003, 10K)
Cigna (2006, 10K)
Pandemics, terrorists attacks, natural disasters or other extreme
events could materially increase health care utilization, pharmacy
costs, life and disability claims and impact our business
continuity
Operational
Aetna (2007, 10K)
Cigna (2006, 10K)
United Healthcare Group (2006, 10K)
Industry / economic forces can change the fundamentals of the health
and related benefits industry, adversely affecting business and
operating results
Strategic &
Financ
ial
Aetna (2007, 10K)
Cigna (2006, 10K)
United Healthcare Group (2006, 10K)
Protection of PHI and confidential business information
Compliance
United Healthcare Group (2006, 10K)
Aetna (2007, 10K)
6
ERA Method: Step 2 (Survey, Interview EROs)
• Purpose: Determine top concerns of IH Executive Risk
Owners (EROs). Obtain ERO insights and sources of
concern.
• Process:
√ Survey Executive Risk Owners (EROs)
• Using potential industry risk list (from Step 1)
√ Compile & analyze survey scoring results
√ Develop personal interview decks, vs. aggregate results
√ Interview EROs, validating source of survey concerns
• Product:
√ Aggregated survey data & interview insights for analysis
7
2008 Enterprise-wide Risk Assessment - Steps
2.
Survey and Interviews of Executive Risk Owners (EROs) Determine insights and top concerns of EROs.
8
2008 Enterprise-wide Risk Assessment - Steps
2.
Survey and Interviews of EROs - Determine top concerns of IH
Executive Risk Owners (EROs). Obtain ERO insights and sources of
concern.
Review Your Top Risks
Risks you rated as top risks for the
enterprise
Risk you rated as top risk for your area
of responsibility
•Fkd;sjtr fmg[oijgafd gjijgp dfjpdfg m;dfjppf
sdljhgurgie sogofglfoiojgog[ care
•Key uahglanv a[osdifg[oiv [oifg[ifdjgmna[om afdlkjhgo
odafg galerkj[pfdihgafd [ofdf[lkhgdafjgdag
•Therlkjsgdu sadb[oit [odhoi oirg
•Hpoiegv[qnrg a[oifdg[ovn[onrvb aofjgpoiejrglk fdhgth d
fmgakfmgpaefimgg’jmgpfgpfhgpdfh’khf
•Hrelh[oif lksdjfoaisonor and I would ljhlg woei fsa[
fopv network
Review Your Risk Ratings
9 You rated the risks shaded in yellow as high; please tell us why?
9 On average, the risks shaded in grey were rated by “all exec” as high; please explain why your ratings
may have varied significantly.
•Wisjadlf a[jg a[oifgjngl’afdkgbkjf dfgjpfd
•Inability to aldsfugl[naog aoihgoibjafd
v[apjgpjg’lafkg[mg daoifjg[ifdj
Statistical top ten risks ranked from
all IH execs
Your statistical top ten ranked risks
5
8
9
ERA Method: Step 3 (Analyze, Score Results)
• Purpose: Develop understanding of top risks to IH value,
high level controls, and priorities for deep dive, or risk
quantification.
• Process:
√
√
–
√
–
Analyze, categorize, and score risk concerns
Identify common themes
Examine risk links to strategic plan; identify opportunities
Examine risk inter-relationships
Examine high level controls, remediation options
• Product:
– Report of top risks to value, scored, ranked & categorized
– Understanding of priorities for a) risk remedy actions, b)
deep dives, and c) risk quantification
10
2008 Enterprise-wide Risk Assessment - Steps
3.
Analysis of data – Analyze all information collected from research, surveys and
interview. Determine preliminary relative risk priorities at major risk and (sub) risk
levels.
