Tag Archives: ERM

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Defining Reputational Risk

Posted on by

The following article is part of a new blog series that will explore ideas, concepts, discussions, arguments and applications associated with the field of enterprise and strategic risk management.

One of the more striking conclusions contained in Aon’s 2015 Global Risk Management Survey is that damage to reputation and/or brand was considered by the survey cohort to be the most significant risk to the enterprise. The survey was conducted in Q4 of 2014 and received input from over 1,400 respondents coming from both the private and public business on a worldwide basis.

The “Top Ten” most identified risks included:

  1. Damage to reputation/brand
  2. Economic slowdown/slow recovery
  3. Regulatory/legislative changes
  4. Increasing competition
  5. Failure to act or retain top talent
  6. Failure to innovate/meet customer needs
  7. Business interruption
  8. Third-party liability
  9. Computer crime/hacking/viruses/malicious codes
  10. Property damage.

The survey results should not come as any real surprise given the number of sensational news stories coming from around the world that highlight potential or real reputational or brand problems. We have witnessed data breaches ranging from credit card identity theft in consumer retail, to serious product recall notifications in the food and beverage industry, to product performance/ warranty failures in the automotive arena, as well as “hints of reputational quality,” defined as “trust” in the early stage politics of the presidential selection process involving private vs. public use of email servers. There is little doubt that news, sensational or not, impacting reputational or brand, will continue for some to come. The real question is: Should anyone care?

Defining reputational/brand risk is hard to accomplish:

Based on some additional research done by my colleague Sylvesto Lorello, reputational risk is not a new concept, but it arguably has no established or universally agreed upon definition. Academic and business thinking about this subject continues to evolve. Within the insurance underwriting community that I have been in touch with, reputational or brand risk is being compared in scope to contingent liability risks, but with a serious caveat: the basis of the risk is highly variable and the duration of the risk event/loss event is difficult to pin down economically.

The concept of reputation and brand for example, are notably absent from the 2004 framework for enterprise risk management proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It is also overlooked in the Basel II international accord for regulating bank capital, which was also issued in 2004.

A lack of common standards or definitions of reputational risk mean that companies perceive it in different ways.

buy cytotec online orthomich.com/img/blog/jpg/cytotec.html no prescription pharmacy

Some risk practioners are beginning to view reputation as a “risk of risks” similar to the dialogue surrounding the “internet of things/objects.” Interestingly, an emerging dialogue is developing around whether reputation or brand is actually a risk or a residual event stemming from other extenuating risk domains or actions.

The ISO 31000 (2009)/ISO Guide 73:2002 definition of risk is the “effect of uncertainty on objectives.” In this definition, uncertainties include events (which may or may not happen) and uncertainties caused by ambiguity or a lack of information.

The U.S. Federal Reserve in 1995 defined reputational risk as “…the potential that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation or revenue reductions.

buy vidalista online orthomich.com/img/blog/jpg/vidalista.html no prescription pharmacy

In this case, the definition points to the potential for hard data from which basis and duration can be calculated.

Definitional issues aside, eventually societies will develop benchmarks with which to measure reputational or brand acceptability. One way of thinking about this approach is shown in the following exhibit.

UntitledHere we ignore some of the more difficult definitional discussion around a combined reputation/brand perspective, and limit our view to reputation alone.

buy fluoxetine online thecifhw.com/wp-content/uploads/2023/10/jpg/fluoxetine.html no prescription pharmacy

From a practical early stage standpoint, an entities reputation could be view from potential threat and potential impact perspective. On the threat side, it may be possible to segregate threats into four categories:

  • Risk to reputation stemming from employment activities;
  • Risk to reputation coming from product or customer issues;
  • Risk to reputation derived from governance; and,
  • Other less easily classified risks to reputation.

These categories appear for graphical purposes as if they are mutually exclusive, but in reality, there are good examples of causal overlap that increased risk volatility and severity. Recent oil spills and automobile product failure/recalls are enduring situations where more than one causal category created a economically catastrophic reputational problem.

