• No se han encontrado resultados

W: WATERSHIP DOWN Y: YOGY BEAR

X: WEBSITES DE INTERES

II.3.2. B.1 PRIMER TRIMESTRE

As adults, our approach to dealing with future events tends to draw strongly on our past. For children, however, the future is a new, exciting and shiny world with fresh experiences around every corner. Therefore, children commonly tend to be more open to new ideas and concepts than adults. So is this a good thing, and what relevance does it hold for the management of business risk?

It is true that many musical artistes produce their best work in their early years – at a time when they can both look back to experiences but also forward to an unknown but exciting future. Equally, technological innovation tends to be driven by the young in a way where experience and education can be married to openness about what possibilities the future might allow.

In business, it is too easy to look solely to previous results to predict what might happen in coming years. This approach to management is becoming increasingly discredited. Imagine someone who, for their entire life, had only seen white swans:

it would be natural for that person to predict that the world might only contain white swans. Yet one day a black swan might cross their path, completely counter to all their experience. So called „black swan syndrome‟ is becoming an increasingly important issue in this, the information age. Whether it be the risks and possibilities posed by social networking technology, a warming planet or global terrorism, such changes are introducing quantum shifts in the world in which we live.

Today‟s successful business managers therefore have to be as open to the risks and possibilities of the future as they are to the experiences of the past. British Petroleum‟s clever rebranding as „beyond petroleum‟ and Apple Computing‟s product extension into mobile entertainment and communication devices are but two cases that illustrate this trend.

Change is therefore never predictable and the past is not always a good guide to the future. Two further examples illustrate this apparent lack of predictability, possibly even more dramatically.

• xxxiv FOREWORD

In New Zealand, the colonists tried to create a brave new world of opportunity in the image of the one they had left behind in Europe. Rabbits shipped in as a source of food ran rampant in the absence of natural predators and diseases. Stoats, brought in to deal with the rabbits, instead turned their attention to local ground-nesting birds, helping to drive several species to extinction. Today, most of New Zealand‟s native species are gone.

In eastern Germany, the incidence of childhood asthma, once lower than that in the west, is now at the same level as that of western Germany. The reason? Following German unification, cleaning materials hitherto unavailable in the east became available, but this improved sterilization had the effect of making children more susceptible to developing asthma because their immune systems were not fighting infection to the extent they had before.

Such unintended consequences of actions provide invaluable case studies of how adverse effects can flow from actions taken to mitigate completely different risks, as in the two examples above: the risk of hunger (in the case of New Zealand) and infection (in East Germany).

A risk-free world is impossible to achieve, neither is it desirable. Safety is found partly in experience, but also in learning to live with and exploit the risks around us.

The greatest risk for any individual or business is to seek a completely safe and benign world and so miss the very opportunities that should be staring us in the face.

There are no simple rules to getting this right, but businesses can aid their survival and growth by:

• placing a high premium on sustainability, with as much attention given to the side effects of internally or externally driven change as to intentions;

• building resilience and safety nets, through governance, insurance and strong human-resources and stakeholder-engagement strategies;

• cultivating people networks and hence a broader understanding of both the nature and scope of likely changes in social, political, geographical and technological factors, using our own „risk radar‟ to determine who, as well as what, to believe;

• understanding, but not being diverted by, media bias that might induce us to focus on any one element of risk to the exclusion of all others;

• conducting scenario analysis within our approach to strategic planning, thus developing organizational flexibility;

• using one of the many commonly available risk management standards, such as that available to download for free from www.theirm.org.

Management of risk and reward is an integral part of good corporate strategy. It needs skills and experience to execute well, and education and training to facilitate this is available from a range of organizations across the world.

Indeed, in a worldwide survey of 400 senior executives carried out late in 2006 by a major global consultancy, „managing risk‟ ranked first out of 10 current business issues for those surveyed. The message therefore is loud and clear; effective risk

FoREWORD xxxv •

management is fundamental for business performance. This book provides a range of insights into this immensely broad, fascinating and vital subject.

