View
655
Download
1
Embed Size (px)
DESCRIPTION
This slide deck is one that I presented in Sydney in 2010. It highlights the link between governance, risk and compliance and how GRC is used to identify and maximise business value.
Citation preview
Maximising Business Value Through ERM
1. Enterprise Risk Management
2. Risk Governance
3. Policy Compliance
4. Capital Budgeting
What am I on about … ?
What is Enterprise Risk Management?
Best way to manage uncertainty to minimise
loss / threat
Needs to be holistic, no silos
Aligned with business objectives
Rare Unlikely Possible Likely Almost Certain
Severe M H H VH VH
Major M M H H VH
Moderate L M H H H
Minor L L M M H
Negligible L L M M H
Impact: Business Assessment Likelihood: Technical Assessment
Risks need to be identified in a consistent manner. Ensure that you have
Both technical and business input on the assessment.
Business Owner
What are you doing about the risk?
What is the result?
Create a place to store the risks and ensure you capture the appropriate
information that will help you manage those risks
When do we check it?
What is Risk Governance?
Guiding coalition that will drive your risk strategy
Decision making framework for ownership and
treatment of risk
Risk governance provides a way of streamlining the decision making processes related to risk ownership and treatment.
Who gets to make the decisions?
Where does compliance fit in?
External Compliance - PCI-DSS; SOX; Privacy Act
Internal Compliance – Capital ratios; Security Policy
All compliance requirements should be internalised and
managed in accordance with your ERM framework.
Policy exemptions should be assessed on risk and managed through your ERM Framework.
Risk Assessment
Governance
What do we do about the finance decision?
Return on Investment (ROI) and Payback Period are only
financial ratios
Net Present Value (NPV) takes time and risk into account
Capital budgeting analysis using NPV requires us to identify
cashflows over the life of the project.
Use ERM framework to identify indirect cashflows
Negative NPV: Project Declined!!
By incorporating indirect cashflows we can improve NPV
NPV Calculation without using ERM @ Discount Rate of 9%
NPV Calculation using ERM @ Discount Rate of 9%
Positive NPV: Project Approved!!!
Indirect cashflows
In Summary…
ERM is all about managing uncertainty
Governance helps to identify decision makers and
streamline decision making processes
All compliance requirements should be internalised and
managed through a risk based approach
In Summary…
Through identification of non-compliance instances we can
identify indirect cashflows associated with new projects.
Use NPV to incorporate those indirect cashflows into the
capital budgeting process.
By aligning compliance obligations to business initiatives
we can maximise the business value through ERM.
Questions …. ?
LEAD THE CHANGE…