Professional Documents
Culture Documents
What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers
Companies around the world must today deal Many organisations across the CEE region are re-evaluating
with risks that are much more interconnected and the need to develop robust Enterprise Risk Management (ERM).
Organisations of all types therefore more challenging to manage than those Some are at the start of the journey, with unintegrated or
and sizes face internal they were dealing with under more favourable
economic conditions2. Never before has sound
no framework in place; others are looking to move from small,
established risk management functions at the group level
and external factors risk management been so important for company to a function that extends deeper within the organisation.
profitability and, in some cases, survival.
that create uncertainty. Risk management is by no means a new initiative;
Whatever the case may be, establishing ERM is not an overnight
process and companies should take a staged approach:
The effect this uncertainty it has been around since the 1980s. Indeed,
1. Prepare for the mind shift. Building ERM will require changes
companies inherently have always been managing
has on an organisation's risks. Active discussion at the executive level
to the organisation’s culture and processes. Before you embark
on the journey, prepare: read the available literature, familiarise
around investment decisions and successful
objectives is “risk”1. change management activities are all examples yourself with the available standards, be ready for tough questions
of risk management in action, even though and have a plan.
sometimes applied informally. 2. Take it one step at the time. Obtain the commitment and
support of senior management. Know the end game, but change
The investment community, credit rating agencies
and regulators are putting pressure on company
the company mindset one step at a time.
management and boards within Russia, the CIS 3. Achieve quick wins and win people over. Show management
and CEE to further raise the bar in terms results to prove that risk management can significantly improve
of formalisation and consistency of risk the way the company operates. Don’t wait a year until ERM
management approach. There is a general industry is fully implemented – share the success stories as you go.
push to make risk management a continuous
process that supports internal changes and
decisions and allows the organisation to respond
well to external changes.
Regardless whether your company has already
established a risk management foundation
or is only starting out the process, this document
will be a useful resource.
1 ISO31000:2009 Risk management — Principles and guidelines 2 Global Risks 2010, A Global Risk Network Report, World Economic Forum
pwc
At a glance Risk management is the systematic application
of management policies, procedures and practices
The global perspective on risk management
Responses to this year’s 13th Annual Global CEO
to the activities of communicating, consulting,
Survey signal that risk management is becoming
identifying, analysing, evaluating, treating, monitoring
a permanent element of the organisational strategic
and reviewing risks3.
planning process.
Policies and procedures Risk is not only moving up the corporate agenda in
Organisation and responsibilities response to the crisis, but is seen as something that
needs to be embraced by the organisation as a whole.
Trainind and HR development
Risk management, compliance and business processes Clearly, Global CEOs are becoming more risk aware:
41% anticipate a ‘major change’ to their risk
Technology support
management approach4.
2 PricewaterhouseCoopers
01
Introducing sound risk Before you embark on the journey, make sure you
are prepared to answer some tough questions along
Get support and buy in
Risk management must start at the top, so before you
the way. The good news is, you are not alone.
management will There is a wealth of literature on the subject, and many
begin, identify key stakeholders at the board and executive
levels. Identify one or two historic examples specific to
require changes recognised international organisations have published
risk management standards and best practice guides
your company to show how sound risk management could
have prevented or minimised adverse impacts (do so with-
to the organisation’s that will help you. ISO 31000:2009 Risk management
— Principles and guidelines and FERMA Risk
out attributing blame to anyone).
It may help to determine one or two existing business
Management Standard, 2002 are just some of the
culture and processes – examples. Attending risk management forums to listen
to new ideas, share experiences and get to know your
processes within the organisation that could be significant-
ly improved by integrating an element of risk management
be prepared peers is also effective. (for example, board reporting or investment decision-mak-
ing) and get support from the process owners before pre-
senting the business case for ERM.
Build a business case for ERM
Integrating risk management requires making changes, Have a plan!
and you should prepare a business case to justify these
proposed changes. The business case should not only Risk management is a journey and, regardless whether
highlight the benefits of ERM, but also clearly articulate the your company has an established risk management foun-
need for change, key roles and responsibilities, dation or is just starting out, having a plan is essential. The
timeframes and expected short-, medium- and long-term plan should clearly highlight the staged approach, identify
deliverables. Information provided in this 10 minutes quick and longer term wins, and show roles and responsi-
brochure will help you put together a business case. bilities and timeframes.
PricewaterhouseCoopers 3
02
4 PricewaterhouseCoopers
03
Aim for quick wins Make risk management stick in the organisation by
sharing success stories and delivering quick wins.
Every organisation is different, and it is important
to focus your risk management efforts on the areas that
will be of the most benefit for you.
and win people over Understanding the underlying values of sound risk man-
agement will help you to aim for quick wins first: We will use a couple of case studies to show how quick
1. Transparency of information. Providing board wins can be implemented:
members and the executive team with adequate Case study 1
information about key exposures (risks), their
significance to the company and what is currently Management at large international airport decided
being done to prevent or mitigate them. to enhance the quality of their financial and operational
board reporting by including additional information about
2. Informed decision-making. Decisions put before significant emerging and existing risks and what
executive management require a full appreciation management is doing to mitigate them. This helped
of the risks surrounding them and how these risks to create a level of transparency and risk oversight
might be controlled to ensure successful outcomes. at the board level, thus building trust and confidence
3. Dealing with uncertainty and surprises. Risk in the management team and further strengthening
management helps to minimise uncertainty the risk management culture within the organisation.
surrounding the achievement of organisational goals.
Having in place mechanisms for early risk detection
will help to reduce surprises. Case study 2
4. Increase efficiency and reduce costs. Risk A large real estate development company incorporated
management can also help to achieve significant risk assessment within their annual strategy and
operational efficiencies and reduce costs. Consider planning cycle. This allowed senior management
a procurement function where through upfront risk to better understand the risks that may prevent
identification, counterparty risk levels are recorded achieving the company’s strategy and strengthened
and appropriate controls are implemented. This their responsibility and ownership over company risk
could significantly reduce the level of bad debt. management.
PricewaterhouseCoopers 5
Take action
involved. Inaction • Less time spent reacting to risk issues, and more
methodology to be consistently applied across
the organisation
time on using risk management to tell you more
can be a value killer about emerging risks Have a plan
• Improved ability to prevent, quickly detect, correct,
and escalate critical risk issues Get commitment and support
• The ability to provide a ‘comfort level’ to the board Pick a pilot/aim for quick wins
and other stakeholders that the full range of risks
are understood and managed Roll out the staged ERM programme
6 PricewaterhouseCoopers
How can PwC help Our governance, risk and compliance team can provide
your company with an independent assessment of your
John Wilkinson
Partner
risk management maturity and provide practical and
Governance, risk and compliance
objective advice to optimise your risk management
leader CEE, Russia and CIS
processes during this time of change.
Tel.: + 7 (495) 223-5046
john.d.wilkinson@ru.pwc.com
Alexei Sidorenko
Manager
Governance, risk and compliance
Tel.: + 7 (495) 967-6162
alexei.sidorenko@ru.pwc.com
PricewaterhouseCoopers 7
www.pwc.ru
© 2010 PricewaterhouseCoopers LLP. All rights reserved. “PricewaterhouseCoopers” refers to PricewaterhouseCoopers LLP, a Delaware limited liability partnership, or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which
is a separate and independent legal entity. This document is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.