Steve Fowler Chief Executive The Institute of Risk Management

covered

Mortgage payment protection Loan protection

Credit card protection Income protection

Warranty and service contracts Personal accident

Credit card price protection Credit card purchase protection

We understand what is really important to people. Which is why we specialise in innovative, flexible insurance products that protect your customers’

most valuable assets – their home, possessions, income and health.

Focused on being the leading insurer of niche protection solutions we design, develop, manufacture, underwrite and market flexible insurance products tailored to your customers’ needs.

Assurant is a Fortune 500 company working with some of the leading banks, building societies, mortgage and insurance brokers as well as retailers.

We are committed to delivering innovative products and services that work for your business.

Talk to us today to see if you can benefit from a partnership with Assurant Solutions

0870 152 6000

[email protected]

UK member companies: Assurant Group Limited (registered in England no. 3264846); Assurant General Insurance Limited (registered in England no. 2341082) and Assurant Life Limited (registered in England no. 3264844), authorised and regulated by the Financial Services Authority. The registered office of all UK member companies is 117-119 Whitby Road, Slough, SL1 3DR

Enterprise Risk Management Framework

I think of risks as being threats to achieving your overall objectives, whatever they may be. For example a pedestrian faces the threat of being knocked down by a car when he crosses a road. He may well cross the road safely without checking the traffic, but he has a far greater likelihood of success if he first looks left and right to check whether cars are coming. Similarly, if a business ploughs ahead trying to achieve its objectives without considering possible disruptions, it may well succeed. However, over time, it will be more likely to succeed if management understands what could go wrong and what steps can be taken to minimise the probability of this occurring.

An enterprise risk management framework (ERM) is a process that enables the management of a business to understand all the risks it faces, quantify them, assess the adequacy of controls and report on the current risk profile of the business. The premise is that a greater understanding of the risks facing a business significantly increases the probability of meeting their overall objectives. The knowledge also enables the

management team to better decide which avenues of business it should explore as it will have a much better understanding of the risk/reward profile.

A key measure of a successful business is whether the ERM framework being used on a day to day basis is actually helping the business meet its overall objectives and whether there are measurement tools in place to evaluate the ERM framework's effectiveness.

In many ways the key principles of an ERM framework are being utilised by many businesses and managers almost without thinking. The difference that a framework adds is that it ensures that all key managers are thinking of risks in a similar way and that the business itself has a higher chance of concentrating on the key issues that may prevent it from achieving its objectives. The benefits to the business therefore improve as the business gets larger.

Simple ERM Framework

As I have mentioned before, the success of any framework depends on how it is utilised by the management team. Therefore, it is essential that the framework is tailored to the size of the business. For example the scale and complexity of a framework used by a large multinational financial institution will be different from that used by a small start-up business with fewer than 10 employees. Any risk framework should provide value to the business by enhancing the likelihood of the business meeting its objectives. A framework

advertisement feature

that is so complex and time consuming to operate actually becomes a risk to the business itself.

However regardless of the size of the business an ERM framework should involve some basic principles and cover key information such as the key risks facing a business and who owns them.

I would summarise these key principles as follows:

1. It is essential that a risk management framework cover all the risks facing the business as opposed to concentrating on a selection of risk types. It is best to do this in a structured way and consider all the threats to success both internal and external. Be mindful of the size of the organisation and try and group risks into natural risk types that fit the business.

2. Owners should be identified for each risk facing the business. It may be that only one or two individuals own the risks given the size of the business. But in practice I would expect the risks to be shared out amongst the managing director‟s senior leadership team. My suggestion is to allocate ownership of a risk to the individual who is managing it on a day-to-day basis rather than simply lump everything with the managing director.

3. Assess the impact of each risk crystallising on the business. This can be done in a number of ways, assessing either the financial cost or damage to your reputation.

The key is that the impact is linked to overall targets and objectives of the business and that each risk is judged in a consistent manner. This assessment should ensure that the business has a clear idea of its top risks that may impact the business.

