The 4th Annual Enterprise Risk Management Conference will be held on March 10th and 11th. I will be attending this conference on behalf of the GlobalRisk community and will report back with key observations and discussions from the conference. I will also Tweet general comments during the sessions at www.twitter.com/JohnatIMT.  

I am opening this forum to ask for any questions you hope the sessions at this conference and/or specific presenters could answer for you. I will do my best to pose these questions and report the responses back to our community. The conference organizers at Marcus Evans are also kind enough to arrange interviews with specific speakers. Note the conference theme is "Empowering ERM Efforts to Inform the Enterprise-Wide Decision-Making Process." The agenda includes some very interesting subsets of this challenge.

Please use this forum to submit the questions you would like to have me ask and to note the speakers who may be of particular interest to you. You can find the conference information in our community posts from Michele Westergaard and on the following Marcus Evans conference information site:

 http://www.marcusevans.com/marcusevans-conferences-event-details.asp?EventID=17484&ad=GRCERM&SectorID=51&me_cid=10361&Date=07/12/2010

 

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Votes: 0
Email me when people reply –

Replies

  • John, thank you for your kindness and delivered information.  It is very useful and we looking for your next inputs here.

    Best, Dimitar

  • Thanks John for such an informative post-conference write up!  We hope you enjoyed the conference!

     

    Look out for interview materials that John conducted with the ERM speakers. We are very excited about this!

     

  • Approximately 70 leading risk management practitioners attended the Marcus Evans' 4th Annual Enterprise Risk Management Conference. The general consensus was a lot of progress was made in the past four years toward creating some general standards, common vocabulary, and risk frameworks that are necessary for practical enterprise risk management implementation.

    I am assembling a summary report that I will post to this forum, but here are some overall observations and common themes from the conference:

    • Attendees and speakers represented organizations with a wide range of enterprise risk management program maturity levels from initiation to programs continuously monitoring hundreds of risks.
    • The average risk program of the attendees narrows their enterprise risk focus to 10 to 20 risk categories that are addressed with the Board with risk policy guidance driven down through the organization. The set of these primary risks change with business and market conditions.
    • For those who are initiating ERM programs (even within large enterprises) some are placing the responsibility within an existing functional area like finance. There seems to be some trepidation toward formalizing a program too broadly and too quickly in some organizations.
    • It is important to establish easily understood risk frameworks that can be driven from the top down in organizations.
      • The COSO “cube” seems to be too complex to use to drive Board analysis and participation.
      • ISO 31000 and ISO Guide 73 received positive comments as providing the simplicity and flexibility needed to apply in businesses across industry sectors.  (See Alex Dali’s GlobalRisk Forum post to provide your input on updating ISO 31000 terminology)
    • ERM should not be a periodic check-box activity. ERM must add value to an organization by continuously raising and addressing risk concerns and opportunities as the business dictates.
    • Use both quantitative and qualitative analysis in ERM assessments.   
    • Clarification and advice on some terms to use to set the context of risk:
      • Risk Limit – where your organization should be in relation to risks
      • Risk Tolerance – how much risk your organization is prepared to take
      • Risk Appetite – the level of risk that is acceptable to achieve organizational goals
      • Risk Capacity – the limit of risk at which an organization can survive
    • Continue innovating and adding value to your organization.

    I will extend this list of observations and add more detail to these themes in my summary report.



  • John Farrell said:
    Sandy, given your distinguished background on setting and advising on quality standards, I assume you are on the advisory board for the 2015 ISO 9001 revision. Is it correct to say that ISO 9001 currently does not have any risk management requirements and you would like some input from some of these speakers on what they believe would be essential risk management standards that should be added? What input would be most useful for you, general statements on risk programs or more specific practical applications that should be considered across industries?

    Burton S. Liebesman said:
    I have a meeting of the US TAG to TC 176 March 15-17. We will be working on 20 future concepts, one of which is on risk. The information below is from my article in this month's ASQ Quality Progress.

    Future Concept 6: Inclusion of a Risk Based Thinking Approach

     

    Effective management systems can reduce risks to an organization. Risks occur as the result of uncertainty whereas effective management systems improve the control over factors that create uncertainty. ISO 9001 can play a major role improving risk-based thinking in an organization.

     

    ISO 9001:2008 considers risk in various clauses that can be a starting point for expanding this concept. There are several clauses in ISO 9001 where risk is implied[

    • 5.4 Quality Planning
    • 5.6 Management Review
    • 7.1 Planning of Product Realization
    • 7.3 Design and Development
    • 8.5.2 Corrective Action
    • 8.5.3 Preventive Action

     

    In each of these clauses management must consider the risks to the organization and means of reducing them.

     

    The TG Future concepts document introduced several considerations in developing a risk based thinking approach:

    • Any requirement would have to be capable of allowing organizations of all sizes and types to determine their own approach.
    • Any text added to ISO 9001 must add value to the user.
    • Consideration as to whether requirements should be explicit or implied.

     

    A risk-based approach should be applied to the following areas:

    • Ensuring that products meet customer, statutory and regulatory requirements
    • Reinforcing the process approach and reducing the risk that a process might not produce the desired result,
    • Improving the effectiveness of the management system to achieve objectives and analyzing changes in the organization‘s environment both internally and externally.

     

    It is worth noting that the telecommunication standard TL 9000[1] added requirement 7.3.1.C.4 in 2009:

    “The organization shall develop and document a plan for the identification, analysis and control of risks to the project that can impact cost, schedule, product quality or product performance.” In addition, adder 7.3.1.C.4 Risk Management Plan contains requirements for “identification, analysis, and control of risks to the project.”



     

    [1]TL 9000 Quality Management System Requirements Handbook, Release 5.0, 11/15/2009, QuEST Forum, Richardson, Texas.