•
•
•
•
Identified major risk themes
Matched (sub) risks to major risk areas
Linked risks across major risk areas
Applied scores, and relatively ranked at the major risk and (sub) risk levels
11
Next Steps
• Validate what we heard with Exec Risk owner
(ERO)
• Align results with strategic plan
• Determine high level estimate of controls for risks
identified
– Note: data for this step has already been collected from interviews
• Produce output conclusions & recommendations
– Deep dive risk assessments
– Risk quantifications
– Risk remediations
• Align to 2009 budget process
12
ERA Output Examples
Top risks to value, ranked,
9 with
insights, control level
Categorization of risks into
9COSO
format, indicating type
Risk Prioritization Framework
COSO Risk Categorization
of action required…
Risk Prioritization
Top 12
Risk List
Impact
Probability
Total
Talent acquisition/bandwidth to execute various initiatives
8.13
7.88
Shifting Medical Costs
7.80
Medicare advantage reimbursement changes
7.75
Company executing consumer engagement strategy
7.56
Price comp./aggressive phase of underwriting cycle
7.00
Company executing physician engagement strategies
6.94
Nat’l comp. enters market via acquisition/under-pricing
6.88
Healthcare legislation - Federal - state
Company executing claims / Fin. platform upgrades
6.81
6.50
Local Economy
6.25
Medical cost trend acceleration
C O S O E R M View of T op R is ks : T op D own E nterpris e R is k A s s es s m ent
Risk Priority
Score
Industry consolidation / economies of scale
6.00
Nat’l player developing diff. advantage via integrated cap.
5.81
National economy
4.31
Strategic
Operational
Fin. & Rptg
•
•
Impact Likelihood Heat Map
H eat Map View:
Compliance
High
Medium
Low
Imp lies A c tio n b y Q uad ran t
Validate
Improve
High Impact
Low Likelihood
High Impact
High Likelihood
Optimize
Monitor
Low Impact
Low Likelihood
Low Impact
High Likelihood
Likelihood
10
10
11
In-Depth Risk Evaluation & Response
Next Steps:
•
action required…
Impact
considered…
Map view, indicating
9 Heat
priorities and nature of
Review and validate results with
Executive Management
Select risk priorities to perform
in-depth analysis, quantification,
& risk tolerance evaluation
Quantify risk impact to value,
and scenario options for business
decisions
13
ERA Results Summary
• XXX Individual risks (scored individually)
• XX Major risk areas/categories (composite scores)
• Four separate views of these risks
• Priority View
• COSO View
• Heat Map View (by influence and by effectiveness)
• Risk Interdependencies View
• Important risk inter-dependencies
• Prospective steps and monitoring
14
Example of Draft Results
•
•
Example of draft major risk area relation to (sub) risks &
scoring results
Scoring components considered include:
– Number of execs raising the risk, & degree of concern
– Links to other risks & sub risks
– Survey score results
15
ERA Results: Top Risks Categories
#
Risk Category
Risk
Description
Risk
Score
Risk Cat
Score
Results:
Distribution of Major Risk Area Scores
120.00
Major Risk Area Total Score
2 per. Mov. Avg. (Major Risk Area Total Score)
101.21
98.55
100.00
85.48
80.00
70.60
66.55
61.84
61.24
60.00
58.91 58.45
54.00
49.69
48.38 47.92
46.53
41.47
38.5038.26
38.26
38.26
37.91
40.00
34.00
30.55
26.74
26.43
26.10
20.00
13.71
13.25
13.00
11.98
0.00
1
5
9
13
17
21
25
29
33
37
41
45
49
53
57
61
65
69
73
77
81
85
89
93
97
101 105 109 113 117 121
ERA Results: Top Risks Register
#
Risk
Description
Risk
Score
Risk Cat
Score