4. Consider the likelihood of the risks occurring. How often you do this depends on the size and complexity of the business. The key is that you decide how often completing the exercise would add value to the business (e.g. annually, quarterly or monthly) rather than arbitrarily deciding on a timeframe. For example a medium sized business in a relatively stable market may decide that quarterly is sufficient for its needs whereas a large multinational may decide monthly updates are required. Management are best placed to decide.

5. Identify potential improvements to control the framework. As part of the consideration of each risk and the likelihood of it crystallising time should also be spent considering what additional actions should be taken to reduce the possibility further. This could take the form of introducing additional controls or

advertisement feature

strengthening the existing control framework.

6. Report the outputs of the findings to the appropriate management committee.

Obviously this will depend on the structure of the business and it may well drive the timing of the updates. The reporting should also consider what the committee needs to know (e.g. that it is happy with a simple top 10 of key risks, does it wish to know what actions are being taken to reduce the likelihood of the risk

crystallising and if these are on track, are they looking for a more comprehensive picture). Again, the overall management within the business will be able to give a strong steer on this.

Integrating into the Business

For the benefits of an ERM framework to be realised, the framework needs to be integrated into the day to day workings of the business. Otherwise there is a danger that the roll out of any framework will only provide some initial value to the business during the initial roll out but then sit in the cupboards of management gathering dust and not being used.

A useful way to start the embedding process is to link the outputs into the overall governance framework of the business. This helps ensure that the overall reporting from the risk framework is tailored to the appropriate levels within the organisation and helps to embed the framework into the business (therefore significantly increasing the probability that it is used by the management as opposed to being a one off exercise that has some value which then fades away over time).

One way is to ensure that the latest risk hotspots are a standing agenda item at key management meetings. Another way would be to highlight the key risk mitigation actions being taken by the business to the relevant Board or Audit Committee meeting and providing comfort as to whether they are on track. Ensuring the framework fits the size of the business is key here as, for the output to be useful, it needs to be up to date and relevant and therefore the business needs to be able to support the production of the required data.

Finally it is essential to check that the data is being used by the business and is in an appropriate form. I would suggest treating the individual management team as customers in this regard. Their suggestions on frequency and format, what they find useful and superfluous are very helpful. Put simply they are more likely to use the framework to help them achieve their overall business goals if its output is in a straightforward format

advertisement feature

that they find easy to use. Remember the purpose of an ERM framework should be to add value to the business and help the business achieve its objectives. The presentation of the results is important to helping achieve this.

The other major driver to help ensure the framework is embedded within the

organisation is to ensure the credibility of the data within the framework. Consideration at the start as to what is the appropriate level of detail required is important but all data should be independently reviewed to ensure that it is sensible and credible. There is a danger that if this is not done then the outputs of the framework will be skewed in one direction or another and when presenting to a formal management team the key messages will be lost. Key to this is to assess the risks and their likelihood of occurring consistently and ensure that everyone fully understands the impact of the risk

crystallising.

The benefits of ensuring the framework fits the size of the business are key here as there is a danger that the risk manager, or whoever is responsible for rolling out the framework, will simply become drowned in the amount of data provided. The result being that instead of analysing the output, identifying emerging risks and making suggestions on how to resolve these risks, the risk manager simply regurgitates existing information in a slightly different way to the management team thereby severely diluting the value of the framework.

A potential way to resolve this is to ensure the risk manager has regular meetings with the key owners of the group, either in a workshop form or a standing meeting, to discuss what they see as the key risks and compare these to the results of the overall framework.

Summary

The benefits of an enterprise risk framework are that it should significantly increase the probability of a business achieving its objectives. To do this the framework needs to fit the size of the business, link into the overall governance of the business and present the output in such a way that they easily add value to the business.

If this is done successfully and regularly across the business then the threats to objectives may be identified far earlier than would otherwise be the case therefore helping the business go on the front foot rather than react to events.

advertisement feature