Travel and foreign operations risk policy?
Transcription
Travel and foreign operations risk policy?
Enterprise Risk Management & Board members GUBERNA Alumni Event June 19th 2014 Prepared by Gaëtan LEFEVRE Agenda •Introduction •Do we need Risk Management ? •The 8th EU Company Law Directive – Art 41 , 2b •Three lines of Defense Model •Risk Assessment •Risk Management Committee •Enterprise Risk Management •Impact of company size •Risk Manager profile •Ferma Benchmarking Survey (2012) •Conclusion Guberna Alumni Event – 19/06/2014 2 Do we need Risk Management ? Je les connais déjà mes risques, c’est mon métier… Je n’ai pas de risques, ils sont tous sous contrôle… Prendre les bons risques … Depuis le temps, je les connais mes risques… Guberna Alumni Event – 19/06/2014 3 The 8th EU Company Law Directive – Art 41 , 2b Article 41, section 2b: “… the audit committee shall, inter alia: monitor the effectiveness of the company’s internal control, internal audit where applicable, and risk management systems…” •Simple statement •“What to monitor” and “how to monitor” are considerably more complex. Guberna Alumni Event – 19/06/2014 4 Three lines of Defense Model Guberna Alumni Event – 19/06/2014 5 Three lines of Defense Model Risk Management – Internal Audit Perspective: •Risk Management: develops risk policies and methodologies, coordinates risk based activities, support to the management “owner of the risks” and compiles risks information. => Risk monitoring •Internal Audit: audits of the risks process and provides assurance to the board that the process is under control. => Risk assurance Audit Committee Best Practices: •Risk Management, internal control and internal audit are part of the agenda •Appropriate budget and time allocation •Monitor all lines of Defense •Report to Board of Directors Guberna Alumni Event – 19/06/2014 6 Risk Assessment Je n’ai pas le temps de vous voir pour la gestion des risques, j’ai du travail… J’ai déjà été audité, allez donc les voir … Le premier risque, c’est de faire une cartographie des risques … Guberna Alumni Event – 19/06/2014 C’est agréable de prendre du recul sur son activité… 7 Risk Assessment Objectives: •To have a detailed list of the main risks areas of the company and a risks inventory validated with Senior Management •To prioritize the main risks through a risk assessment workshops organized with Management and Corporate •Measurement criteria Risk Level • Impact (event) X Exposure (event) •To provide the Board / Audit Committee and the Senior Management with a list of risks to be mitigated as quick as possible •To provide the Internal Audit with the basis of its internal audit program Guberna Alumni Event – 19/06/2014 8 Risk Assessment •Follow up Risk Assessment: •Risk priorities to be considered and addressed by the management •Responsibility of management to define, plan and execute mitigating actions plans with the support of Risk Management Department •Internal Audit : •Management participation to internal audit missions •Management responsibility to define and execute corrective actions plans Guberna Alumni Event – 19/06/2014 9 Risk Management Committee Au final cela sert à quoi tout cela… Vous êtes le Risk Manager, c’est à vous de gérer les risques… Encore du reporting vers le Corporate… Guberna Alumni Event – 19/06/2014 C’est encore un travail de conformité réglementaire… 10 Risk Management Committee Set up a Risk Management Committee: •Support to the Risk Manager •Report to the Audit Committee •Reporting based on •Risk Identification & Assessment •Follow up mitigating action plan in place •Composition: diverse functions with a link to the risk management •Role of the Risk Manager Attention points: •Role to be defined clearly • Priorities in line with the objectives of the company •Coordinated approach •Added value for the business and the operational people Guberna Alumni Event – 19/06/2014 11 Enterprise Risk Management Although many RM initiatives and tools already exist – Need to implement a comprehensive way of work Goals of an ERM : Transparency •Visibility •Structure (framework) •New angle (insight and challenge) for the decision making • Guberna Alumni Event – 19/06/2014 12 Enterprise Risk Management Risk Management Committee + Risk Assessment Basement of an ERM Guberna Alumni Event – 19/06/2014 13 Enterprise Risk Management Three phases of risk management Guberna Alumni Event – 19/06/2014 14 Impact of company size •Small Companies: •CEO = Risk Manager ! •Attention point: no formal approach and assessment •Mid-sized companies: •A senior manager in charge of “risk management” •Evolution of the function RM linked to the increasing of the company •Big / Multinational companies: •Need to have an organized and structured approach •Compliance and legal requirements = triggers for the RM development Guberna Alumni Event – 19/06/2014 15 Risk Manager profile Conditions in order to give Risk Management a decisive role within the business • To be efficient and to prove its added value • To be legitimate • To be credible to the Top Management and/or the Audit Committee • To have excellent relationships within the company • To be known and recognized by the outside world Guberna Alumni Event – 19/06/2014 16 Ferma Benchmarking survey (2012) Diversity of Risk Management in a riskier world Risk Governance: • Main factors triggering Risk Management: compliance & legal requirements (61%), shareholders (33%), social responsibility (31%), catastrophic event (26%), major insurance issues (19%) • Risk Management objectives: provide assurance that major risks are under control (76%), minimize operational losses (63%), align risk appetite and strategy (36%) • Risk Management standards: internal framework (37%), Coso (29%), ISO 31000 (25%) Guberna Alumni Event – 19/06/2014 17 Ferma Benchmarking survey (2012) Diversity of Risk Management in a riskier world Risk Management practices: • RM function globally report to: CFO (36%), CEO(23%), Board of Directors (18%), Audit Committee (14%), Legal (9%) • Different risks functions are no longer working « in silos », but level of coordination remains limited • Companies with more mature RM practices generate the highest growth in EBITDA Guberna Alumni Event – 19/06/2014 18 Conclusion •Three lines of Defense Model: •The objective is not to add more layers of control but to better coordinate these layers •Risk Management = risk monitoring •Internal Audit = risk assurance •Importance of the Audit Committee •Risk Management Committee + Risk Assessment = basement of ERM •Risk Management approach to be adapted to the size of the company •Survey results (2012): •Main trigger for RM: compliance & legal requirements •Main objective: major risks under control •RM reports to Senior / Top Management • Link between mature RM pracrices and growth in EBITDA Guberna Alumni Event – 19/06/2014 19 … Hope for the Best & Prepare for the Worst ! Guberna Alumni Event – 19/06/2014 20