Risk category
Distribution of Individual Risk Scores
Risk Score
The ERA identified 121 separate risks that will be
considered by the ERM Implementation Committee;
26 of those individual risks as the highest priority
for that team to consider. For the Risk Governance
Council, we have grouped these individual risks
into Major Risk Area categories
14
12
10
Priority 3 Risks
Priority 1 Risks
8
Priority 4 Risks
Priority 2 Risks
6
Priority 5 Risks
4
2
0
1
3
5
7
9
11
13
15
17
19
21
23
25
27
29
31
33
35
37
39
41
43
45
47
49
51
53
55
57
59
61
63
65
67
69
71
73
75
77
79
81
83
85
87
89
91
93
95
97
99
101 103 105 107 109 111 113 115 117 119 121
COSO ERM View of Top 15 Major Risk Areas
Strategic
Operational
Fin & Rptg
Compliance
1
2
3
High
65-105
4
5
7
Medium
36-70
8
13
6
9
12
15
14
10
11
Low
0-35
Rank # Risk_ (Risk Score)
1- Lack of ability to ejkroiglff
afdg (101)
2 – Detrjmnldfhg[af effort
failure (99)
8 - Pdfigu ffdjgoihf & poor
gjoifdglkf position (60)
13 -Change in competitive
landscape (48)
15 -Changing market &
economic forces (41)
Rank # Risk _(Risk Score)
3 - Lack of sfdghoduorjngldfjh
jfdgoijity (85.48)
4 – Change of jfdsglfdjdkf (71)
7 – Volatile agoairgn (61)
9 – Increase in uncertainty of
dsaieroglf (58)
12 -Too many simultaneous
jhsdofgoeirgnoafgn (48)
14 –Increased volatility of
ajdsfojoihgkg (47)
Rank # Risk (Risk Score)
6 - Underwriting risk
lirhgoeghfglg ofdsh ofdsg
sojdgo (62)
11 - Rlksdjgfog change in
dsofgorehgo (50)
Rank # Risk (Risk Score)
5 - Regulatory
aljfdsoergofg aogogaoig
flhglfg (67)
10 – Reedsjfoig
compliance: (54)
COSO Risk Category View – Major Risk Areas
Significance: Emerging ERM standards (COSO) recommend
separating risks into four categories, to help identify appropriate actions
needed to protect and create organizational value. These categories are
1) Strategic, 2) Operational, 3) Financial & Reporting, and 4 ) Regulatory
& Compliance. For example, for Financial and Compliance risks, cost
effectively reducing risk is desired, while for Strategic, and to some
extent Operational risks, examination of the best level and type of risk
needed to grow value is appropriate.
Insights:
•Four of our top five major risk
areas (and 11 of our top 15) are
“Strategic” or “Operational,” which
require a more complex analysis,
to align with desired risk profile
•Many risks are inter-related,
requiring consideration across
COSO categories
Recommendations:
•Ensure individual risks in major
risk areas 1 & 2 are considered in,
and aligned with the strategic plan
•Address key risks from major risk
areas 3 & 4 as part of the budget
process
•Keep focus on risks from major risk
area 5 with continuous monitoring
and executive & BoD reporting
Heat Map View of Major Risk Areas
Ability to Influence, by Impact and Likelihood
01
Wdsjgoiahglg aldfjg alg
02
RFjoigjoi oifdsg aoigjjgg
08
She sells sea shells by the seashore
13
Iers dslg aoskjg vasljgdjmgagfg
Tklfjg[lag jg asfdjgap
15
Operational
03
Rjdijh aosigj sadjgpsg asdjg
04
Qwerty Keyboard
07
Asdf jkl
09
Zxzcv/.,m laksdjf
12
IUjdsl orehng fghoiafmnaodfjgj
14
Gjkfgifjl gjukfgj godjfgjg jgf
Financial & Reporting
06 Uoihdofgnfg aofdgoidafbb
11 Tjhsdlk jmgpkjgkafg;,
Regulatory/Compliance
05
Puisdpigjnonlkf goifgpifgmng
10
She sells sea shells by the seashore
5
High
VALIDATE
High Impact 5
Lower Likelihood
4
1
IMPROVE
High Impact
High Likelihood
4
10
14
25
3
21
18 17
22 20
26
13
11
12
8
9
6
2
1
Low
23
MONITOR
Lower Impact
High Likelihood
2
3
4
Likelihood of Occurrence
Bubble size = Ability to influence
