Enterprise Risk Management
Krista Turner, Manager, Underwriting & Risk Services Melissa Ness, Director, Finance & Tax
Enterprise Risk Management
• What is Enterprise Risk Management (ERM)?
• What types of risks are considered in ERM?
• Does your organization need an ERM program?
• Who should be involved with an ERM program?
• How do you implement an ERM program?
• What could happen if companies don’t implement ERM programs?
What is Enterprise Risk Management (ERM)?
A specific discipline that encourages us to look at:
– the combination of risks that companies face;
– the chances that those risks might be correlated; and
– the outcome if all risks occurred at the same time.
What types of risks are considered in an
ERM program?
1. Strategic Risks 2. Operational Risks 3. Financial Risks 4. Insurable RisksDoes your organization need
an ERM program
?
Do you have any or all of the following?
– Employees
– Employee turnover
– Employee training
– Workers’ compensation insurance
– Property and casualty insurance
– Employment practices liability insurance
– State unemployment tax
– OSHA exposure
– Sensitive client information
Who should be involved with
an ERM program?
Everyone that is involved with the day-to-day operation of your business…
• All Owners
• All Management
How do you implement
an ERM program?
The Institute of Internal Auditors (IIA) identifies six key steps to implementing an effective ERM program:
1) Establish an ERM culture.
2) Determine your risk appetite.
3) Perform risk assessments.
4) Identify risk responses.
5) Communicate risk results.
How do you implement
an ERM program?
How do you implement
an ERM program?
How do you implement
an ERM program?
How do you implement
an ERM program?
How do you implement
an ERM program?
How do you implement
an ERM program?
What could happen if companies don’t
implement ERM programs?
When looking at risks, we know that the combined impact of negative outcomes can be much more material than the individual outcomes themselves.
What could happen if companies don’t
implement ERM programs?
Sample scenario:
A Service Company with 15 employees has two
dissatisfied employees in the sales department. These employees leave to work for a competitor.
Risk Analysis – Scenario 1
Risk 1A: Employee Turnover
Two sales employees leave, reducing operating expenses by $100,000.
Company must hire a recruiter to
replace the two employees. Two new sales employees earn base salaries of $60,000. Recruiter fee is $12,000.
Income Statement Before After (Loss)/Gain Gross Profit 1,750,000 1,750,000 -Operating Expenses 1,200,000 1,232,000 (32,000) Net Income 550,000 518,000 (32,000)
Risk Analysis – Scenario 1
Risk 1B: Loss of Business
Two large clients leave and follow former sales employees to the
competitor. The Company loses 20% of revenue.
Income Statement Before After (Loss)/Gain Gross Profit 1,750,000 1,400,000 (350,000) Operating Expenses 1,200,000 1,200,000 -Net Income 550,000 200,000 (350,000)
Risk Analysis – Scenario 1
Risk 1C: Unemployment Insurance
Company doesn’t have time to fill out paperwork and attend hearings to fight unemployment claims – their
unemployment rate goes up on all employees which costs the Company $20,000 annually.
Income Statement Before After (Loss)/Gain Gross Profit 1,750,000 1,750,000 -Operating Expenses 1,200,000 1,220,000 (20,000) Net Income 550,000 530,000 (20,000)
Risk Analysis – Scenario 1
Risks 1A, 1B and 1C occurring simultaneously:
-2 sales employees leave for competitor
-Recruiter engaged to hire 2 new sales employees
-Clients follow former sales employees to competitor
-State unemployment rate increases
Income Statement Before After (Loss)/Gain Gross Profit 1,750,000 1,400,000 (350,000) Operating Expenses 1,200,000 1,252,000 (52,000) Net Income 550,000 148,000 (402,000)
Conclusion
Enterprise Risk Management is critical to the long-term success of all organizations.
– What is Enterprise Risk Management (ERM)?
• A discipline where you look at all of your company’s risks together, evaluate the possibility that the risks may be correlated, and understand the outcome if all risks occurred at the same time.
– What types of risks are considered in ERM?
• All risk faced by your organization
– Does your organization need an ERM program?
• Yes
– Who should be involved with an ERM program?
• Everyone
– How do you implement an ERM program?
• Follow the six steps identified by IIA
– What could happen if companies don’t implement ERM programs?
• If negative risk outcomes occur simultaneously, the combined result can have a significant financial impact on your business.