REPORTING KEY RISK INFORMATION TO THE BOARD OF DIRECTORS What is Enterprise promote superintendence? 2016 Mark S. Beasley Deloitte Professor of ERM and Director of the ERM Initiative North Carolina Set-forth University 1 2801 Founders Drive Raleigh, NC 27695 919.513.0901 | WHAT IS ENTERPRISE RISK MANAGEMENT? Mark S. Beasley Deloitte Professor of ERM and Director of the ERM Initiative All creates own to train promotes in classify to alight in concern. In ariserence, most would say that managing promotes is honorable a usual segregate of floating a concern. So, if promote superintendence is already arisering in these creates, what’s the object of “operation promote superintendence” (too unconcealed as “ERM”)? Let’s Start by Looking at Oral Promote Management Business chiefs train promotes and they own done so for decades. Thus, fawns for operation promote superintendence aren’t suggesting that creates ownn’t been managing promotes. Instead, proponents of ERM are suggesting that there may be benefits from apprehending unequally encircling how the operation manages promotes assumeing the concern. Traditionally, creates train promotes by placing responsibilities on concern ace chiefs to train promotes amid their areas of advantage. For copy, the Chief Technology Officer (CTO) is legitimate for managing promotes attached to the create’s cognizance technology (IT) operations, the Treasurer is legitimate for managing promotes attached to financing and capital course, the Chief Operating Officer is legitimate for managing emanation and disposal, and the Chief Marketing Officer is legitimate for sales and customer analogys, and so on. Each of these administrative chiefs is charged delay managing promotes attached to their key areas of advantage. This oral mode to promote superintendence is repeatedly referred to as silo or stove-pipe promote superintendence whereby each silo chief is legitimate for managing or elevating promotes amid their silo as shown in Symbol 1 adown. Figure 1 1 WHAT IS ENTERPRISE RISK MANAGEMENT? Limitations delay Oral Approaches to Promote Management While assigning administrative experts advantage for managing promotes attached to their concern ace makes cheerful soundness, this oral mode to promote superintendence has limitations, which may mean there are expressive promotes on the horizon that may go undetected by superintendence and that sway assume the create. Let’s ponder a few those limitations. Limitation #1: There may be promotes that “fall among the siloes” that none of the silo chiefs can see. Risks don’t supervene superintendence’s createal chart and, as a consequence, they can appear anywhere in the concern. As a consequence, a promote may be on the horizon that does not engage the circumspection of any of the silo chiefs causing that promote to go unperceived until it triggers a catastrophic promote ariserence. For copy, none of the silo chiefs may be paying circumspection to demographic shifts arisering in the marketplace whereby population shifts towards bulky civic areas is happening at a faster stride than anticipated. Unfortunately, this omission may drastically contact the oration of a dispose-of create that continues to observe for true condition locations in rustic confines or balance sylvan areas enclosing smaller cities. Limitation #2: Some promotes assume multiple siloes in incongruous ways. So, occasion a silo chief sway recognize a immanent promote, he or she sway not trueize the light of that promote to other aspects of the concern. A promote that seems relatively wholesome for one concern ace, sway in-termination own a expressive cumulative accountination on the create if it were to arise and contact divers concern functions concomitantly. For copy, the gathering of obedience may be assured of new proposed regulations that complete use to concernes munificent in Brazil. Unfortunately, the gathering of obedience discounts these immanent regulatory qualifys loving the ariserence that the fraternity popularly simply does concern in North America and Europe. What the gathering of obedience doesn’t apprehend is that a key element of the strategic artfulness involves entering into junction speculation segregatenerships delay entities doing concern in Brazil and Argentina, and the gathering of strategic artfulnessning is not assured of these proposed regulations. Limitation #3: Third, in a oral mode to promote superintendence, indivisible silo possessors may not apprehend how an indivisible counter-argument to a segregateicular promote sway contact other aspects of a concern. In that seat, a silo possessor sway rationally perceive a firmness to tally in a segregateicular carriage to a certain promote assumeing his or her silo, but in doing so that counter-argument may trigger a expressive promote in another segregate of the concern. For copy, in counter-argument to growing concerns encircling cyber promotes, the IT office may fortify IT certainty protocols but in doing so, employees and customers perceive the new protocols confusing and frustrating, which may carry to haughty-priced “work-arounds” or equal the privation of business. Limitation #4: So repeatedly the convergence of oral promote superintendence has an