Strategic
Operational
Fin / Reporting
Low
7
24
OPTIMIZE
Lower Impact
Lower Likelihood
27
1
2
3
16
19
15
Impact
Strategy & Execution
High
Compliance
5
High
Heat Map View of Major Risk Areas
Effectiveness of Response, by Impact and Likelihood
01
Wdsjgoiahglg aldfjg alg
02
RFjoigjoi oifdsg aoigjjgg
08
She sells sea shells by the seashore
13
Iers dslg aoskjg vasljgdjmgagfg
Tklfjg[lag jg asfdjgap
15
Operational
03
Rjdijh aosigj sadjgpsg asdjg
04
Qwerty Keyboard
07
Asdf jkl
09
Zxzcv/.,m laksdjf
12
IUjdsl orehng fghoiafmnaodfjgj
14
Gjkfgifjl gjukfgj godjfgjg jgf
Financial & Reporting
06 Uoihdofgnfg aofdgoidafbb
11 Tjhsdlk jmgpkjgkafg;,
Regulatory/Compliance
05
Puisdpigjnonlkf goifgpifgmng
10
She sells sea shells by the seashore
5
High
VALIDATE
High Impact 5
Lower Likelihood
4
Impact
Strategy & Execution
3
1
2
IMPROVE
High Impact
High Likelihood
3
16
19
15
14
25
10
18 21
22 17
20
26
13
11
12
4
8
9
6
2
1
Low
23
24
MONITOR
Lower Impact
High Likelihood
OPTIMIZE
Lower Impact
Lower Likelihood
27
2
3
4
Likelihood of Occurrence
1
Bubble size = Effectiveness of Response
Strategic
Operational
Fin / Reporting
Low
7
High
Compliance
5
High
Heat Map View – Major Risk Areas
Significance: This “Heat Map” view provides a unique priority view of
all the major risk areas. This view can be considered a baseline, against
which we can measure progress in either reducing risks or exploiting
opportunities, and aligning with our businesses plan to create or preserve
value. We present two views of the Heat Map, to reflect the consensus of
the executive team on both our ability to influence the individual risks
areas, and then how well we think we are doing in risk responses.
Insights:
Recommendations:
•Opportunity exists to improve our
response to risks, as our “Abilities
to influence” risk exceed our
current perceived “Effectiveness of
risk Response”
•Establish this view as a regular
risk radar for exec/BoD reporting
•This view can be used to trend
and report improvement over time
•Address key individual risks that
have the greatest impact on
multiple major risk areas, e.g..
•She sells sea shells on the sea
shore
•Ejokdsj aposigj dsalgho[ahg
Independent Health Top 15 Major Risk Areas
Top 15
Risk List
Risk Prioritization
Impact
ERM Action Potential
Major
Likelihood Influence Risk Area
Score
Effectiveness
of response
Insight Recommendation
101
99
Remediate - Comprehensive response
Jlkjdsfgojahg apfdsohgourg)
85
Ojfdlkg asbdfgl aslgdkjpkjv
71
Increasing exposure – Quantify risk
Increasing
exposure – Quantify
risk
Remediate
- Comprehensive
response
Pfdsjgoierjgldkfg afdogj galdfjg
67
Undskds oigmdsa goig
62
Remediate – Comprehensive response
The Godfather
61
Remediate – Comprehensive response
Rocky III
59
Monitor – Difficult to influence
Casa Blanca
Scent of a woman
58
54
Quantify – Increasing exposure
Quantify
– Increasing exposure
Remediate
– Comprehensive
approach
Scarface
50
Monitor effectiveness of controls
Braveheart
48
Remediate – Comprehensive approach
Apocalypse now
48
The Maltese Falcon
47
Aokgdjoag aogpajgj asjgkjf
41
She sells sea shells at the
Seshore lfdjg algjajg
LEGEND
=1
(Low)
Monitor -Taking risk/Contingency plan needed
Monitor - Difficult to influence
Monitor – Contingency plans needed
Remediate – Comprehensive approach
Increasing exposure – Quantify risk
Monitor – Difficult to influence
The top 15 Major Risk Areas are listed above. This view provide a priority view base on the
scores accumulated during the executive survey and interview process.
