NCVO Trustee Conference - Risk Management Workshop Pesh Framjee and - - PowerPoint PPT Presentation

NCVO Trustee Conference - Risk Management Workshop Pesh Framjee and Guy Biggin Crowe Clark Whitehill - Not for Profit group

Risk

The level of exposure to uncertainties that the

• rganisation must understand and effectively

manage as it achieves its objectives and creates value

Remember that risk aversion can lead to missed opportunities You must consider both opportunities and threats Remember that risk aversion can lead to missed opportunities You must consider both opportunities and threats

What Does this Definition of Risk Mean?

• Risk is not about a single point estimate
• Time frame is an important factor when evaluating

risk

• Not just threats; there is upside as well as downside
• Exposure and uncertainty are important factors
• New Charity Commission Guidance – CC26 The

Charity Commission for England and Wales

Understand

Risk appetite Risk vulnerability Risk contagion Risk sourcing

Enterprise-wide Risk Management is a Paradigm Shift

Fragmented Negative Reactive Ad hoc Cost-based Narrowly-focused Functionally-driven Integrated Positive Proactive Continuous Value-based Broadly-focused Process-driven

FROM TO

Doing it better

identifying and sourcing risk evaluating and prioritising risk managing/mitigating risk

Risk management in changing times

forward looking, trying to manage an uncertain future;

• pen, with appropriate disclosure to enable stakeholders to

understand what risks are being taken; constructive, about opportunity management as well as disaster prevention; unified, by integrating all units, functions and managers and following a coordinated process; strategic, driven by objectives, particularly the risks of adapting to the new challenges; evaluated, regularly and not just annually, facilitating the flow

• f knowledge and information about risk across the
• rganisation;

durable, structured to continuously evolve with changes

• Linking strategy to risk management

Rewarded risk

The primary impetus for taking these rewarded risks is value creation. Although they might have a significant downside, the potential upside is even greater.

Unrewarded risk

Getting unrewarded risk right doesn’t earn a premium from stakeholders, it simply meets their expectations. They can’t be ignored, but the primary incentive for tackling them is value protection.

Risk contagion

80 percent or more of all major value losses involve the interaction of more than one risk. many catastrophic losses are the result of a series of small events rather than a single large event. Be prepared to face the interaction of separate adverse events This needs an integrated and coordinated response to linked risks. The exposure to a portfolio of risks needs to be considered.

Risk vulnerability

Think about risks that occur outside the normal fluctuations, In the current climate events are rare or unprecedented, Rules are unknown and changing and driven by external factors The concept of vulnerability and risk interaction needs more focus If a risk is both relevant and has extremely high impact, it should be addressed, regardless of “remote” likelihood. “addressed,”, is not necessarily the same as “mitigated.” Recognise that sometimes improbable events do occur with devastating effect, Sometimes probable events fail to materialise. Understand the possible, and its impact, and not just the probable,

Risk assessment procedures

Agree who should contribute Determine the right forum for discussion – workshops, voting systems, peer challenge etc Standardised measures of frequency and impact Appropriate recording tool Continuous assessment and embedding

• The risk assessment process

Risk Response: Impact definitions

• !!

!" #$ # % # &#!'#!"# (# !! !" $#$$ ) * ## +#!#!,#- (# (# !" $$#$$$

• .

# +#!#!,#- )(# /##,- '$$$

Risk Response: Likelihood Definitions

• /
• (
• 1(23

4

• 5(#"

&! % 5(# &!! * 5(# 6!! . 5(#7#

Risk Response: Risk Ratings

Catastrophic

10 15 20 25 30

Major

8 12 16 20 24

Moderate

6 9 12 15 18

Minor

4 6 8 10 12

Insignificant ↑ ↑ ↑ ↑Impact

2 3 4 5 6

Remote Likelihood Unlikely Possible Probable Highly probable

Risk Strategy

Ten tips for better risk management

1. Let the board own risk management 2. Understand what you want risk management to deliver (and write it down and share it) 3. Ensure that your strategy on risk is clear and credible 4. Don’t leave responsibilities unclear 5. Look for the opportunities as well as the threats

Ten tips for better risk management

6. Keep on revisiting the risks 7. Select the right tools to manage them 8. Set the cost of containing risks against the benefits of taking them 9. Give information not data

• 10. Stay in the real world

If you want to learn more….

Pesh Framjee Partner, Head of Not for Profit Crowe Clark Whitehill LLP St Bride's House 10 Salisbury Square London EC4Y 8EH pesh.framjee@crowecw.co.uk nonprofits@crowecw.co.uk www.croweclarkwhitehill.co.uk Guy Biggin Senior Manger Crowe Clark Whitehill LLP St Bride's House 10 Salisbury Square London EC4Y 8EH guy.biggin@crowecw.co.uk nonprofits@crowe.co.uk www.croweclarkwhitehill.co.uk