DEVELOPING AN

EFFECTIVE RISK
STRATEGY

Steve Saporito, CEO Americas, Willis

Global Solutions

WHAT IS A RISK STRATEGY?

A systematic approach to identifying, assessing, communicating
and managing the major risks to achieving an organizations
goals and objectives.

PROFI
PT
R O F IT
-L O IS
LSOKS S

HOW WILLIS THINKS ABOUT RISK

6. Avoidance

R
I
S
K

7. Mitigation
1. Understand the
business
strategy

2. Define
risk
tolerance

3. Identify &
assess
major risks
achieving
business
strategy

4. Model
loss
frequency
and
severity

5. Quantify
total cost of
risk for
priority
risks

8. Retention
Balance
Sheet
Captive

9. Transfer
Insurers
Capital or
other Markets

S
T
R
A
T
E
G
Y

I
M
P
L
E
M
E
N
T
A
T
I
O
N

WHY EMPLOY A RISK STRATEGY?

Recent economic crisis emphasizes effects of excessive risk

Increased stakeholder scrutiny on management of risk
Increased complexity of risks due to globalization, technology and
speed of change
Inherent volatility of the Energy Sector i.e. $50 to $150/b world*

*Forbes Energy Risks for 2013

CORPORATE CATASTROPHES ARE NOT

RARE: 1,853 LAST 20 YEARS e.g.

Perrier 1990: Benzene contaminates water

IBM 1992 and 1993: Technical obsolescence

McDonald's 2000: Contaminated beef scare in Europe

Disney 2001: Terrorism fears reduce revenues at theme parks

Merck 2004: Withdrawal of Vioxx, largest drug recall to date

Toyota 2010: Engineering and performance issues trigger product

recalls

BP 2010: Well blows out triggering huge liability commitments

TEPCO 2011: Nuclear Meltdown

BIGGEST RISKS FOR MAJOR

INTERNATIONAL OIL GROUPS
Major oil spill
Oil price collapse
Natural catastrophes
Failure of a massive project
Series of accidents resulting in many deaths
Nationalization or extreme change in regulation

HOW A RISK STRATEGY INCREASES

VALUE
Enhancing Cash
+
Flow
Improves ROI
Reduces volatility
Avoids losses

Protects brand
Reduces hedging,
insurance and
litigation costs

Reducing Investor
=
Discount Rate
Strengthens credit
rating
Reduces capital
costs

Increased
Company Value

CHALLENGES TO MANAGING RISK

MEASURABLE

DIFFICULT TO MEASURE

Financial

Strategic
Operational
Regulatory/Compliance
Technology
Sustainability
Reputational
Supply Chain
Talent/Human Capital

IN HOUSE
EXPERTS

YES

LIMITED

SECONDARY
MARKETS

YES

LIMITED

RISK STRATEGY SUCCESS FACTORS

Focus the risk assessment on the goals and objectives
Engage participants time only on risks that matter
Identify new and emerging risks
Simplify the process remove unnecessary data
Include both qualitative and quantitative assessment
Develop clear and practical risk improvement plans
Embed risk assessment in the planning process

Fully define each risk before assessing

FULLY DEFINING RISKS

Underlying
Vulnerability
Over-commitment of
resources and capital in new
business development; poor
internal communication
between technical and sales
functions; lack of integrated
IT system

Trigger
Inability to meet customer
support expectations

Consequences
Loss of technical leadership
in the market, organizational
stress, loss of profit

PLUS DESCRIPTION OF CURRENT CONTROLS

GETTING STARTED

On-line questionnaire
Risk Assessment
Techniques

Structured interviews
Workshops

PROPRIETARY TOOLS
AND PROCESSES

WILLIS PROPRIETARY PROCESSES

RAPIDSM (Risk Assessment Probability & Impact Diagnostic)
Comprehensive risk strategy assessment

LossPIQSM

(Prospective Identification & Quantification)

Quantifies low frequency / high severity risks (e.g.