interior lens to establishing and tallying to promotes. That is, superintendence convergencees on promotes attached to interior operations inside the walls of the create delay minimal convergence on promotes that sway appear outside from outside the concern. For copy, an entity may not be instructoring a rival’s qualify to clear a new technology that has the immanent to expressively split how emanations are used by consumers. Limitation #5: Despite the ariserence that most concern chiefs apprehend the indispensable junction of “promote and repay”, most concernes are struggling to attach their efforts in promote superintendence to strategic artfulnessning. For copy, the clearment and action of the entity’s strategic artfulness may not give copious compensation to promotes owing the chiefs of oral promote superintendence offices amid the create own not been uneasy in the system. 2 WHAT IS ENTERPRISE RISK MANAGEMENT? The consequence? There can be a expanded adorn of promotes on the horizon that superintendence’s oral mode to promote superintendence loses to see, as picturesque by Symbol 2. Unfortunately, some creates lose to recognize these limitations in their mode to promote superintendence anteriorly it is too tardy. Figure 2 Embracing Operation Promote Superintendence (ERM) Over the ultimate decade or so, a enumerate of concern chiefs own customary these immanent promote superintendence shortcomings and own begun to hug the concept of operation promote superintendence as a way to fortify their create’s promote omission. They own trueized that cessation until the promote occurrence arises is too tardy for accountinationively orationing expressive promotes and they own proactively hugd ERM as a concern system to augment how they train promotes to the operation. The concrete of operation promote superintendence is to clear a holistic, portfolio light of the most expressive promotes to the good-fortune of the entity’s most expressive concretes. The “e” in ERM signals that ERM traces to create a top-down, operation light of all the expressive promotes that sway contact the business. In other vote, ERM attempts to create a basket of all types of promotes that sway own an contact – twain unconditionally and negatively – on the viability of the concern. Leadership of ERM Given the design of ERM is to create this top-down, operation light of promotes to the entity, advantage for elucidation the tenor and chiefship for ERM resides delay supporter superintendence and the ponderation of directors. They are the ones who own the operation light of the create and they are lighted as entity however legitimate for apprehending, managing, and instructoring the most expressive promotes expressive the operation. Top superintendence is legitimate for subtle and implementing the operation promote superintendence system for the create. They are the ones to detail what system should be in assign and how it should office, and they are the ones underneathtakinged delay custody the system free and alert. The compensation of director’s role is to yield promote omission by (1) apprehending and approving superintendence’s 3 WHAT IS ENTERPRISE RISK MANAGEMENT? ERM system and (2) balanceseeing the promotes authorized by the ERM system to fix superintendence’s promotepreliminary actions are amid the stakeholders’ appetency for promote preliminary. (Check out our conceit monograph, Strengthening Operation Promote Superintendence for Strategic Advantage, upshotd in segregatenership delay COSO, that convergencees on areas where the ponderation of directors and superintendence can effort contemporaneously to improve the ponderation’s promote omission responsibilities and however augment the entity’s strategic rate.1 Elements of an ERM Process Because promotes continually appear and evolve, it is expressive to apprehend that ERM is an ongoing process. Unfortunately, some light ERM as a device that has a inception and an end. Occasion the initial expatiate of an ERM system sway demand aspects of device superintendence, the benefits of ERM are simply realized when superintendence apprehends of ERM as a system that must be free and alert, delay ongoing updates and improvements. The diagram in Symbol 3 illustrates the nucleus elements of an ERM system. Anteriorly observeing at the details, it is expressive to convergence on the oval cast to the symbol and the arrows that attach the indivisible components that involve ERM. The round, clockwise course of the diagram reinforces the ongoing nature of ERM. Once superintendence starts ERM, they are on a true voyage to constantly establish, assess, tally to, and instructor promotes attached to the create’s nucleus concern type. Figure 3 Positioning ERM for Strategic Value Because ERM traces to yield cognizance encircling promotes assumeing the create’s good-fortune of its nucleus concretes, the starting object of an ERM system starts delay gaining an apprehending of what currently drives rate for the concern and what’s in the strategic artfulness that represents new rate drivers for the concern. To fix that the ERM system is beneficial superintendence sustain an eye on interior or manifest ariserences that sway trigger promote opportunities or threats to the concern, a 1 Visit our website – – to downcarry this and the other conceit monographs haughtylighted in this document. 4 WHAT IS ENTERPRISE RISK MANAGEMENT? strategically integrated ERM system starts delay a oleaginous apprehending of what’s most expressive for the concern’ short-account and long-account prosperity. Let’s ponder a public-traded fraternity. A chief concrete for most publically traded companies is to grow shareholder rate. In that matter, ERM should start by pondering what popularly drives shareholder rate for the concern (e.g., what are the entity’s key emanations, what gives the entity a competitive advantage, what are the matchless operations that remit the entity to save emanations and services, etc.). These sway be conceit of as the entity’s popular “complete jewels”. In adduction to thinking encircling the entity’s complete jewels, ERM too starts delay an apprehending of the create’s plans for growing rate through new strategic starts outlined in the strategic artfulness (e.g., record into new geographic markets, expatiate of a new emanation, or the merit of a rival, etc.). You sway perceive our conceit monograph, Integration of ERM delay Strategy, beneficial loving it contains three subject consider illustrations of how creates own prosperityfully integrated their ERM efforts delay their rate creating starts. With this oleaginous apprehending of the popular and coming drivers of rate for the operation, superintendence is now in a position to qualify through the ERM system by instant having superintendence convergence on identifying promotes that sway contact the continued prosperity of each of the key rate drivers. How sway risks appear that contact a “complete jewel” or how sway promotes appear that impede the prosperityful expatiate of a new strategic start? Using this strategic lens as the establishment for establishing promotes helps sustain superintendence’s ERM convergence on promotes that are most expressive to the short-account and longaccount viability of the operation. With cognizance of the most expressive promote on the horizon for the entity, superintendence then traces to evaluate whether the popular carriage in which the entity is managing those promotes is tit and effective. In some subjects, superintendence may detail that they and the ponderation are completeing to recognize a promote occasion for other promotes they trace to tally in ways to subjugate or shirk the immanent promote peril. The Convergence is on All Types of Risks Sometimes this pith on establishing promotes to the strategies causes some to defectively conclude that ERM is simply convergenceed on “strategic promotes” and not uneasy delay operational, obedience, or reporting promotes. That’s not the subject. Rather, when deploying a strategic lens as the object of convergence to establish promotes, the design is to apprehend encircling any skin of promote – strategic, operational, obedience, noiseing, or whatever skin of promote – that sway contact the strategic prosperity of the operation. As a consequence, when ERM is convergenceed on establishing, assessing, managing, and instructoring promotes to the viability of the enterprise, the ERM system is positioned to be an expressive strategic utensil where promote superintendence and oration chiefship are integrated. It too helps requalify superintendence’s “silo-blinders” from the promote superintendence system by promising superintendence to indivisiblely and together apprehend of any and all types of promotes that sway contact the entity’s strategic prosperity. Output of an ERM Process The design of an ERM system is to breed an apprehending of the top promotes that superintendence together believes are the popular most precarious promotes to the strategic prosperity of the operation. Most organizations prioritize what superintendence believes to be the top 10 (or so) promotes to the operation (see our conceit monograph, Scrutinize of Promote Assessment Practices, that haughtylights a enumerate of incongruous approaches creates engage to prioritize their most expressive promotes on the horizon. Generally, the 5 WHAT IS ENTERPRISE RISK MANAGEMENT? presentation of the top 10 promotes to the ponderation convergencees on key promote subjects, delay balance granular details monitored by superintendence. For copy, a key promote subject for a concern sway be the inclination and retention of key employees. That promote upshot may be discussed by the ponderation of directors at a haughty flatten, occasion superintendence convergencees on the matchless challenges of fawning and retaining parts in biased areas of the create (e.g., IT, sales, operations, etc.). Monitoring Top Risks delay Key Promote Indicators (KRIs) While the nucleus output of an ERM system is the prioritization of an entity’s most expressive promotes and how the entity is managing those promotes, an ERM system too emphasizes the signification of custody a close eye on those promotes through the use of key promote indicators (KRIs). Organizations are increasingly enhancing their superintendence dashcompensation systems through the inclusion of key promote indicators (KRIs) linked to each of the entity’s top promotes authorized through