Key takeaways from this informative session were:  

Learning outcomes 

1) Re-position risk management alongside strategy to generate enterprise value and drive stronger levels of engagement 

  • Strategic Enterprise Risk Management (ERM) vs traditional ERM.  
    • Strategic ERM model 
    • Value focus - organisational capability driving value and competitive advantage 
    • Board/Exec focus on fewer key risks driving disproportionate gains/losses 
    • Core to strategic and operational decisions
    • Facilitated by highly skilled staff 
    • Risk framing begins with strategy and goals (top down process) and embedded in the strategic process. Identify and manage key risks to strategic objectives
  • Traditional ERM model 
    • Compliance focus 
    • Extensive risk mapping 
    • Disconnected from strategic and operational decisions 
    • Lower level staff activity. 

2) Gain an understanding of key risk concepts such as risk appetite and risk culture 

  • Risk appetite needs to support the strategy – keep it simple and don’t embed in risk policy documents to facilitate prompt re-alignment to changing circumstances. 
  • IoD Risk Appetite Framework - 5 point scale (averse, cautious, neutral, receptive and open).
  • Integrate risk appetite into monitoring – agree risk appetite setting for each material risk which may differ from overall enterprise setting and facilitates tailored management approach to each risk.    

3) New and emerging risk concepts and how they can be applied  

Interconnectivity  

  • Identify and understand how material risks are interconnected (more than the traditional approach of just looking at likelihood and impact). 
  • Emitter Risks 
    • will trigger other risks in the system 
    • impact can be substantial 
    • likely high return on mitigation investment
  • Receiver Risks 
    • Triggered by other risks 
    • Likelihood of occurrence higher 
    • Plans in place to address occurrence 
  • Strategic ERM approach factors in strength/level of interconnectivity and tailored to whether Emitter or Receiver risk. 

Risk Culture  

  • Culture eats strategy for breakfast (and risk for lunch) 
  • Embed risk understanding across the enterprise 
  • Sufficient time and focus at Board & Exec levels 
  • Strategy to risk to task 
  • Linking risk to goals/objectives 
  • Internal Audit and issue resolution 

If you missed this webinar or would like to catch up or share the session, you can watch the recording here.

Ngā mihi nui to Juno Lawyer Saul Derber for this helpful summary.