  • Bill, much has been written, pro and con, about the "failure of risk management" leading into the financial crisis. Given the conference session topics on articulating value and sustaining risk management programs, it will be interesting to hear views on overcoming any reputational damage the crisis (fairly or unfairly) caused risk managers and programs.

    I am also interested in breaking through the semantic challenges of financial risk management being equated to enterprise risk management. I should have plenty of opportunity to address this with these speakers who generally deal with the broader risk spectrum and gaining corporate management buy in.

     

    Bill Savage said:

    John,

     

    Here are a couple of questions that I have been dealing with.

     

    For any presenter: How has the recent financial crisis effected the reputation of Chief Risk Officers, ERM practitioners and ERM programs?

     

    For any presenter: Many organizations that claim to practice ERM appear to be focusing on the purely financial aspects of risk (Market, Credit, Liquidity, etc). Is this true ERM? If not, how can we as risk management leaders recapture managements's attention and build buy in for including other risk areas (e.g. IT, HR, Compliance, Operations, etc) in the decision making process?

     

    Thanks.

    Bill Savage

  • Sandy, given your distinguished background on setting and advising on quality standards, I assume you are on the advisory board for the 2015 ISO 9001 revision. Is it correct to say that ISO 9001 currently does not have any risk management requirements and you would like some input from some of these speakers on what they believe would be essential risk management standards that should be added? What input would be most useful for you, general statements on risk programs or more specific practical applications that should be considered across industries?

    Burton S. Liebesman said:
    I'd like the following to be considered at the risk management conference: ISO 9001 is being revised for 2015 publication. The committee has been ask to consider 20 topic areas. one of them is risk management. What risk management requirements should be considered by the ISO committee?
    Sandy Liebesman
  • These are definitely all great questions! Thank you everyone for the great input.

     

    If you have any specific speakers you would like John to speak to, please let him know. The conference will be from March 10-11, 2011. Please take a look at the agenda: http://bit.ly/gfwrA1 and see which speakers you would like to hear from.

     

    Thanks!

    Michele

    http://www.marcusevansassets.com/HTMLEmail/MB_CHC230_wo_reg_M.pdf
  • Great questions so far. The conference is focused on enterprise risk management with session topics honing in on how to establish risk analysis at the core of strategic decision making and business processes. Topics also address how to articulate and prove the value of risk programs for corporate competitiveness. I should be able to pose our questions in light of this agenda.

    Keep the questions coming.

  • Economic recession is clearly installed and despite the combined efforts of EU countries, won't go away so easily.

    In such context, usually the "support functions" such as internal audit and compliance functions are disregarded because whatever budget business areas have will not use them to cope with control inefficiencies.

     

    How can we avoid this?

  • John,

     

    Here are a couple of questions that I have been dealing with.

     

    For any presenter: How has the recent financial crisis effected the reputation of Chief Risk Officers, ERM practitioners and ERM programs?

     

    For any presenter: Many organizations that claim to practice ERM appear to be focusing on the purely financial aspects of risk (Market, Credit, Liquidity, etc). Is this true ERM? If not, how can we as risk management leaders recapture managements's attention and build buy in for including other risk areas (e.g. IT, HR, Compliance, Operations, etc) in the decision making process?

     

    Thanks.

    Bill Savage

This reply was deleted.

[Free COVID-19 Framework] What's the path to recovery look like?

We created a free presentation (attached), which discusses both global and organizational impacts of the COVID-19 pandemic, along with critical actions organizations should take immediately. This presentation introduces a framework that helps regions and organizations navigate a path to recovery via 9 potential scenarios. These scenarios capture outcomes related to GDP impact, public health response, and economic policies. The presentation also breaks down 6 immediate and critical actions…

Read more…
4 Replies · Reply by Steve Diaz Jul 8, 2023
Views: 204

If risk management is about decision making, are current risk management solutions irrelevant?

Now that the updated COSO and ISO risk management standards emphasize a connection to enterprise objectives and decision making, does this mean ERM and GRC solutions focused on risk registers and regulatory compliance are missing the true value of risk management?Will current risk management solutions evolve to integrate more decision support functionality or will standalone prescriptive analytics and other technology solutions take a more prominent role in enabling risk-informed…

Read more…
3 Replies
Views: 129

A question related to classification of instruments between trading and banking book.

We have an interesting question from one of our members.       "We usually perform OTC FX transactions with clients backed-to-back on the market (with Banks). Now we are going to perform a FX swap (i.e. Spot + forward) JPY/EUR for the Bank account for 1 week at the longest. The purpose is to get EUR place @ CB for LCR compliance purpose (no trading purposes). Bank's Management think that this should be considered as a trading position and therefore be classified within the Bank's trading book.…

Read more…
5 Replies · Reply by Prisha Singh Dec 26, 2023
Views: 309

Plunging oil prices: curse or blessing in disguise?

The recent sudden crash of oil prices has had a major impact on the world economy, leading to many troubled faces in the international arena. The Russians fear the effects of yet another powerful hit on their economy, Venezuela seems to be considering default and the Americans are weary of the consequences for its young and emerging shale oil industry. And then you have the Middle East, where the smallest match is enough to ignite the largest fire. But are these worries really justified or…

Read more…
1 Reply
Views: 90

Introducing the Global Risk Series - Book 1 Risk Management How Tos

Dear GlobalRisk Community member, Our community’s mission is to foster business, networking and educational explorations among members. Learn from some of the top experts in the industry as they clearly explain how to approach the most important Risk management concepts. Check out their expert tips and use the link at the end of each article to navigate back to the website to leave your comment or ask a question.   Some of the topics include: How do you Explain Risk Appetite?  How to Prepare a…

Read more…
16 Replies · Reply by GlobalRiskCommunity Mar 21
Views: 888

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead