Introductory Presentation

+6

No comments posted yet

Comments

Slide 1

Welcome to the Risk and Insurance Management Society professional development course How to Conduct High Quality Risk Assessment. This is the Introductory Presentation, The Challenge of Developing Good Risk Information.

Slide 2

The topics covered in this Introductory Presentation are: Crisis in Risk Identification and Assessment Processes Failure of Risk Methods – or of their Enforcement? Conventional Disciplines vs New Challenge Financial Models – Isolated from Context! Traits of Low-Quality Risk Information Risk Methods Needing Attention Goal of the Process: Good Risk Information The objective is to review the importance of high quality risk information, its traits, and conditions necessary to obtain it. This presentation gives the rationale that underlies the rest of the course.

Slide 3

These points are drawn from five separate studies covering US and global organizations, both public and private, including financial institutions and insurance firms. You will find the citations for these studies in the Resources file. They indicate a crisis in risk identification and assessment processes. The striking thing to notice here is not only the sheer difficulty risk professionals are having in producing good risk information, but also the central importance of such information to the success of the enterprise risk management effort.

Slide 4

Here are two quotes reflecting two distinct views regarding the responsibility of risk management and the economic crisis. Assuming risk methods of some description were in place: If they were ignored, then we conclude that any system of controls can be subverted, especially if it is politically overwhelmed by an institutionalized practice of profit-making that is legally and culturally sanctioned. If they not ignored, but were ineffective, then we conclude that we must come to terms with deficiencies in risk assessment methods.

Slide 5

Conventionally, risk ID and assessment are the purview of established financial management practices, such as corporate audit, with a focus on financial controls; investment services and capital management; and commercial insurance. Also, specialized disciplines employ risk modelling within the fields of, for example, engineering, environmental, health and safety. One of the studies cited showed that even among Chief Financial Officers, 72% of respondents, despite their obvious pre-occupation with capital formation and solvency, named risk management as their #1 concern. One ERM consultant discussing these findings said that risk management goes well beyond what he called “the insular confines of the financial suite” and reaches into all parts of the corporate fabric. It seems clear, then, that the demands of enterprise risk management are just not being met; that is, to cover the full spectrum of strategic and operational risk, in all content areas, using both quantitative and qualitative information. Next, let’s take a look at some of the commentary on financial models.

Slide 6

In these three quotes by risk management commentators, we can see that financial models can be accurate and useful, but only within the limitations of their own scope and assumptions. Relying on them exclusively leads to disaster, especially while ignoring, for example, related business processes, operational rules and wider systemic changes, much of which is, arguably, accessible to the right risk identification processes. Let’s examine next some of the tell-tale signs of poor risk information.

Slide 7

Poor quality risk information can be characterized, for example, by being: narrow and insular, focusing on specific measures in the absence of a wider discussion and leaving important viewpoints unrepresented and so subject to being blind-sided (as we saw in the case of certain financial models); vague, and briefly stated as general topics, or arbitrarily limited to a list of, say, the top 10; presented in a long, disorganized list, mixing up different hierarchical levels, program areas and time frames; a rehashing of familiar planning issues, with no new insights or incisive analysis; in sum - a body of risk information that does not inspire any confidence as forming a sound basis for important decisions.

Slide 8

Now that we have reviewed the need for improvement in the quality of risk information, the role of existing practice, and typical unacceptable results, we are in a position to review several points needing attention in the risk identification and assessment process. Let’s discuss each in turn.

Slide 9

Good risk information cannot be generated in the absence of good planning. Sometimes people will identify present conditions, like the economy, or predictable trends, such as demographic patterns, as risks whereas they are substantially known and should be planned for. An environmental scan can systematically gather relevant trends and conditions. Stakeholder consultations, opportunities and threats understood in a broad sense, and scenarios planning can all be important preparatory work to inform the organization’s plans, whether strategic or operational. Once draft plans are documented, then risk assessment can be conducted, primarily to identify and mitigate potential hindrances to achieving objectives and to help ensure successful implementation. Risks conceived within a comprehensive planning framework are bound to be relevant and focused. Risks belonging to what we might call r.m. specialty disciplines, that have their own categories of analysis and specialized mitigation, cannot be managed when mixed up in a single exercise. It is better to conduct separate sessions for, for example, business continuity and emergency planning; security review; IM/IT implementation; or environmental assessment, and coordinate all these in an overall risk management program.

Slide 10

An ad hoc discussion of risk on a given topic quickly becomes unmanageable, because the scope and assumptions keep shifting. Participants often are not clear on program boundaries, goals and objectives, and there is a tendency to focus solely on alarmist issues. By contrast, a structured agenda clarifies the subject matter, including goals, and helps to ensure a comprehensive risk ID. Values that guide behaviour, governance and business interactions are often not articulated, and left out of the discussion of risk, and then later discovered to be important sources of risk. Values must be used as explicit risk criteria. Similarly, stakeholders, such as business partners, clients, authorities and program beneficiaries, can be crucial to program success. However, risk managers are sometimes working with an incomplete analysis of them, or plan to engage them in the risk management process, where appropriate. The section on establishing the context will cover these points later in the course.

Slide 11

The details of the risk identification process can make or break the quality of results. Those collecting risk information through surveys or interviews should be aware that respondents can have vastly different and unspoken ideas of what the frame of reference is, even of what a risk is. Quality control is needed to clarify the context and definitions. A round table session has distinct advantages, except that such a group should not mix hierarchical levels, or be too small and insular. Do not state risks simply as possible future conditions, without stating the direct effect upon program plans; and do not mix up too many issues in one statement. Nor is it good practice to rely solely on ready-made, industry-specific lists of risk statements (in other words, pre-populated risk registers). On the other hand, walking through lists of risk categories to inspire risk identification is a good way to be comprehensive. Further details on effectively eliciting and formulating risks will be discussed in the course.

Slide 12

To summarize, our goal is to produce good risk information, which has the following traits: risks are precisely formulated in relation to well-researched planning goals, objectives and organizational values; and are identified and ranked, by consensus, in a facilitated session; the exercise is based on a defined context; and is comprehensive by virtue of the mix of participants, and a structured agenda; The benefits of such a process are that: the assessment conveys insight and incisive analysis into critical business issues; it has credibility, by virtue of being documented and transparent; the results, are defensible as the basis of significant program and budget decisions; mitigation plans form a common blueprint for action.

Slide 13

This concludes the introductory presentation. You have reviewed: the crisis experienced by many organizations in the risk ID and assessment process; including the typical characteristics of poor quality risk information; the importance of situating risk management in corporate planning; the importance of establishing context and details of the risk ID process; the characteristics and benefits of good risk information. You can now proceed to Learning Module 1.

Slide 1

HOW TO CONDUCT HIGH QUALITY RISK ASSESSMENT INTRODUCTORY PRESENTATION THE CHALLENGE OF DEVELOPING GOOD RISK INFORMATION

Slide 2

TOPICS 1.1 Crisis in Risk ID and Assessment Processes 1.2 Failure of Risk Methods – or of their Enforcement? 1.3 Conventional Disciplines vs New Challenge 1.4 Financial Models – Isolated from Context! 1.5 Traits of Low-Quality Risk Information 1.6 Risk Methods Needing Attention 1.7 Goal of the Process: Good Risk Information OBJECTIVE: Review the importance of high quality risk information, its traits, and conditions necessary to obtain it. Forms rationale for the course.

Slide 3

1.1 Crisis in Risk ID and Assessment Processes Five studies; similar findings 2008-2009: Less than half of the 70% of respondents having a risk identification process “are even fairly confident that it is working effectively” 72% perceived need to invest in more effective risk identification and measurement procedures. Less than 43% feel their Chief Audit Executive is “very effective” at conducting risk assessments. #1 current priority in RM business activities: “Risk identification, quantification and analysis” 44% named “timeliness and quality of information” as key challenge in adopting ERM strategy.

Slide 4

1.2 Failure of Risk Methods, or of Enforcement? “The crisis represents a ‘huge failure of enterprise risk management’” ~Frank Coyne, Chairman of ISO; quoted by A. O’Donnell, Insurance & Technology Blog, Nov12, 2008 “crisis is... a failure to implement enterprise risk management processes at all” ~Society of Actuaries Assuming risk methods of some description were in place: If RM was ignored, then any system of controls can be subverted... If RM was not ignored, but ineffective, then we must come to terms with deficiencies in risk assessment methods.

