Risk Transformation

Diagnostic
Enabling RT growth across APAC

1 April 2016
Today’s presenters

Justin Dundas-Smith Kathrin Becker Dora Chan

Partner Director Consultant
APAC Risk Transformation Risk Transformation Risk Transformation
Competency Lead Asia-Pacific Advisory Centre Asia-Pacific Advisory Centre

Page 2
Topics to cover

01
RT diagnostic 02
RT diagnostic as 0 3
Key target
overview a growth enabler clients

04
Execution of the 05
Collaborating with 0 6
Tracking opportunities
RT diagnostic the AAC RT team in CRM

Page 3
Learning objectives

What is the Risk

Why do we believe that any
1 Transformation Diagnostic?
company would benefit from
an RT Diagnostic?
2
Who are the target clients
3 that can benefit from the RT
Diagnostic?
Why do we believe that any
company would benefit
from an RT Diagnostic?
4
How is the RT Diagnostic
How can I leverage the AAC 5 executed?
RT team to start having risk
maturity conversations with
6
my clients?

Page 4
 What is the
Risk Transformation
Diagnostic?

The bette r the quest ion. The better the answer.

The bette r the world works.
 Overview
RT diagnostic overview
What is it?

Enabling Growth
A new way of delivering a more effective and

Key Clients
impactful assessment of a client’s
Governance, risk management and
compliance (GRC) program

Execution
Collaboration
CRM Tracking
Page 6
 Overview
RT diagnostic overview
The RT Diagnostic is focused on GRC

Enabling Growth
GRC

• Defined as a set of functions that oversee and manage risk and

compliance across the organization in support of the company’s business

Key Clients
objectives

• While companies do not always have the same set of functions or

manage the same risks, they have a similar goal: manage the spectrum of

Execution
risks that impact the achievement of company’s business objectives

The RT

Collaboration
Diagnostic Provide rapid assessment of Highlight key areas Provide executives with a co-
current maturity for the functions of focus based on developed roadmap with
is designed involved in Governance, risk business forces and prioritized initiatives identified
to: management and compliance risk drivers for the organization and
processes accelerate resolution of

CRM Tracking
issues

Page 7
 Overview
RT diagnostic overview
Understanding “G”, “R” and “C”

Enabling Growth
Governance Risk management Compliance

• Drives accountability for

Key Clients
• Provides visibility into • Oversees and manages
compliance & risk
pertinent risks for enterprise’s response to
management
informed decision making regulatory requirements
• Aligns with organizational
objectives through policy

Execution
Enterprise level processes
► While GRC typically refers to “Governance, risk management and

Collaboration
compliance” as a singular concept, each of these three areas is unique in
the value it brings to the enterprise.

CRM Tracking
Page 8
 Overview
RT diagnostic overview
5 dimensions of risk

Enabling Growth
Risk information fully
Risk is only considered
Governance integrated into performance
periodically and based
management and

Key Clients
on lagging information
decision making

Management
Risk champions throughout
Inconsistent processes,
business supported by
manual reporting,
consistent processes and
annual risk workshops

Execution
automated reporting
People Process Technology

Culture
Risk seen as a ‘painful’, ‘Risk culture’ fully embedded
compliance driven into organisational ethos and
requirement daily operations

Collaboration
CRM Tracking
Page 9
 Overview
RT diagnostic
Project Lifecycle

Enabling Growth
Rapid assessment
Validation interviews Pre-Project
Evaluate & prioritize
GRC vision & strategy

Key Clients
Project
Measure value achieved Lifecycle

Execution
Document lessons learned
Demonstrate maturity
improvement
Refine roadmap

Post-Project

Collaboration
Prioritised implementation
Scope change management
Roadmap refinement for
tactical opportunities
Project
Implementation

CRM Tracking
Page 10
 Why do we believe that
any company would
benefit from an RT
Diagnostic?

The bette r the quest ion. The better the answer.

The bette r the world works.
RT diagnostic as a growth enabler

Overview
A mature risk management entails competitive advantage

Enabling
Growth
Key Clients
EY’s research and Our research suggests this
experience show that
In other terms, translates to competitive
organizations with more
mature risk management mature risk advantage: Companies with
practices outperform management more mature risk management

Execution
their peers financially. drives financial practices generated the highest
results
(From EY publication growth in revenue, EBITDA and
“Turn risk into results”) EBITDA/EV.

