Enterprise Risk

Management
Issues and Mechanics for Directors

Inspiring Leaders
1
Safeguarding Business.
Outline
Premise
Risk Perception
What Risk Is…
What Triggers Risk
The ERM Concept
The ERM Framework
Risk Impact and Effects
The Risk Assessment Process
Risk Evaluation and the Traffic Light
Risk Evaluation and Decision Making
Review of Cases
2
 Premise
Warren Buffet

“Risk comes from

not knowing what
you`re doing.”

Chairman/CEO of Berkshire Hathaway, net worth of

US$114.4 billion as of August 2021, making him the
world's seventh-wealthiest person.
3
Risk Perception

4
 What Risk is…

• Risk is “measurable uncertainty”.

• Uncertainty exists when the outcome of an event or decision is
unknown or cannot be predetermined.
• But, once uncertainty can be measured, in whichever way, it is
said to have been converted into risk.
• Underlying all risks is the common factor of change,
whose depth and frequency is an extenuating factor in risk
analysis and management.
• Deep & frequent change = Very high risk
• Shallow, infrequent & fairly predictable = manageable risk

5
 What Triggers Risk

• When the outcome of a decision, choice or event is not known

with certainty.
• The key factor is the ‘unknown’ attribute and its degree.
• As such, organizations usually have some committees saddled
with the responsibility of reviewing transactions and raising all
the risk issues that must be addressed before a final decision is
made by the entity.
• Business is risky, whereby the capital or equity is said to be risk
capital.
• There is natural interest in the factors that can cause a company to fail.

6
 The ERM Concept

“ERM is a process, effected by an entity’s

Board of Directors, Management and other
personnel, applied in strategy setting and
across the enterprise, designed to identify
potential events that may affect the entity,
and manage risk to be within its risk appetite,
to provide reasonable assurance regarding the
achievement of the organization’s objectives.”

• Committee of Sponsoring Organizations of the Treadway

Commission (COSO)
The ERM Concept (contd.)

ERM is a structured and disciplined approach to

aligning strategy, processes, people, technology and
knowledge with the purpose of evaluating and managing
the uncertainties the enterprise faces as it creates value.

ERM takes a holistic view of enterprise-wide risks

addressing critical business issues such as growth, return,
consistency, value creation and sustainability.
 The ERM Concept (contd.)
ERM can be an
effective operational
business and strategic
tool for coordinating
strategic response to
organizational risks.
Gradually, risks are no
longer regarded as
hazards to be avoided
but in most cases, as
opportunities to be
embraced and
expropriated.
ERM is an imperative
for organizations
seeking ways to build
stakeholder value.
As such, risk creates
opportunities that in turn
create and preserve value,
and results in stakeholder
wealth.
The ERM
Framework
 The ERM framework must
reflect the following:
 Risk management philosophy
 Objective setting
 Event identification
 Risk assessment
 Risk response
 Control activities
 Information and
communication
 Monitoring

10
 The ERM Framework (contd.)

1 Establishing the entity’s risk culture Internal environment

2 Setting the enterprise risk objectives Objective Setting

3 Identifying events that affect entity’s objectives Event Identification

4 Assessing risks based on likelihood and impact Risk Assessment

5 Evaluating possible responses to risks Risk Response

6 Establishing policies, procedures and control Control Activities

Information &
7 Enabling information exchange Communication

8 Evaluating effectiveness of the ERM programme Monitoring

11
 Risk Impact and Effects
Solvency
• The continuity in business of a company as a going concern. If risks are not properly managed,
an organization can end up as a ‘gone concern’.

Profitability
• This is the ultimate reward to a company for the services rendered to its customers.

Competitive position
• Value proposition that your organization delivers, and which makes customers prefer it to the
alternatives offered by competitors.

The cost of borrowing

• The cost of funds to an organization increases with its risk perception by stakeholders,
following the primordial risk/return relationship.
The Risk Assessment Process

Identify Risks

Develop
Assess Risks
Assess Risk
Assessment Assess Risks Prioritize Risks
Interactions
Criteria

Respond to Risks

13
 Risk Evaluation and the Traffic Light
Magnitude of Impact
 
Insignificant Minor Moderate Major Catastrophic
Likelihood of Occurrence

Almost
M M H H H
Certain
High risk (red) STOP
Likely L M H H H Average risk (yellow) WATCH
Low risk (green) GO
Possible L M H H H

Unlikely
L M M H H

Rare L L M M H
 Risk Evaluation and Decision Making

• The level of risk and the risk threshold will determine the decision taken by the
organization.
• The typical impact scale could be as follows:

Level Rating Definition

Extreme / Catastrophic 5

Major 4 Financial loss; negative media; loss of market share;

litigation loss and the legal costs; leadership
Moderate 3 indictment; regulatory sanction and holden action;
significant injury to customers and vendors; senior
Minor 2 manager exits; staff morale problems; etc
Incidental / Insignificant 1

15
 Risk Evaluation and Decision Making
(contd.)
• The typical likelihood rating could be as follows:
Annual Frequency Probability Factor
Rating Level Description Level Description
5 Frequent Once in 2 years or more Almost Certain > or = 90%
4 Likely Once in 2 to 25 years Likely 65% - 90%
3 Possible Once in 25 to 50 years Possible 35% - 65%
2 Unlikely Once in 50 to 100 years Unlikely 10% - 35%
1 Rare Once in 100 years or less Rare < 10%

• The decision is often referred to as risk mitigation as tabulated below:

Mitigation approach
Risk Level Decision
Avoid Reduce Share Accept
High Prevent at source √ √ √
Medium Detect & monitor √ √
Low Minimal control √

16
Review of Cases

17
 Case 1

• In the 1990’s, a large automotive company recognized an exposure to

price fluctuations in the rare metal palladium (a lustrous, silver-white
metal), which is an important component in catalytic converters.
• It took two actions:
• The purchasing department hedged the exposure by signing long-term contracts to
purchase palladium at stable prices.
• The company’s Research & Development Department recognized the same risk, and
redesigned catalytic converters requiring minimal palladium.
• In 2001, when the price of palladium dropped from $1,500 to $400, the
company suffered a loss of about $1 billion!

18
 Case 1 (contd.)

The problem?
• The company had a decentralized risk
management programme that didn’t have one
person overseeing the action plans being
undertaken by different groups within the Outcome!
system.

19
 Case 2

• In the year 2000, an emerging consultancy that provided training services to banks
and other financial institutions in Nigeria discovered that one of the large banks
(Bank X) accounted for about 62% of its income for the period January to October
of that year.
• The management recognize concentration risk and initiated a drive for business
from other big banks. By February 2001, this strategic move had yielded positive
results, with one of the other two big banks doing business with it regularly along
with a growing number of emerging institutions.
• In March 2001, the bank that dominated its income for most of 2000
suspended training, and this lasted up until September 2001.
• Most of its competitors that enjoyed patronage from Bank X suffered
income reversal.
• What lessons can we draw from this in business risk management?

20
 Case 2 (contd.)

The issue
• The company got it right, responded
appropriately and survived the sudden change
in policy/driver. Outcome!

21

Selected References
Thank you • B. Adedipe Associates Limited, Training
Materials on Enterprise Risk
God bless you more Management, 2007 to date.
• Booz & Co, Bringing Back Best Practices
in Risk Management, 2008.
• Committee of Sponsoring Organizations
of the Treadway Commission (COSO),
Risk Assessment in Practice, 2012
(survey by Deloitte).
• Dr. ‘Biodun Adedipe several years of
work experience in the risk management
space, especially in the banking and
financial services sector that include
board-level policy setting and reporting.
Contacts
B. Adedipe Associates Limited
Lateef Jakande House (3rd Floor)
3/5, Adeyemo Alakija Street
PO Box 73983, Victoria Island, Lagos
+234-9021150255
info@baaconsult.com.ng
www.baaconsult.com.ng
Dr. ‘Biodun Adedipe, FCIB, MIoD, FIMC, FERP
+234-8023061981
bioduna@baaconsult.com.ng
biodun_adedipe@yahoo.com
Mrs. ‘Laide John, B.Sc., M.Sc., AIoD
+234-7011880086
laidej@baaconsult.com.ng
olaideadeshola@yahoo.com
22