=2
=3
=4
=5
(High)
Each of these risk categories includes a number of individual risks. While this view, at the Risk
Category level will highlight top risk areas for executive focus, most of the direct actions that
will result over time to address our risk profile will be taken at the individual risk level.
Risk Inter-relationships
9
Strategy & Execution
01
Godfather
02
Scent of a Woman
08
She sells sea shells by the seashore
13
15
Scar Face
Tklfjg[lag jg asfdjgap
Operational
03
Rjdijh aosigj sadjgpsg asdjg
04
Qwerty Keyboard
07
Asdf jkl
09
Good Fellas
12
IUjdsl orehng fghoiafmnaodfjgj
14
Gjkfgifjl gjukfgj godjfgjg jgf
6
4
1
14
13
8
7
15
12
3
2
5
Financial & Reporting
06 Taxi Driver
11 Tjhsdlk jmgpkjgkafg;,
Regulatory/Compliance
Puisdpigjnonlkf goifgpifgmng
10
She sells sea shells by the seashore
10
Strategic
Bubble size = Score Rank
05
11
Operational
Fin / Reporting
Low
High
Compliance
Risk Inter-relationships View - Major Risk Areas
Significance: The relationships between risks area can be as significant as
the risks themselves. A recent Deloitte study (Disarming the Value Killers)
found that 80% of the top losses to corporate value are from the
interaction of multiple risks. In these cases, while a single risk can be
damaging, the interaction of key related risks can be devastating to value, even
to the point of jeopardizing an organization as a going concern. So we must
consider the potential exponential impact the interaction of key related risks.
Insights:
Recommendations: All Linked
•Several key inter-relationships
may exist between our major risk
areas
•Align sadjoifh
alifdgkaljgpoiafjgoafgoafgjhoapoafjgpoij
aofdijgpoadfgla adpoifg poidahgjfd adpofj gon
•One key inter-relationship that
emerged during the ERA is the
relationship between: 1) Godfather,
2) Scent of a Woman, 5) Scar Face, 9)
Good Fellas, and 12) Taxi Driver
•Reduce lkfdsajgoi o voigjfoigodakfjglkan
oaifugjokafgokjfdo japifdjgjmoa[fdij m oiadfjgi
a[oidfgj number of initiatives, focud
•Instill fjdgijfd[p bfd;kfdj dpkfjpkfdj df poidfuypoidf
pdsfohgposdf skfduhpoishjpskjhpjh pkdfyupoadj
fphj
•Ofgjoafg aofigh aofigoiafgoiajf aopifgjpiajfgkajf
[oiafdgojdafoig adofipoidakjgjif m ;lsfdo8mnr goin4
Benefits of ERA
• Prioritized list of top risks to value, directing all
subsequent action, is the cornerstone of ERM
– Foundation for Deep Dive, Risk Quant decisions
– Ensures best “bang for buck” for use of risk
management resource $s
– Strategically focuses risk remediation efforts
• Develop risk based annual internal audit plan
– Essential for development of risk based audit program
– Systematic means to prioritize audit resources,
engagements
– Focus valuable resources on risks that matter
• Establish value of repeatable process
28
Introducing our IHA Speaker
• Lou DiSerafino, Chief
Risk Officer
– 25 Years experience
in multiple areas of
strategic & operational
risk management
– Focus on using risk
management as
enabler for value
growth
– Proven experience
linking consideration of
risk into business
strategy
29
Contact Information
Lou DiSerafino
Chief Risk Officer
[email protected]
(716) 635-3790
30