Collaboration
CRM Tracking
Page 12
RT diagnostic as a growth enabler

Overview
Changing how companies view risk

Traditional view of risk Evolving view of risk

All risks are threats.
Risk management is a compliance and an
audit exercise
Enabling
Growth
Some risks are threats. Other risks are opportunities.
Risk management is a competitive advantage which
drives financial performance.

Focus on: preventable risk Focus on: strategic, preventable and external risks

Key Clients
Execution
Silo view Business view

Collaboration
Manage the internal risks that I can control Manage the risks (both internal and external)
within my function that impact the business overall

► Overspending on risk by at least 25-30% ► Outperformed peers financially

► Not focused on the risks that matter and create ► Generated the highest growth in revenue, EBITDA
value and EBITDA/EV
► Failing to anticipate and respond to emerging risks ► Improved risk information, streamlined processes

CRM Tracking
and reduced costs

Page 13
RT diagnostic as a growth enabler

Overview
Our GRC Survey 2015 shows that there is room for improvement and
opportunities to be seized

Organizations today are
challenged with a rapidly-
changing risk landscape
including market volatility,
While this creates many
challenges for
organizations, it also
Enabling
Growth
We found that organizations
are making progress in
improving the way they
manage risk in response to a

geopolitical crises, wide-
spread economic changes,
regulatory reforms, and
cyber threats.
presents an opportunity to
take advantage of the
potential of risk
Key Clients
changing risk landscape.
However, there is further
room for improvement and
opportunities to be seized.

Execution
The RT

Collaboration
Diagnostic
is designed Identify areas for Prioritize the Translate them
improvement and the
to: opportunities to create
areas into actionable
items
value

CRM Tracking
Page 14
 RT diagnostic as a growth enabler
Consistent, proven approach provided by the diagnostic drives
purposeful actions based on client’s needs and key risks
Sector Risk drivers Diagnostic approach
Teaming with Internal Audit to
assess “audit fatigue” and
Healthcare consider how Governance, risk
management and compliance
can be streamlined
Diagnostic used for interviews,
Power & business case and roadmap
Utilities development as an expansion
of a Compliance framework
Conduct survey-led diagnostic
Media &
to cover 15 countries and 20
Entertainment areas of Compliance
Used in conjunction with a
control based review to assess
Manufacturing overall maturity of Governance,
risk management and
compliance capabilities
Holistic review of Governance,
Diversified risk management and
Industrial compliance across a
decentralized global footprint
Page 15
Overview
Value to client Prioritized actions
Enabling
Growth
Realized need for “2nd • Standardization and
line” risk & compliance integration of disparate
resources & processes within the
immediately hired business unit
• Teaming between Risk
Key Clients
Established partnership management and
with ERM & obtained Compliance functions
funding for multi-year • Organizational momentum
development of eGRC for Governance, risk
program & system management and
compliance initiatives
Identified opportunity to • Development of multi-year
Execution
drive standardization roadmap
for Compliance to align • Governance & taxonomy
with company-wide org projects immediately scoped
redesign and requested
Recognized the need • Follow-on projects included
to centralize, three key areas:
standardize, and • GRC PMO design
Collaboration
enhance its GRC • Delegation of authority
processes • Information security
Development of broad • Policy project immediately
support for “One view scoped and requested
of risk” across • Governance and technology
executive team enablement projects planned
CRM Tracking
RT diagnostic as a growth enabler

Overview
Where have we already Where a similar approach is used

Enabling
Growth
performed the RT Diagnostic in APAC

Key Clients
Execution
Collaboration
CRM Tracking
Page 16
 Who are the target
clients that can benefit
from the RT Diagnostic?

The bette r the quest ion. The better the answer.

The bette r the world works.
Key target clients

Overview
What drivers/triggers indicate that my client is ready for an RT Diagnostic?

