This action might not be possible to undo. Are you sure you want to continue?
Organisations of all types and sizes face internal and external factors that create uncertainty. The effect this uncertainty has on an organisation's objectives is “risk”1.
on building Enterprise Risk Management in companies in Russia, the CIS and CEE
What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers
Companies around the world must today deal with risks that are much more interconnected and therefore more challenging to manage than those they were dealing with under more favourable economic conditions2. Never before has sound risk management been so important for company profitability and, in some cases, survival. Risk management is by no means a new initiative; it has been around since the 1980s. Indeed, companies inherently have always been managing risks. Active discussion at the executive level around investment decisions and successful change management activities are all examples of risk management in action, even though sometimes applied informally. The investment community, credit rating agencies and regulators are putting pressure on company management and boards within Russia, the CIS and CEE to further raise the bar in terms of formalisation and consistency of risk management approach. There is a general industry push to make risk management a continuous process that supports internal changes and decisions and allows the organisation to respond well to external changes. Regardless whether your company has already established a risk management foundation or is only starting out the process, this document will be a useful resource.
1 ISO31000:2009 Risk management — Principles and guidelines 2 Global Risks 2010, A Global Risk Network Report, World Economic Forum
Many organisations across the CEE region are re-evaluating the need to develop robust Enterprise Risk Management (ERM). Some are at the start of the journey, with unintegrated or no framework in place; others are looking to move from small, established risk management functions at the group level to a function that extends deeper within the organisation. Whatever the case may be, establishing ERM is not an overnight process and companies should take a staged approach: 1. Prepare for the mind shift. Building ERM will require changes to the organisation’s culture and processes. Before you embark on the journey, prepare: read the available literature, familiarise yourself with the available standards, be ready for tough questions and have a plan. 2. Take it one step at the time. Obtain the commitment and support of senior management. Know the end game, but change the company mindset one step at a time. 3. Achieve quick wins and win people over. Show management results to prove that risk management can significantly improve the way the company operates. Don’t wait a year until ERM is fully implemented – share the success stories as you go.
procedures and practices to the activities of communicating. treating.At a glance Risk management is the systematic application of management policies. More CEOs intend to change their risk management process than any other element of their strategy. compliance and business processes Technology support Risk management is not a stand-alone activity. 2 PricewaterhouseCoopers . including strategic planning and the project and change management processes. 3 PricewaterhouseCoopers: Management Barometer. identifying. It is what great companies do every day. evaluating. but is seen as something that needs to be embraced by the organisation as a whole. Clearly. organisation or business model. Risk is not only moving up the corporate agenda in response to the crisis. consulting. analysing. Strategy and governance People and organisation Processes Technology Vision and strategy Culture and risk appetite Communications Policies and procedures Organisation and responsibilities Trainind and HR development Risk management. The global perspective on risk management Responses to this year’s 13th Annual Global CEO Survey signal that risk management is becoming a permanent element of the organisational strategic planning process. Global CEOs are becoming more risk aware: 41% anticipate a ‘major change’ to their risk management approach4. 2007 г. And more boards are increasing their engagement with strategic risk assessment than any other item on the boardroom agenda. monitoring and reviewing risks3. It is part management’s responsibilities and an integral part of all organisational processes.
share experiences and get to know your peers is also effective. key roles and responsibilities. The plan should clearly highlight the staged approach. and show roles and responsibilities and timeframes. having a plan is essential. you are not alone. identify key stakeholders at the board and executive levels. ISO 31000:2009 Risk management — Principles and guidelines and FERMA Risk Management Standard. make sure you are prepared to answer some tough questions along the way. 2002 are just some of the examples. Build a business case for ERM Integrating risk management requires making changes. Identify one or two historic examples specific to your company to show how sound risk management could have prevented or minimised adverse impacts (do so without attributing blame to anyone). regardless whether your company has an established risk management foundation or is just starting out.01 Introducing sound risk management will require changes to the organisation’s culture and processes – be prepared Before you embark on the journey. It may help to determine one or two existing business processes within the organisation that could be significantly improved by integrating an element of risk management (for example. Get support and buy in Risk management must start at the top.and long-term deliverables. PricewaterhouseCoopers 3 . The business case should not only highlight the benefits of ERM. timeframes and expected short-. There is a wealth of literature on the subject. and you should prepare a business case to justify these proposed changes. so before you begin. Information provided in this 10 minutes brochure will help you put together a business case. Attending risk management forums to listen to new ideas. medium. identify quick and longer term wins. Have a plan! Risk management is a journey and. The good news is. board reporting or investment decision-making) and get support from the process owners before presenting the business case for ERM. but also clearly articulate the need for change. and many recognised international organisations have published risk management standards and best practice guides that will help you.