On the other side of the graphic we outline the potential impacts to reputation coming from the threat categories. Again, while not mutually exclusive or exhaustive, the impact areas include:

  • Customer base
  • Financial valuation
  • Brand and media
  • Staf
  • Other less easily defined impacts.

Coming next, who are the stakeholders and how might one approach measuring reputational risk.

Survey Finds Alliance with Organizations and Risk Reporting Structures

Posted on by

NEW ORLEANS—Seventy-nine percent of companies are aligned with their risk management reporting structure, however, only 27% of risk professionals believe that emerging risks will be a company priority in the coming year, according to the 12th annual “Excellence in Risk Management Survey” released here by Marsh and RIMS.

In the last five or six years, “We have seen significant narrowing of the gap, where there is better alignment of what risk managers and risk executives are providing their organization and what their C-suite and management is looking for and needing in this riskier world that we all live in,” said Brian Elowe, a managing director at Marsh and co-author of the report. Findings are based on more than 300 responses to an online survey and a series of focus groups with leading risk executives.

Elowe explained that the study focused on organizational alignment, risk management effectiveness, data analytics and technology and cyberrisk.

In their study of organizational dynamics, he said, “We looked at priority setting, organizational structure and performance measurement standards to understand effective execution of a risk management strategy.”

The first insight was in respect to structures risk management reports to inside an organization. “We also asked whether the people responding to the survey felt risk management was reporting to the correct area inside the organization. We found that 79% of the respondents said they felt risk management was reporting into the appropriate area inside their organization,” Elowe said.

Looking deeper, he said the survey found that 50% of executives report into the finance area. The other half reports into a wide number of areas inside the company–12% report to general counsel, 8% to other C-suite members, 5% to internal audit, 5% to operations, 2% to human resources and 11% to “other” functions.

“We found that while they are all in the risk management function, those that report to areas outside of finance tend to be involved in areas deemed to be more strategic in nature. So they are more likely to be involved with things like ERM strategies, IT, privacy and security.”

Elowe said, “We think that finance executives might be well-served to help facilitate greater connections inside their companies to help broaden the perspective that risk executives reporting into finance might be able to have inside their own companies.”

In addition, only 27% of risk professionals reporting to the CFO or treasurer said they expected an increase in spending for training risk management staff. This is compared to 46% in increases expected by those reporting to other areas.

The top-five programs reporting to risk management were insurance management (92%), claims management (88%), enterprise risk management (67%), captive operations (65%) and emergency response (63%).

Looking at functions that report into risk management, he said that while the traditional functions of insurance and claims were well aligned, there is a significant alignment with IT. This is compared to several years ago when IT “operated in and of itself in an organization. That is an outcome of the growing cyberrrisk and the need for organizations to have a multi-disciplinary approach to how cyber is affecting their organization.”

Discussion groups agreed that the “here and now” is most important to their companies and that more needs to be done to develop understanding of emerging risks. “Risk managers are concerned they are not looking far enough ahead,” Elowe said, adding that company focus is largely directed to regulations and compliance. Carol Fox, director of the strategic and enterprise risk practice at RIMS and co-author of the report observed that organizations focused on operations are generally not as involved in strategy. She said management understands risks, but fell off in actually planning for emerging risks.

Findings include:

  • Risk management departments that do not report into finance are generally better aligned with other strategic functions within their organizations — most notably in the areas of enterprise risk management, compliance, information technology (IT) risk management, privacy, and security.
  • Despite the importance placed on emerging risks by many board members, senior leaders, and risk executives, only 27% of survey respondents said that identifying emerging risks would be a priority in the coming year.
  • Over the next two years, 42% of organizations expect to increase the level of investment in risk analytics, according to our survey, with 57% saying it would remain flat.
  • Nearly 60% of respondents said their organization has no formal communications plan in anticipation of a cyber event.
  • Risk professionals who report into the CFO or treasurer are much less likely to expect an increase in spending for training risk management staff in the coming year compared to those reporting elsewhere.

