Maximising Business Value Through ERM

1. Enterprise Risk Management

2. Risk Governance

3. Policy Compliance

4. Capital Budgeting

What am I on about … ?

What is Enterprise Risk Management?

Best way to manage uncertainty to minimise

loss / threat

Needs to be holistic, no silos

Aligned with business objectives

Rare Unlikely Possible Likely Almost Certain

Severe M H H VH VH

Major M M H H VH

Moderate L M H H H

Minor L L M M H

Negligible L L M M H

Impact: Business Assessment Likelihood: Technical Assessment

Risks need to be identified in a consistent manner. Ensure that you have

Both technical and business input on the assessment.

Business Owner

What are you doing about the risk?

What is the result?

Create a place to store the risks and ensure you capture the appropriate

information that will help you manage those risks

When do we check it?

What is Risk Governance?

Guiding coalition that will drive your risk strategy

Decision making framework for ownership and

treatment of risk

Risk governance provides a way of streamlining the decision making processes related to risk ownership and treatment.

Who gets to make the decisions?

Where does compliance fit in?

External Compliance - PCI-DSS; SOX; Privacy Act

Internal Compliance – Capital ratios; Security Policy

All compliance requirements should be internalised and

managed in accordance with your ERM framework.

Policy exemptions should be assessed on risk and managed through your ERM Framework.

Risk Assessment

Governance

What do we do about the finance decision?

Return on Investment (ROI) and Payback Period are only

financial ratios

Net Present Value (NPV) takes time and risk into account

Capital budgeting analysis using NPV requires us to identify

cashflows over the life of the project.

Use ERM framework to identify indirect cashflows

Negative NPV: Project Declined!!

By incorporating indirect cashflows we can improve NPV

NPV Calculation without using ERM @ Discount Rate of 9%

NPV Calculation using ERM @ Discount Rate of 9%

Positive NPV: Project Approved!!!

Indirect cashflows

In Summary…

ERM is all about managing uncertainty

Governance helps to identify decision makers and

streamline decision making processes

All compliance requirements should be internalised and

managed through a risk based approach

In Summary…

Through identification of non-compliance instances we can

identify indirect cashflows associated with new projects.

Use NPV to incorporate those indirect cashflows into the

capital budgeting process.

By aligning compliance obligations to business initiatives

we can maximise the business value through ERM.

Questions …. ?

LEAD THE CHANGE…