Operational, Products, Recall, Cyber, E&O etc..

FIASM (Financial Impact Assessments)

Define an organizations risk tolerance

RAPIDSM
(Risk Assessment Impact & Probability Diagnostic)

Features
Comprehensive assessment of risks to achieving goals &
objectives
Accelerated format
Minimizes participant time demands
Surfaces unforeseen/emerging risk

RAPIDSM PROCESS STEPS

Select the optimal cross-functional team
Develop the full list of plausible risks
Undertake an e-Survey to prioritize risks
Identify most relevant 25 to 30 risks for deep analysis
One day workshop to fully define, assess and also surface
emerging risks
Identify specific actions, timeline and ownership to reduce likelihood
and/or impact of the top 12 to 15 risks

Execute Risk Mitigation plans

RAPIDSM DELIVERABLES
Risk Register
Risk Assessment for :
Date:
Business Objective(s):

Sample Company
31-Jan-13
Assessment of the major risks affecting achievement
of Sample's business objectives during the next 3
years

Risk
No.

Underlying
Vulnerabilities
(Exposure)
1 Aging of critical machine
tools (close tolerance)

Trigger(s)
(Risks)

Failure in first pass yield Rework, missed

test (tolerance metrics) deliveries, increased
costs, customer
dissatisfaction

Inspection requirements; fixtures to

compensate for aging machines; training of
staff; outsourcing; replacement of machines

2 Significant increase in
tier 2 suppliers within
developing countries

Critical supply chain

interruption

Production disruption;
loss of profits; loss of
market share

3 Increasing percent of
Production/Throughput
new hires; location of
shortfall - due to error,
refinery 2 and platform A weather damage

Loss of revenue;
reputational damage;
customer dissatisfaction;
fail to meet contractual
obligations

4 Shortage of
experienced, qualified
technical sales &
distribution resources

Misadvised client &

outsold

5 Succession and
proactive outside talent
hiring plans impacted by
market economic
conditions

Retirement and
departure of skilled
personnel and
constraints of
development of bench
strength

Consequences

Assessment of the risk

[As it is now]
Current Controls

Cat

Category

Gross
Risk

Technology

20

Inventory management

Products /
Services

16

Employee training and testing; mentoring

program; back up contingencies with
partners; inspection requirements;
outsourcing; replacement program

Products /
Services

16

Missed opportunities, loss Training, performance appraisals, product

of revenue, reputational and engineering support, internship program
damage, increased
liability/cost

Human
Resources

16

Loss of tribal knowledge; Succession planning; job descriptions;

over commitment of
competitive salary/benefits
resources; lost
opportunities in transition
periods; erosion of
capabilities and
performance

Human
Resources

15

RAPIDSM DELIVERABLES
Risk Distribution Charts
Likelihood / Impact Risk Distribution
Current Controls

After Additional Controls

N.B. - Bubble size shows how many risks intersect at that point

5
1

Likelihood

4
Likelihood

N.B. - Bubble size shows how many risks intersect at that point

0
0

3
Impact

Impact

RAPIDSM DELIVERABLES
Risk Categories
Analysis by Source of Risk
and Stratified by Risk Rank
Technology / Industry change
Strategy and policy
Products / Services
Processes
Political / Social
People
Natural events
Investm ents
Econom ic
0

20<RR<=25

15<RR<=20

10<RR<=15

5<RR<=10

RR<=5

RAPIDSM DELIVERABLES
Risk Matrix
'Risk Matrix' - Before and After Controls

Likelihood
Expected

Probable

Possible

10
Control Causes
16, 17, 22

6, 10, 16, 17, 22

Monitor
Unusual

Remote

1
Immediate Action

4, 5

2, 3, 4, 5

9, 11, 12, 13

8, 23

1, 2, 8, 9, 11, 13

23
Contingency Plans

18

12, 18

7, 14, 15

7, 14, 15

20, 21

19

20, 21

19

Negligible

Low

Moderate

Significant

Catastrophic

Impact

RAPIDSM IMPROVEMENT PLANNING

Risk Improvement Planning
Risk No.:

Risk Scores

Likelihood

Impact

Gross Risk /
Risk Rank

Before
Improvement

20 / 24

After Improvement

9 / 13

Inadequate, reactive supervision/performance management; unenforced

Underlying Vulnerabilities(Exposure):

Consequences:

Current Controls:

Further Risk Treatment

Measures:

training protocols; cultural lack of accountability; conflicting expectations

Employment Practices
Staffing vacancies; poor morale; incorrect supervisory interventions; reduced
quality of care

5:

Before
Control
Causes

Consumer & employee lawsuits; regulatory intervention; adverse financial

impact; inadequate documentation of performance

Immediate
Action

4:

Likelihood

Category:
Trigger(s)(Risks):

training programs; HR policies; cultural shifts; accessible HR department;

perfomance evaluations & all other performance documentation
develop supervisor job descriptions; supervisor mentoring; hiring practices; training; accountability;
review distribution of duties; standardized forms; policy for documentation

3:

After
Contingency
Plans

Monitor
2:

1:

1:

Responsible:
Timescale:

2:

3:

4:

5:

Impact

Scroll down to the next empty section and insert the risk number and description. This data becomes a permanent record for each risk
Risk Number:

Risk Description:
1

Costs

Responsible:

Target Date:

Last Updated:

Capital Cost

Budgeted?
(Yes/No)

Time Commitment

Budgeted?
(Yes/No)

Approved
(Yes/No)

Delivery (when)

Budget Cost

Budget time

Inadequate, reactive supervision/performance management; unenforced

training protocols; cultural lack of accountability; conflicting expectations
Describe investment to complete improvements

Action

Deliverables

Measure of Success

1 develop supervisor job

descriptions

clearly defined job desc. for each supervisor, incl. competencies

updated job desc for all

supervisors

Sr Mgmt

Allocated to

01-Dec-10

2 supervisor mentoring
3 hiring practices
4 training
5 accountability
6 review dist of duties

identification & training of mentors

formalized supervisor hiring practice (behavioral interview)
upgraded training program; including legal issues
failure mode effect analysis;
failure mode effect analysis;

implementation of eff mentoring prog

improved performance mgmt
staff eval ratings
completion of KPI
completion of KPI; incl tracking

Team C
Team C
HR
Team C
Sr Mgmt

01-Jun-10
01-Jan-10
01-Jan-10
01-Mar-10
01-Mar-10

7 standardized forms; policy

for documentation

formalized policy for supervisory documentation; flow chart

peer review audit of perfomance eval HR

01-Jan-10

RAPIDSM TIMELINE

Week 1

Project Kick-Off
Agree Project
Scope
Workshop
Participant
Selection /
Scheduling
Data Search/
Document
Collection
Data/Document
Review
Interview Select
Personnel (if
needed)
Develop Draft Risk
Universe (75-100+
risks)

Week 2

Obtain Input/
Finalize Risk
Universe
Create Draft PreWorkshop eSurvey
Obtain Input /
Finalize e-Survey
Issue e-Survey to
Workshop
Participants

Week 3

Week 4

Collect & Compile Risk Assessment

e-Survey Results
Workshop (full
Develop Draft Top day)
25-30 Risk List
Top 25-30 Risks
Reviewed &
Finalized
Develop
Impact/Likelihood
Parameters /
Descriptions
Populate RAPID
Software with Top
Risks

Week 5

Provide Draft
Workshop
Deliverables

Week 6

Deliver Draft RAPID

Report

Obtain Input /
Risk Improvement Obtain Input /
Feedback on Draft
Planning
Feedback on Draft Report
Workshop (half
Workshop
Deliver Final RAPID
day)
Deliverables
Report

xie xie