Enabling Growth
Changes in
business New Chief Risk Decentralized Business case Lack of GRC
strategy or Officer (CRO) or operating support Technology in
direction Chief Ethics and models, place to support
(emerging Compliance acquisitions, risk reporting
markets, trends, Officer (CECO) organizational and decision
was appointed changes or making

Clients
competition,

Key
services, complex
customer operating
lifestyle, or environments
regulations)

Execution
Program An Enterprise Internal audit Lack of full Unclear
maturity review Risk review/ visibility and/or governance for
Management assessment of understanding risk
project (ERM) is enterprise GRC of how risk and management

Collaboration
being initiated compliance are and compliance
managed

CRM Tracking
Page 18
Key target clients
What drivers/triggers indicate that my client is ready for an RT Diagnostic?
Current state challenges
 Multiple and silo-d risk and/or
Complex compliance activities at
Corporate and entities
 Lack of clarity around areas of
responsibility
 Risk & compliance
Reactive implications not considered
until after starting new
business initiatives
 Second line of defense is
unclear on their role
 “Fire drills” are common
 Inquires are driven more from
the business
 Limited visibility to silo-d
Fragmented activities
 Fragmented, manual and ad-
hoc reporting
Page 19
Overview
Enabling Growth
Role of the RT diagnostic
 Identify the need to develop a governance structure
Simplified with centralized oversight and clear roles /
responsibilities for Corporate and entities
 Orient the organization according to the three lines
of defense
Clients
Key
 Recognize overlaps, and gaps in existing processes and
Proactive benefits of developing, documenting and formalizing
processes
 Highlight the importance of defining frameworks,
standard definitions, and common scales
 Ascertain drivers for pain points highlighted in both
Execution
interviews and surveys
 Categorize standards, guidelines and tracking needed
for consistency
 Identify trends / themes to drive program enhancements
 Formal assessment processes to monitor operating
effectiveness of key compliance procedures and
Collaboration
controls
 Provide perspective on the foundational elements
Integrated needed to successfully enable technology to sustain
governance, risk management and compliance
 Illustrate visibility needed by senior leadership
CRM Tracking
Key target clients

Overview
We can execute a Diagnostic for any client – both Channel 1 & Channel 2

Enabling Growth
We can execute a Diagnostic for virtually any client, both Channel 1 &
Channel 2, as it is an assessment.

The SORT Service that RT Diagnostic rolls into is Risk Convergence (GFIS Code Global

Clients
Key
293). These type of services are allowed for Channel 1 clients, subject to certain
considerations which are all verified in the case of RT Diagnostic.

Execution
EY will not be designing EY will not be
nor implementing EY will not provide
performing monitoring

Collaboration
aspects of our client’s loan staff nor act in
or other client the capacity of a
financial process, management functions
system or internal client’s employee
controls.

CRM Tracking
Page 20
 How is the RT Diagnostic
executed?

The bette r the quest ion. The better the answer.

The bette r the world works.
Execution of the RT diagnostic

Overview
How to use the RT Diagnostic

The materials provided in the RT
Diagnostic toolkit are to be used as
a starting point
Enabling Growth
The enablers provide the level of
detail needed to make this concrete
at each of our clients but needs to
be customized to fit your client

Key Clients
needs

The four phases of the RT diagnostic method

Execution
Output:
Questionnaire: Interviews: Workshops:
Planning GRC vision &
Rapid assessment Validation Prioritization
strategy
1. Utilize the 2. Finalize survey 4. Review results of 7. Conduct 8. Prepare final

Collaboration
slides and interview survey workshop(s) deliverable of
included to approach with the 5. Conduct meetings with executives vision and
plan and client with key client to co-develop roadmap
socialize the 3. Conduct survey stakeholders vision for GRC 9. Prepare
upcoming 6. Finalize maturity & and prioritize supporting
diagnostic potential initiatives initiatives business case

CRM Tracking
Page 22
Execution of the RT diagnostic

Overview
How to use materials on RT Diagnostic SharePoint

Enabling Growth
Key Clients
Execution
Collaboration
CRM Tracking
Page 23
 Execution of the RT diagnostic

Overview
How to use materials on RT Diagnostic SharePoint

Enabling Growth
Documents on RT Diagnostic SharePoint to use

Getting started 01 Getting Started Guide

02 Client Discussion Deck

Pursuit 08 Credentials
Coming soon – Proposal Template, Client Placemats

Key Clients
03 SOW Example
Planning 04 Sample Project Plan
05 Client Kickoff Deck
Questionnaire: 06a GRC Questionnaire Guide

