Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
RTI International is a trade name of Research Triangle Institutewww.rti.org
Beyond Implementation-
Enhanced Risk Management
Practices
www.rti.org
A little about RTI…
• Independent, nonprofit research and development dedicated to improving the human condition
• 3,800 professionals supporting projects in more than 40 countries
• Five major business units, five different markets
– International Development Group
– Social, Statistical & Environmental Sciences
– Health Solutions
– Engineering & Technology
– Discovery & Analytical Sciences
• Annual revenue of over $715M in 2009
www.rti.org
RTI’s Risk Management Challenges
• Our Challenge
The failure of traditional risk monitoring to detect and communicate
emerging risks.
Develop an enterprise-wide risk management framework that focuses on
leading key risk indicators and adverse event root causes.
Create a predictive and forward looking tool that allows for more active
identification and monitoring of RTI’s current and emerging risks.
Better alignment of RTI’s strategic direction with our risk tolerance.
More clearly define RTI’s risk universe and boundaries.
www.rti.org
RTI’s Enhanced Risk Management Practices
• RTI’s Solution Highlights
– Key Risk Indicator Dashboards
A forward looking risk dashboard was developed that captures both quantitative and
qualitative, predictive key risk indicators faced by RTI
– Risk Management Network
The entire network of organizational risk resources was mapped to the identified key
risk areas and formalized to provide more effective risk information sharing.
– Risk Area ReportsA series of executive level key risk summary reports was developed to provide the Risk
Management Committee, as well as supporting governing bodies, with a detailed view
of RTI’s key risk activities.
www.rti.org
RTI’s Key Risk Indicator Dashboards
• The Risk Dashboards provides early warning of emerging
inherent and residual risks and provides the ability to drill down
into the root causes of adverse events
• RTI builds the Risk Dashboards based upon RTI’s Key Risk
Indicators (KRI),over 60 in all, which span all of the enterprise’s
major areas of risk, capturing the entire “known” risk profile of
the organization.
• The use of predictive risk metrics provides RTI with a forward-
looking view of the enterprise’s risk profile.
www.rti.org
RTI’s Key Risk Indicator Dashboards –Key Risk Indicators
• Bench Strength
• Business Continuity
• Client Satisfaction
• Data Privacy
• Domestic Ethics
• Domestic Security
• Fee Optimization
• Financial Reporting
• Foreign Banking
• Foreign Ethics
• Health, Safety & Environment
• Import/Export
• Insurance Coverage
• Internal Controls
• International Security
• International Subcontracting
• ITS Systems Compliance
• Key Staff Turnover
• Market
• Media Relations
• Non-Fee Bearing Work
• Payroll
• Project Review
• Property Control
• Proposal Risk Identification
• Recruiting
• Research Regulatory Compliance
• Resource Environment
• Retention
• Revenue Concentration
• Strategic Planning
• Sub Contracting
• Taxation
• Thought Leadership
• Unauthorized Transactions Risk
Underlying each KRI are defined risk metrics. The use of predictive risk metrics provides RTI with a forward-looking view of
risks from across the enterprise.
RTI develops its KRI metrics using a clear set of decision criteria (relevance, reliability, availability and applicability) in order to
ensure the KRI’s are an accurate view of risk.
www.rti.org
RTI’s Key Risk Indicator Dashboard
Ethics
State of
Science &
Technology
Safety &
SecurityReputation
Regulatory
ComplianceOperationalMarket
Human
ResourcesFinancial
Domestic
Ethics
Foreign
Ethics
Fee
Optimization
Financial
Internal
Controls
Financial
Reporting
Insurance
Awareness
Property
Control
Payroll
Revenue Concentration
Non Fee
Bearing
Work
Bench
Strecgth
Int’l Sub-
Contracts /
Grants
Project
Review
Data
Privacy
Foreign
Banking
Unauthorized
Transactions
Business
Continuity
SEG
HS
SSS
IDG
Strategic
Planning
Retention
RecruitingDomestic
Security
Thought
Leadership
Key Staff
Turnover
Media
Relations
Sub –
Contracts
Placement
Research
Regulatory
Compliance
Client
Satisfaction
Taxation
International
Security
ITS Systems
Compliance
Health, Safety
&
Environment
Proposal Risk
Identification
Resource
Environment
Import /
Export
Risk Trend Indicators
• Overall Risk Area Change Arrows – Used
when the overall aggregated risk has
increased.– Indicates an increase of risk in the KRI area
– Indicates a decrease of risk in the KRI area
• KRI Changes – Used when there was a
change in a Research Unit or G&A’s KRI.– Indicates a change in a unit level KRI that
did not trigger change the overall aggregated
risk
Risk Rankings• Green Risk Status –
- Low / Acceptable and being managed appropriately.
