Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

RIMS ERM Conference 2012 Comes to San Antonio

Earlier this week, the second annual RIMS ERM Conference 2012 was held in San Antonio. With a theme of “Transforming Vision into Value,” attendees took in two days worth of educational sessions and discussions designed to provide them with the necessary expertise to develop and enhance enterprise risk management programs in their organizations.

Author and leadership expert Robert Stevenson set the tone in a keynote address that stressed the importance of looking at risk strategically as a means of ensuring perhaps the most valuable organizational commodity: its own survival. Stevenson pointed out that between 1985 and 2000, more than 90 companies have been pushed off the Fortune 500 and that the top 10 employers in 1960 have all completely changed today. What this demonstrated said Stevenson was that “future success is not inevitable because of past triumphs.” For risk managers, then, it is imperative that they remind their organizations that success is never final and that they need to pay attention to risk whether they like it or not. “If you don’t like paying attention to risk,” he said, “you will hate paying attention to extinction.”

So in order to avoid being blindsided, organizations need to adopt a wider perspective regarding risk, which naturally leads to ERM as a means to not only address threats, but to take advantage of opportunities.  To that end, subsequent sessions delved into a wide range of topics with experts offering practical advice on things like incorporating scenarios into strategic planning or using key risk indicators and root cause analysis to refine risk assessment. Presenters also shared their stories of how they were able to achieve ERM success in their organizations, giving attendees the opportunity to see theory in action and learn from the accomplishments of their risk management peers.

In an effort to recognize one of these success stories, the conference was highlighted by the presentation of the 2012 ERM Award of Distinction, which went to the YMCA of Greater Toronto for its sophisticated risk intelligence program. The program incorporated strategic risk tools and techniques including a collaborative project risk assessment that was aligned with the organization’s mission, vision and strategic plan objectives to produce an average 25% growth in monthly membership sales at one of its health, fitness and recreation centers, with phased replication and reach in other communities.

Sysco Corporation also received an honorable mention for successfully implementing an ERM program that helped transform the organization’s business culture from siloed businesses to a cohesive and interconnected network of companies focused on uncovering otherwise untapped opportunities.

“Enterprise risk management has become an increasingly important organizational competency that not only protects organizations from detrimental risks but has proven to help identify positive risks that can lead to profitable opportunities,” said Carol Fox, RIMS Director of Strategic and Enterprise Risk Practice. “The YMCA of Greater Toronto and Sysco Corporation are shining examples of how risk management can create value for an organization and their work is truly deserving of this honor.”

In all, the conference proved to a valuable learning experience for all who attended. The following are some of the images from San Antonio.

Robert Stevenson addresses the crowd.

 

Monica Merrifield, vice president, risk intelligence for the YMCA of Greater Toronto (second from left), received the ERM Award of Distinction.

 

The Solutions Showcase gathered ERM service providers.

 

Brian Thelen, general auditor and CRO, General Motors (left) and Joseph Ghammashi, senior vice president and CRO, CorporateOne FCU

 

Attendees gained valuable insight into ERM program development.

ERM, Cyber Risk and Ed Hochuli

Risk management and the sports world unexpectedly intersected in a morning session at RIMS 2012, when panelists discussed how adopting an ERM strategy can help mitigate cyber risk while under the watchful eye (and whistle) of session moderator and well-known NFL referee Ed Hochuli. Much like in an NFL game, Hochuli, who is also an attorney with Jones Skelton & Hochuli, took control of the discussion by donning his referee jersey and throwing his penalty flag whenever any of the presenters went over a pre-determined time limit for remarks.

Panelists Carol Fox of RIMS, David Speciale of Identity Theft 911, Richard Magrath of USLAW NETWORK and John Hall of Hall Booth Smith & Slover were flagged for multiple delay-of-game penalties (and one good-natured taunting violation), but this did not stop them from delivering their timely and informative presentation.

As data breach incidents, such as Sony’s infamous PlayStation Network breach last year,  have increased, so has the financial and reputational impacts. Perhaps more importantly, however, this so-called cyber risk no longer only belongs to IT departments. In fact, many IT departments may not even understand the entire scope of the risk. “They are used to dealing with how many servers they have, not necessarily what is on those servers,” said Fox. Since data breaches effect the entire enterprise, mitigation and remediation efforts need to involve all departments in order to effectively limit damages and reduce costs. This makes a data breach plan a vital component of a company’s ERM program.