 

Enterprise Risk Management Needed in Battle Against Corruption

Posted on by

Even though the U.S. government has broadened its pursuit against corruption, only about 9% of organizations see Foreign Corrupt Practices Act monitoring as a top concern, according to “Bribery and Corruption: The Essential Guide to Managing the Risks” by ACL.

Many companies have policies against corruption, but it still exists. Although remaining competitive can be difficult in some parts of the world that see payments, gifts and consulting fees as part of doing business, companies need to identify these risks and manage them across the organization. There is much is at stake, as penalties are rising and more companies globally are being fined, the study found.

buy augmentin online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/augmentin.html no prescription pharmacy

According to ACL, if a formalized ERM process exists within an organization, then the anti-bribery and anti-corruption (ABAC) risk assessment process should ideally be carried out within that ERM framework. In some organizations, however, the overall risk management process is fragmented, meaning that the risks of bribery and corruption are considered in relative isolation. Whichever approach is taken within an organization, the process of defining the risks should involve individuals with sufficient knowledge of the regulations and ways the business actually works.

buy addyi online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/addyi.html no prescription pharmacy

“We encourage companies to maintain robust compliance programs, to voluntarily disclose and eradicate misconduct when it is detected, and to cooperate in the government’s investigation. But we will not wait for companies to act responsibly,” said Leslie Caldwell, assistant attorney general in the criminal division at the Department of Justice. “With cooperation or without it, the department will identify criminal activity at corporations and investigate the conduct ourselves, using all of our resources, employing every law enforcement tool, and considering all possible actions, including charges against both corporations and individuals.”

The study’s findings also include:

To Sell ERM, Think Like a Salesperson

Posted on by

Selling Enterprise Risk Management

There have been many discussions around the value of enterprise risk management as of late. Some individuals may feel as if having a risk manager on board checks the box, meeting the company’s obligations. Others may feel that enterprise risk management is the start and end to all their challenges and, if things do not work out as expected, the risk manager is to blame. So where does that leave the risk manager?

In order to have a healthy enterprise risk management program, risk managers should think like salespeople.

online pharmacy doxycycline with best prices today in the USA

Risk management professionals tend to be very passionate about their vocation, but not everyone may be buying into the ERM process. The first step to selling your risk program is to find a champion.
buy antabuse online https://galenapharm.com/pharmacy/antabuse.html no prescription
This person should be on your executive team—preferably the CEO.  You need a strong voice in your organization that will support the change that an enterprise risk management program can bring. It is also a good idea to have support from the board of directors and, if applicable, the internal auditor. When building your risk team, keep in mind that the end goal is to have all employees of the organization support and apply risk management to their day-to-day challenges. The more risk champions you can find, the better your program will be advocated and supported.

Once you have completed your public relations campaign by finding your risk champion, the next step is finding a common language everyone can understand. It is particularly helpful to ensure that the risk terminology used within your organization is consistent and understood.

online pharmacy ocuflox with best prices today in the USA

Once people begin to speak the same language, conversations should begin to flow.

The third step is to make sure you have a sound product. Building a comprehensive risk framework and process that fits your culture is a valuable selling point. There are many frameworks to choose from such as the Australian model, COBIT and COSO. One size does not always fit all, however.

online pharmacy rifadin with best prices today in the USA

  Use the components from the models that best suit the culture of your company. Be sure that you gain approval from both the executive team and your board when you introduce your framework and process.

Finally, it is time to make the sale. Have a risk workshop with your executive, but be sure to come prepared. It is critical to have a thorough understanding of the company’s strategic objectives, as the risks identified through your process should align with the company’s overall goals.

Conducting risk scenarios can also help sell ERM, further embedding risk management practices into the organization. Creating a scenario that requires the application of the risk management process really helps bring the theory to life. It also allows the participants to learn together as they work together, building knowledge while strengthening the program and its support throughout the company.