Weds – 7 PM FSB 0025
ERM & CSR
ERM (Enterprise Risk Management)
Cross functional approach taken by organizations to better manage the outcomes that result from uncertainty: negative outcomes (risks), positive outcomes (opportunities)
The above issues represent uncertainty regarding their outcomes
Risks should be taken (optimized) while others should not be taken (mitigated with risk responses)
ERM things that haven’t happened yet; uncertainty then reveals itself
Benefits/Goals of ERM integrated management reporting enables focus on the risks that matter the most, identify & manage cross-enterprise risk, minimize operational surprises & losses, reduces vulnerability to adverse events, risk-aware culture, enhance risk response decisions, align risk appetite and strategy
Scope of ERM (almost anyone you can think of) Operations, External Factors, Finance, Legal, IT
ERM Accountability and Responsibility
Biggest chunk is on CFO, then Chief Risk Officer, then CEO
If you don’t understand your price/risk mgmt., you won’t be an effective CFO
Upside Risk Book → More risks exists today than they did in the last decade
The % of firms losing huge percent of their market capitalization and having a harder, slower time getting it back as compared to a decade ago
More and more firms are recognizing need for ERM functions
Have to figure out what risks to take
Eli Lilly? Coke? Google?
Eli Lilly – have drugs approved by FDA for certain uses but sells them for other reasons (off-labeling)
Coke – health problems, obesity problem, aspartame, trying to get away from carbonated beverage
Google – user basis is diverse but workforce isn’t diverse
Trick is to optimize and not minimize outcomes
Requires a portfolio approach across the entire organization
Think of the risks together v. the other risks you face
Graph of Likelihood (x-axis) v. Impact (y-axis)
Levels: Low, Medium, High
Risk Appetite Line (linear decreasing line)
Inherent risk points above and below line
Usually put up 20 inherent risks
If you have 2 inherent risks above line and 1 below, then your portfolio is off balance
Too risky & reduce one inherent risk to a residual risk, which is on the risk appetite line
Nike Example → Peterson v. Tiger v. Manning; Stars v. Teams v. Leagues
Why does Nike spend all this money to associate with big time athletes? If I wear that product, I’ll play like that athlete
Look at those three athletes:
Manning: less risky athlete, below the risk appetite line
Tiger: now, he’s more on the line of the risk appetite line
Peterson: way above risk appetite line…so risky, Nike does not want to associate with him anymore
Plotting risks and opportunities
Two factors usually considered
Likelihood of risk actually occurring (0 < x < 1)
Magnitude of impact if risk actually occurs (time IT system being down, revenues lost, costs incurred, reputation damage or enhancement)
Risk appetite – shows risks and opportunities
Crisis management – low likelihood, high impact
Crises → Wendy’s finger in chili, Tylenol coincide (1980s), Jet Blue waiting on runway for 8 hours while all other airlines in JFK airport got passengers off of plane before being stuck on planes on runway (2007), etc.
Event v. Creep crises → how do I know when I am in a crisis for creeps? →bad CEO like at Wal-Mart 2007
Responding to risks
Three basic risk response options
Accept – do nothing differently
Most common because of resource constraints
Need to document that Accept was the agreed upon best response at the time given the information available, just in case the uncertainty reveals itself in a negative way
^ Have to do this because some things are unavoidable, resource issue ($$)
Avoid – cease conducting the underlying activity
WDW Monorail
No longer can ride in the front care after 2:30 am (because of 2010 accident at the Ticketing/Transportation Center in which the monorail operator was very tired and a control broke down) WDW cannot accept this level of reputational