• Yellow Risk Status–- Moderate but accepted and being monitored on an ongoing basis
- Is approaching unacceptable and should be watched closely
• Red Risk Status –- High and either accepted or anticipated to drop in the near future
- Is unacceptable and action should be taken
www.rti.org
Enterprise
Risk
Management
RTI’s Risk Management Organization
Risk
Management
Committee
Risk
Managers
CMO CRO
CFO
LegalIA
HS
ERM HERSS
IDG
SSESDAS
CEO
Computing
Operations
Controller’s
Office
Human
Resources
Facilities &
Maintenance
Corporate
Communications
Insurance
Research
Protection (IRB)
Corporate
Security
Import/
Export
Information
Security
Procurement
Workplace
Environment
Ethics
Contracts
Regulatory
Compliance
Legal
Risk Management Network
www.rti.org
RTI’s Risk Management Network
• The Risk Management Network is a network of 31 subject matter
experts, risk managers and leaders from across RTI.
• RTI delegates responsibility for the day-to-day risk monitoring and data
collection to the “Risk Management Network.”
– The Risk Managers monitor and report key risk performance data, in
accordance with the predetermined metrics, for inclusion in the dashboard.
– The Risk Management Network meets monthly to review and validate the
collected risk metric data.
• Risk Reporting Checks & Balances:
– Risk Managers may increase the assigned KRI “risk level” independently,
but must defend a reduced “risk level” in front of RMC
– RMC members may increase the risk level in consultation with RMC and the
Risk Manager, but RMC must defend reduced “risk levels” in front of RMC
and with the Risk Manager present.
www.rti.org
Risk Area Reports
Blue BoxKey call outs/Need-to-know
information
Metrics/Ranking SectionBreaks out specific metrics
(both objective & subjective)
and provides a visual snapshot of
the risk profile
Graphs Area (Optional) Allows for trends to be tracked over
time.
Property ManagementMarch 31, 2009
Risk Area Report
Unaccountable Capital Equipment or potential loss of US Government Property can result in loss of
operating capital, loss of fee, and in the case of export restricted equipment, substantial fines
imposed by the Bureau of Industrial Security.
Metric Description: To compute the risk assessment associated with each unit, a comparison is
made for the total unaccountable items, the potential risk in dollars, and the percentage of the
inventory value associated with the unit. Any potential risk exceeding 10% of the total value, 1% of
the export restricted value, or $100,000 is designated as high risk. A risk value between 5% and 10%
of the total or between .5% and 1% of the export restricted value is designated as Moderate Risk.
Any figure below those thresholds is designated as Low Risk. Negligence or willful redistribution of
highly sensitive export restricted equipment carries the potential for considerable financial penalties.
Analysis:
This is where the individual business unit's key issues and areas of note would be reflected.
Dec-08 Mar-09 Jun-09 Sep-09
Rolling 4 Quarters
Property Control
SSS IDG SEG HS G&A
XX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XX
XX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XXXX XX XX XX XX
Moderate Moderate Low Low Moderate
MODERATE RISK
MODERATE RISK
Metrics
Capital Equipment# Items# Items Lost / Overdue Inventory# Export Restricted Items# Exp. Restricted Items Lost/Overdue InventoryExport Restricted Risk Value (Book Value)Total At Risk Value (Book Value)
Government Provided Equipment# Items# Items Lost or Overdue Inventory# Export Restricted Items# Exp. Restricted Items Lost/Overdue InventoryExport Restricted Risk ValueTotal At Risk Value
Final Unit RankingRTI Summary Ranking
Capital EquipmentGovernment Provided Property
1
2
3
www.rti.org
ERM Risk Reporting
• Annual Board of Governor’s Risk Report– RTI’s Enterprise-wide Risk Dashboard
• Bi-Annual Audit Committee Risk Report– RTI’s Enterprise-wide Risk Dashboard
– Business Group Risk Dashboards (6)
• Quarterly to Risk Management Committee– RTI’s Enterprise-wide Risk Dashboard
– Business Group Risk Dashboard (6)
– Risk Area Reports
• Monthly Risk Management Network Meeting– Risk Area Reports
• Ad-hoc Emerging Risk Identification and GAP Analysis
www.rti.org
Conclusion and Next Steps
• Additional refinement of
reporting capabilities
• Automation of data
collection and report
population
• The next big thing ….
Aligning ERM with
Internal Audit..