And given all the complex data protection regulations, jurisdictional issues, and due diligence and privilege concerns, Magrath and Hall recommended that risk managers do not try to go it alone and instead, should engage counsel as a kind of quarterback to help them assess their risk and make sure they are as protected as they can be.

Speciale warned that despite all of a company’s best efforts, 100% protection may be impossible and some fallout may be unavoidable. “When a company is breached, a small percentage of people will never do business with them again,” he said. The key, then, is to be able to prevent as many breaches as you can and then strengthen your defense so you are a less attractive target.

In order to help companies develop a plan of their own, RIMS, US LAW NETWORK and Identity Theft 911 developed an executive report entitled “ERM Best Practices in the Cyber World.” The report details how risk managers can go about developing an effective data breach plan of their own. As the session made clear, thousands of dollars of investment could prevent millions of dollars in losses.

Discussing ERM at RIMS 2011

ERM was a big topic at this year’s RIMS Conference & Exhibition. As it increasingly becomes apparent that enterprise risk management is a vital component of business management as a whole, many attendees were taking the next step past simple understanding and actively looking for practical ways to actually implement the strategy for their businesses. And many sessions at RIMS 2011 were designed for that very purpose.

For instance, “Building an ERM Roadmap” and “ERM Technology Tool Review” included a variety of practical guidelines and sample tools. The discussions focused on how to develop, report and monitor an effective program that meets the business area and board’s needs.

Grace Crickette, chief risk officer at the University of California, offered a useful online resource, based on the university’s own ERM efforts, to help companies define and implement ERM programs in their organizations.

Like organizations within the private sector, the UC system operates in an inherently risky environment. By strategically managing risk, we can reduce the chance of loss, create greater financial stability, and protect our resources so we can continue our mission of supporting teaching, research and public service.

As part of this strategic approach to managing risk, the UC leverages an Enterprise Risk Management Information System, which provides users with a single portal through which they can access and analyze information related to their specific area.

For anyone looking to make progress with their own ERM program, this might be a good place to start.

ERM on the Rise

An uprising in Egypt or a catastrophic natural disaster in Japan can make a company stop and think about how that event impacts their business. And events like these are helping to spur companies to fully embrace enterprise risk management (ERM).

This is a good thing. And, according to some, it’s only going to get better.

James Lam, president of risk-management consulting firm James Lam & Associates, has high expectations for the future of ERM, telling CFO magazine that “We’re going to make more progress in ERM implementations and its standardization in the next couple of years than we did in the last dozen.” According to his research, almost 90% of global organizations with more than $1 billion in revenue are either putting an ERM program in place or, in 25% of those cases, already have a program up and running.

Russ Banham, a contributing editor of CFO magazine, also has some great insight into the present state and future situation of the risk management movement. He penned quite an interesting ERM article that was published today. In it, Banham states that it’s not just black swan events that are to credit for the spike in ERM popularity, three trends have also caused an increase in interest.

  1. Corporate boards are under regulatory pressure to address risk management explicitly.
  2. Proponents of ERM are making progress in having it acknowledged as a best practice for overall risk management.
  3. New technologies are enhancing companies’ ability to evaluate, measure, and prioritize risks, and to test and report on their potential impact.

Banham points to the Dodd-Frank Act, the fact ratings agencies factor in ERM criteria into their ratings process, COSO II (the Committee of Sponsoring Organizations) and the SEC’s sharpened stance on risk management as why some companies, especially larger ones, have no option other than the fully implement an ERM program.

Governance issues aside, ERM would get a major boost if it were widely regarded as an industry standard for best practices. “We are not talking about a one-size-fits-all standard, since risk management is part art and part science, and organizations differ by geographies, markets, business lines, and organizational structure,” Lam says. “It can, however, be an industry-by-industry standard, customized by companies within a given industry.”

Optimism aside, most companies still have a long way to go in terms of developing a comprehensive, efficient and successful ERM strategy. As we see by the second graphic below, more than half of companies still have little or no common risk management processes implemented.

Let’s hope Lam’s predictions come to fruition.