don’t try to tackle changing all the processes at once – take it one step at a time. For example. if a company has significant exposure to a particular risk type (for example. pick board reporting and expand the scope a bit by adding information about significant emerging and existing risks and what is being done to mitigate them. currency risk). stakeholder expectations and the external environment in which the company operates. Risk management should not be a “bolt on” to the company’s existing processes.02 Risk management is a journey – take it one step at the time The risk management approach should be unique for every organisation – there is no “one size fits all” solution. Strategic planning Internal and external reporting Riskoversight Know the end game Risk management has long been considered to be an integral part of the organisational framework and one of the key elements of corporate governance. risk management should be looked at in the context of the overall organisational framework. Similarly. Take it one step at a time While your longer term aim should be to change the way the company thinks about risk and operates. Clearly. This will help to improve the reports and highlight the value of risk management. the latter would need a much more formal and integrated ERM system. Consider two extremes: A small speculative company operating in a high-risk environment will have a very different ERM process from that of a large “pillar of society” company owned by a large number of risk-averse shareholders and operating in a highly regulated environment. Whatever the required complexity. it should be something management considers every day as part of their job. the company may choose to develop additional procedures to deal with that risk. Organisations that have been successful at implementing ERM had a plan and shared the common end vision. but took a staged approach. The complexity and maturity of the overall risk management effort should be directly linked to the board’s willingness to accept risk. Consider which of the organisational elements could benefit most from integrating risk management. Integrating ERM Change management Decision making Effective organisational framework Project management 4 PricewaterhouseCoopers .
This could significantly reduce the level of bad debt. Transparency of information. This helped to create a level of transparency and risk oversight at the board level. Every organisation is different.03 Aim for quick wins and win people over Make risk management stick in the organisation by sharing success stories and delivering quick wins. Consider a procurement function where through upfront risk identification. Increase efficiency and reduce costs. We will use a couple of case studies to show how quick wins can be implemented: Case study 1 Management at large international airport decided to enhance the quality of their financial and operational board reporting by including additional information about significant emerging and existing risks and what management is doing to mitigate them. This allowed senior management to better understand the risks that may prevent achieving the company’s strategy and strengthened their responsibility and ownership over company risk management. counterparty risk levels are recorded and appropriate controls are implemented. Understanding the underlying values of sound risk management will help you to aim for quick wins first: 1. PricewaterhouseCoopers 5 . 4. 3. Case study 2 A large real estate development company incorporated risk assessment within their annual strategy and planning cycle. 2. Providing board members and the executive team with adequate information about key exposures (risks). Decisions put before executive management require a full appreciation of the risks surrounding them and how these risks might be controlled to ensure successful outcomes. and it is important to focus your risk management efforts on the areas that will be of the most benefit for you. their significance to the company and what is currently being done to prevent or mitigate them. Informed decision-making. Risk management can also help to achieve significant operational efficiencies and reduce costs. Having in place mechanisms for early risk detection will help to reduce surprises. Dealing with uncertainty and surprises. thus building trust and confidence in the management team and further strengthening the risk management culture within the organisation. Risk management helps to minimise uncertainty surrounding the achievement of organisational goals.
Take action!m 6 PricewaterhouseCoopers . including: • Improved strategic and operational planning and budgeting • The ability to make critical business decisions with better data. Inaction can be a value killer Integrating risk management into the organisational framework provides numerous benefits. and escalate critical risk issues • The ability to provide a ‘comfort level’ to the board and other stakeholders that the full range of risks are understood and managed ERM checklist Do a stock take of existing risk management practices Research and select a risk management methodology to be consistently applied across the organisation Have a plan Get commitment and support Pick a pilot/aim for quick wins Roll out the staged ERM programme Analyse the results and share success stories Organisations that focus their attention on understanding risks and actively managing them are the ones to most often reap the rewards.Take action Benefits of sound risk management far outweigh the costs involved. improving your chance of success • Less time spent reacting to risk issues. correct. quickly detect. and more time on using risk management to tell you more about emerging risks • Improved ability to prevent.
sidorenko@ru. risk and compliance Tel. Russia and CIS Tel. risk and compliance leader CEE. John Wilkinson Partner Governance.com PricewaterhouseCoopers 7 .pwc.: + 7 (495) 967-6162 alexei.d.: + 7 (495) 223-5046 john.com Alexei Sidorenko Manager Governance.pwc. risk and compliance team can provide your company with an independent assessment of your risk management maturity and provide practical and objective advice to optimise your risk management processes during this time of change.wilkinson@ru.How can PwC help Our governance.
as the context requires. or.ru © 2010 PricewaterhouseCoopers LLP. “PricewaterhouseCoopers” refers to PricewaterhouseCoopers LLP. the PricewaterhouseCoopers global network or other member firms of the network. a Delaware limited liability partnership.pwc.www. All rights reserved. . and should not be used as a substitute for consultation with professional advisors. each of which is a separate and independent legal entity. This document is for general information purposes only.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.