The Role of the Chief Risk Office and the Boards Role in Risk - - PowerPoint PPT Presentation
The Canadian Society of Corporate Secretaries 16th Annual Corporate Governance Conference Banff Springs Hotel | Banff, AB | August 24 27, 2014 The Role of the Chief Risk Office and the Boards Role in Risk Oversight John Fraser Senior
The Canadian Society of Corporate Secretaries
16th Annual Corporate Governance Conference
Banff Springs Hotel | Banff, AB | August 24 ‐ 27, 2014
Source: KPMG in “Raising the Bar” (April 2008) quoting the February 2006 McKinsey Quarterly Survey
McKinsey & Company in “Improving board governance” via an on line survey in April 2013 of 772 corporate directors, 34 % of whom were chairs. 22% were public companies78% were private companies.
Source: Based on a December 2012 survey by the Economist Intelligence Unit and published by KPMG in 2013 in “Expectations of Risk Management Outpacing Capabilities – It’s Time for Action”
Source: Current State of Enterprise Risk Oversight – 5th Edition (June 2014) AICPA & NCSU
Source: Current State of Enterprise Risk Oversight – 5th Edition (June 2014) AICPA & NCSU 1 2 3 4
Source: Current State of Enterprise Risk Oversight – 5th Edition (June 2014) AICPA & NCSU 1
2
Source: Current State of Enterprise Risk Oversight – 5th Edition (June 2014) AICPA & NCSU
2009 2013 Companies with a designated Chief Risk Officer 18 31 Financials with a designated Chief Risk Officer 53 Separate Risk Committees 22 43 Risk Inventories kept at an enterprise level ‐ all 20 37 Risk Inventories kept at an enterprise level – Large Co’s 72 Risk Inventories kept at an enterprise level – Public Co’s 66 Risk Inventories kept at an enterprise level ‐ Financials 44
CORPORATE RI SK PROFI LE BOARD ( OR COMMI TTEE) EXECUTI VE MANAGEMENT POLI CY & FRAMEW ORK RI SK PROFI LES & BUSI NESS PLANS LI NE MANAGEMENT RI SK CRI TERI A ( TOLERANCES) MANAGE RI SKS, $ $
Additional reading: “Managing the Multiple Dimensions of Risk—Part II: The Office of Risk Management” by Anette Mikes, Assistant Professor, and Robert S. Kaplan, Baker Foundation Professor, Harvard Business School (2011) “Becoming the Lamp Bearer: The Emerging Role of the Chief Risk Officer” by Anette Mikes, Assistant Professor, Harvard Business School (2009) “Enterprise Risk management – From Incentives to Controls” by James Lam, John Wiley & Sons (2003)
Source: “The Role of Internal Auditing in Enterprise-wide Risk Management” Institute of Internal Auditors (2004) “Internal Auditing’s Role in Risk Management” Institute of Internal Auditors (2011)
Core internal audit roles Roles with safeguards Audit should not undertake
* = Implementation guide to CAN/CSA-ISO 31000, Risk management — Principles and guidelines (2011)
“Risk is the effect of uncertainty on objectives” ISO 31000
* = Per ISO 31000
Note: Underlines for emphasis by John Fraser
Strategic Planning How are w e going to achieve our
aim s?? Business Objectives Key Performance Indicators Risk Criteria (inc. Tolerances) W hat is our attitude tow ard failure for each Key Perform ance I ndicator?? How w ill w e m easure success for each Business Objective? W hat 6 -1 0
do w e w ant to factor in to decision-m aking?
Risk Tolerances Business Objectives Event Impact Description 5 Worst Case 4 Severe 3 Major 2 Moderate 1 Minor
Financial Net Income shortfall (after tax, in one year) $>150M shortfall $75-150M shortfall $25-75M shortfall $5-25M shortfall <$5M shortfall Reputation Negative Media Attention; Opinion leader and Public Criticism National media attention; opinion leaders/customers nearly unanimous in public criticism Provincial media attention; most
leaders/customers publicly critical Significant local attention; Several opinion leaders/ customers publicly critical Credible letter(s) to Ministry of Energy, to Premier, to Chair
Minister of Environment, that require action Letter(s) to Senior Management Customer /Reliability Outages on the Hydro One system One of: >100,000 Customers Distribution or >1000MW Tx for more than 7 days One of: 40k-100k Customers Dx or 400-1000MW Tx for 4-7 days One of: 10k-40k Customers Dx or 100-400MW Tx for 2-4 days One of: 1k-10k Customers Dx or 10-100MW Tx for 4-24 Hrs One of: <1000 Customers Dx or <10MW Tx for <4 Hrs
Tolerable Intolerable
Tolerable Intolerable
Diana Del Bel Belluz
Note: Risk w orkshops w ill not w ork w ell in a dysfunctional organization
Hum an Resources ( R= 2 .6 / C= 2 .1 ) Retaining Expertise R= 2 .6 / R= 2 .0 ) Training ( R= 2 .5 / C= 2 .8 ) Labour Agreem ents R= 2 .4 / C= 2 .0 ) Com m ercial Culture ( R= 3 .4 / C= 2 .1 ) Volatile W ork Schedule ( R= 2 .5 / C= 2 .1 ) Budget ( R= 2 .8 / C= 2 .6 ) Skills ( R= 2 .5 / C= 2 .6 ) Dem ographics ( R= 3 .5 / C= 2 .3 ) Com petition ( R= 2 .7 / C= 2 .5 )
Risk Source March 2001
Risk Trend
Cost Reduction Very High Very High Regulatory Uncertainty High Very High Initial Public Offering High High Customer Relationships High Medium Human Resources Medium Medium Safety High Medium
Note: Each risk category is explained with a half page analysis outlining the sources of the risk and the mitigants in place or planned.
Topic Risk description Likelihood I m pact A Compensation Dissatisfaction leads to higher turnover Possible Moderate B Recognition If unrecognized leads to errors and less focus Unlikely Minor C Downsizing More overtime so staff leave for better work/ life balance Likely Moderate D Demographics Changing demographics leads to more turnover Alm ost Certain Moderate
Source: COSO 2004 Application Techniques – Page 47
I ntolerable Risks Highest “Risk Mitigation” Value for m oney
1 2 3 4 5
safety customer environment revenue growth shareholder return corporate image employee relationship technical innovation
"Target" Attitude
1 2 3 4 5
safety customer environment revenue growth shareholder return corporate image employee relationship technical innovation
"Target" Attitude Business development dept Operations dept Accounting dept
event/ condition, and secure/ deploy resources (plans,
with or mitigate the business impact (people, knowledge, liquidity, equipment, etc)