an ERM system. These KRI metrics help superintendence and the ponderation sustain an eye on promote trends balance opportunity. Check out our conceit monograph, Developing Key Promote Indicators to Fortify Operation Promote Management, upshotd in segregatenership delay COSO for techniques to clear accountinationive KRIs. Conclusion Given the despatch of qualify in the global concern environment, the dimensions and complexity of promotes expressive an operation are increasing at a swift stride. At the selfselfselfsame opportunity, expectations for balance potent promote omission by ponderations of directors and main supporters are growing. Contemporaneously these suggest that creates may insufficiency to engage a essential observe at whether the promote superintendence mode entity used is worthy of proactively versus reactively managing the promotes assumeing their balanceall strategic prosperity. Operation promote superintendence (ERM) is decorous a expandedly hugd concern paradigm for accomplishing balance accountinationive promote omission. Interested in Learning Balance Encircling ERM? As concern chiefs trueize the concretes of ERM and trace to augment their promote superintendence processes to complete these concretes, they repeatedly are traceing adductional cognizance encircling tactical approaches for accountinationively doing so in a cost-potent carriage. The ERM Start in the Poole College of Superintendence at North Carolina Set-forth University may be a beneficial means through the tenets, conceit monographs, and other meanss archived on its website or through its ERM Roundtable and Executive Education offerings. Each year, we scrutinize creates encircling the popular set-forth of their ERM connected exercises. Check out our most fresh noise, The Set-forth of Promote Omission Report: An Overlight of Operation Promote Superintendence Practices. Visit to glean balance. ____________________________________________________________________________________ Mark S. Beasley, CPA, Ph.D., is the Deloitte Professor of Operation Promote Superintendence and Director of the ERM Initiative at NC Set-forth University. He specializes in the consider of operation promote superintendence, oppidan governance, financial set-forthment injury, and the financial noiseing system. He completed balance sequal years of advantage as a compensation portion of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and has served on other national-flatten underneathtaking forces attached to promote superintendence upshots. He advises ponderations and main supporter teams on promote governance upshots, is a general debater at national and interpolitical flattens, and has published balance 90 tenets, scrutiny monographs, books, and other conceit-connected publications. He earned his Ph.D. at Michigan Set-forth University. 6 96 Copyright 2017. Kogan Page. All hues sly. May not be reproduced in any create delayout dispensation from the publisher, bar clear uses exempt underneathneath U.S. or ancilla copyright law. 08 Enterprise promote management Enterprise-expanded mode In the departed few years, there own been expressive clearments in the exercise of promote superintendence. Firstly, there has been the clearment of specialist branches of promote superintendence, including device, immateriality, finance, operational promote and clinical promote management. Secondly, creates own hugd the long-for to engage a broader mode to the exercise of promote superintendence. Various provisions own been used to define this broader mode, including holistic, integrated, strategic and operation-expanded promote superintendence. It is the account operation or operation-expanded promote superintendence (ERM) that is now the most expandedly used and generally recognizeed accountinology for this broader mode. The indispensable idea behind the ERM mode is to qualify disconnected from the exercise of promote superintendence as the disconnected superintendence of indivisible promotes. ERM engages a unifying, broader and balance integrated mode. The ERM mode means that an create observes at all the promotes that it faces athwart all of the operations that it underneathtakes. ERM is uneasy delay the superintendence of the promotes that can contact the concretes, key dependencies or nucleus systemes of the create. Also, ERM is uneasy delay the superintendence of opportunities, as courteous as the superintendence of manage and jeopard promotes. There has too been compensation of the ariserence that numerous promotes are interconnected and that oral promote superintendence loses to oration the analogy among promotes. With the ERM mode, the analogy among promotes is authorized by the ariserence that two or balance promotes can own an contact on the selfselfselfsame distillation or concrete. The ERM mode is established on observeing at the concrete, key dependency or nucleus system and evaluating all of the promotes that could contact the item entity evaluated. Organizations carry-on promote superintendence in a enumerate of incongruous ways. However, there are numerous sordid features to most of these modees. Table 8.1 gives an overlight of the features of operation promote superintendence as a comparis ...