Execution
Rapid 06 GRC Questionnaire
assessment 07 Framework and Maturity Model
4 phases of the RT
diagnostic method

Interviews:
09 Client Interview Agenda
Validation

Collaboration
Workshops:
11 Observation Log
Prioritization

Output:
GRC vision & 10 Sample work products and roadmaps

CRM Tracking
strategy

Page 24
Execution of the RT diagnostic

Overview
The RT Diagnostic has highlighted opportunities across a variety of
service offerings and service lines

Enabling Growth
Governance, risk management and compliance roadmap

Key Clients
Risk
Governance Compliance
management
Enterprise Risk Program Risk Risk & Controls

Execution
Policy development Regulatory Compliance
Management Management Transformation
FAAS, Cyber Security RCTS
REPM PRM RCTS
Analysis of tax Third Party Risk Cyber Program Finance and treasury
Finance Transformation risk management
implications Management Management (CPM)
PI FSO
Tax REPM Cyber Security
Manage changes to

Collaboration
Analytics IT Risk Management Transaction Advisory Fraud, Legal and Ethics
organization & people
EI ITRM TAS FIDS
P&OC
GRC Technology GRC Technology ERP Services (SAP,
Strategy Supply Chain
Assessment Enablement Oracle)
PI PI
RT RT RCTS
IA Co-sourcing IA Transformation Information Security Contract Risk Assurance SOCR Reporting

CRM Tracking
IA IA Cyber Security FAIT FAIT

Page 25

Execution of the RT diagnostic
General guidelines
On average, a team with a
minimum of three is
recommended, as shown.
Pricing ranges from $150,000 for
a simpler diagnostic to $250,000
- $350,000 for a more complex
diagnostic covering multiple
sites and topics.
Page 26
Overview
Enabling Growth
Engagement Partner
Provide oversight
Risk Transformation Senior Manager
Key Clients
Guide engagement, perform interviews,
review work products
Manager
Execution
Manage day-to-day execution, take notes
and draft documentation
The RT Diagnostic is a
Collaboration
differentiated service and not
intended to be provided
complementary, which would
discount its value.
CRM Tracking
 How can I leverage the
AAC RT team to start
having risk maturity
conversations with my
clients?

The bette r the quest ion. The better the answer.

The bette r the world works.
Collaborating with the AAC RT team

Overview
Enabling Growth
Leverage the RT Diagnostic resources

Key Clients
RT Diagnostic contact information
RT Diagnostic
and toolkit are posted in the RT
Yammer group
Diagnostic CHS page

Execution
Additional files to be released throughout the Talk to us!
coming weeks! Kathrin Becker

Collaboratio
e.g. Diagnostic questionnaire instruction guide, GRC operating
Dora Chan

n
model, Prioritization workshop materials & guidance

CRM Tracking
Page 28
Tracking opportunities in CRM

Overview
Please tag any and all opportunities in Interaction as shown below

Enabling Growth
Key Clients
From “Source of the

Execution
opportunity” drop-down
list, please select “Risk
Transformation
Diagnostic”

Collaboration
Tracking
CRM
Page 29
Tracking opportunities in CRM

Overview
Please tag any and all opportunities in Interaction as shown below

Enabling Growth
From “Centers of

Key Clients
excellence” drop-down
list, please select “AAC
- Risk Transformation”

Execution
Collaboration
Tracking
CRM
Page 30
Collaborating with the AAC RT team

Overview
Spread the word!

Enabling Growth
1 Leverage the RT Diagnostic resources: CHS and Yammer

Promote the RT Diagnostic among your teams and at your

2 clients

Key Clients
Identify suitable clients for an RT Diagnostic on their GRC
3 processes and notify Kathrin/Dora for pipeline tracking

Execution
Set up meetings to review GRC survey results with key clients
4 to drive discussions on doing an RT Diagnostic

Collaboratio
5 Start NOW.

n
CRM Tracking
Page 31
Q&A

*Please do the post-webcast

survey at the end of this webcast!

Page 32