Slide 5

1.3 Conventional Disciplines vs New Challenge Conventional risk identification: corporate audit (financial controls); investment and capital management; insurance; specialized disciplines (eng/env/h & s) 72% of CFOs polled: ...ranked risk management practices their most important concern. RM goes “well beyond the insular confines of the financial suite, and it reaches into all parts of the corporate fabric ” ~P Finegan, T-P ERM demands: full spectrum of strategic/operational risk; all content areas; quantitative & qualitative.

Slide 6

1.4 Financial Models – Isolated from Context! “All the amazing Models created by Mathematicians and Software Engineers did not fail because they were inaccurate, they failed because the Risk Managers did not have the common sense or drive to address the growing and problematic OTC portfolios they were hired to manage.” Allyson Heumann Sep 2008 “CEOs discovered too late that they had traded their old-fashioned blind spots for a new kind of blindness: one induced by the comfort of new technology and elaborate quantitative models […] With such disasters [Société Générale’s US$7B rogue trading loss] as a backdrop, many risk management experts say it’s time for companies to revisit the fundamentals.” Bennett Voyles, April 2008 “[With] too much dependence on the math, you lose sight of the dynamics... that the world really moves, and that it’s a complex system.” Peter Bernstein, Jan 2008, interviewed by McKinsey

Slide 7

1.5 Traits of Low-Quality Risk Information narrow, insular (even if accurate); -> incomplete, subject to being blindsided; vague, general or obvious; briefly stated as keyword topics; arbitrarily limited list (e.g., top 10); “all over the map”; unmanageable; rehashing of familiar planning issues; lacking fresh insight or incisive analysis; unsound as basis for decisions.

Slide 8

1.6 Risk Methods Needing Attention So far... need for improvement... existing practice... typical results... Points needing attention to improve the quality of risk information: a. Relationship between RM and planning; b. Coordination of specialty RM disciplines; c. Grounded, not ad hoc, risk analysis; d. Articulating corporate values; e. Engagement with stakeholders; f. Attention to risk ID methodology.

Slide 9

SWOT/ Gap/ Scenarios Stakeholder Analysis 1.6 Risk Methods Needing Attention a. Relationship between risk management and planning b. Coordination of risk management specialty disciplines Strategic Plans Risk Assessment Operational Plans Environmental Scan Strategic Identity MISSION | VISION | VALUES

Slide 10

1.6 Risk Methods Needing Attention c. Grounded, not ad hoc, risk analysis Ad hoc risk ID unmanageable... gravitates towards ‘alarmist’ risk. Structured agenda clarifies subject matter... comprehensive risk ID. d. Articulating corporate values Important sources of risk, often ignored; Use them as risk criteria. e. Engagement with stakeholders Need to identify and understand stakeholders; even, possibly, engage them in the risk process.

Slide 11

1.6 Risk Methods Needing Attention f. Attention to risk ID methodology Interviews, surveys methodological difficulties; quality control to ensure validity; round-table has advantages, but do not mix levels. Risk statement formulation should be related to program goals; avoid multiple issues in one statement and pre-populated risk registers; use risk categories.

Slide 12

1.7 Goal: Good Risk Information Traits of good risk information: precisely formulated in relation to goals/values; identified and ranked in a facilitated process; based on a defined and agreed context; comprehensive (mixed group; structured agenda). Benefits: conveys new insight and incisive analysis; credibility (documented; transparent); defensible as the basis of decisions; common blueprint for action.

Slide 13

This concludes the introductory presentation. You have reviewed: the crisis in the risk ID and assessment process; traits of low-quality risk information; the importance of situating RM in planning; the importance of establishing context/details of process; the characteristics and benefits of good risk information. You can proceed to Learning Module 1. ~ END ~

Summary: Introduction - How to Conduct High Quality Risk Assessment

More by this User
Most Viewed
Previous Page Next Page
This user hasn't uploaded any other presenations yet.
Previous Page Next Page