be er enterprise risk management
DESCRIPTION
BE ER Enterprise Risk Management. Dick Oude Alink Corporate Risk Manager October 18, 2005. 22% Other European countries. 17%USA/ Canada. 9% Asia. 6% Other regions. Akzo Nobel in the World. Geographic breakdown net sales (by origin). 46% Euro region. Chemicals BUs. Coatings BUs. - PowerPoint PPT PresentationTRANSCRIPT
BE ER BE ER
Enterprise Risk Management Enterprise Risk Management
Dick Oude AlinkDick Oude AlinkCorporate Risk ManagerCorporate Risk Manager
October 18, 2005October 18, 2005
Risk Management
6% Other regions
17% USA/Canada
9% Asia
22% Other European countries
46% Euro region
Akzo Nobel in the WorldAkzo Nobel in the World
Geographic breakdown net sales (by origin)Geographic breakdown net sales (by origin)
Risk Management
OrganizationOrganization
Board of Management
Corporate Staff
Chemicals BUsPharma BUs Coatings BUs
Risk Management
PharmaPharma
• Intervet, Organon, NobilonIntervet, Organon, Nobilon
CoatingsCoatings
• Car Refinishes, Decorative Coatings Europe, Car Refinishes, Decorative Coatings Europe, Decorative Coatings International, Industrial Finishes, Decorative Coatings International, Industrial Finishes, Marine & Protective Coatings, Nobilas, Powder CoatingsMarine & Protective Coatings, Nobilas, Powder Coatings
ChemicalsChemicals
• Base Chemicals, Functional Chemicals, Polymer Base Chemicals, Functional Chemicals, Polymer Chemicals, Pulp & Paper Chemicals Chemicals, Pulp & Paper Chemicals (Eka Chemicals), Surfactants(Eka Chemicals), Surfactants
Business UnitsBusiness Units
Risk Management
Akzo NobelAkzo Nobel
Our AmbitionOur AmbitionBe the first choice of customers, shareholders Be the first choice of customers, shareholders and employees and a respected member of societyand employees and a respected member of society
Our CommitmentsOur Commitments•Focus on our customersFocus on our customers•Competitive returns for our shareholdersCompetitive returns for our shareholders•Create an attractive working environment Create an attractive working environment •Socially responsibleSocially responsible
Risk Management
Our StrategyOur Strategy• Obtain leadership positionsObtain leadership positions• Seek market segments with an attractive structural Seek market segments with an attractive structural
profitabilityprofitability• Develop critical massDevelop critical mass
Our ValuesOur Values• Entrepreneurial spiritEntrepreneurial spirit• Personal integrityPersonal integrity• Social responsibilitySocial responsibility
This strategy calls for a constant upgrading of the portfolio
Akzo Nobel Akzo Nobel
Risk Management
Akzo NobelAkzo Nobel
Our PrinciplesOur Principles• Recognize our responsibilitiesRecognize our responsibilities• Endorse free enterpriseEndorse free enterprise• Insist on business integrityInsist on business integrity• Encourage community activitiesEncourage community activities• Stimulate communicationStimulate communication
Health, Safety and the EnvironmentHealth, Safety and the Environment• HSE is an integral part of the business policyHSE is an integral part of the business policy• Go beyond complianceGo beyond compliance• Actively support HSE care programsActively support HSE care programs
Risk Management
Akzo NobelAkzo Nobel
Policy Health, Safety and the EnvironmentPolicy Health, Safety and the Environment• Prevent harm to and promote the health of employees Prevent harm to and promote the health of employees
and other stakeholdersand other stakeholders• Strive to prevent injuries at work Strive to prevent injuries at work • Prevent or minimize the environmental impactPrevent or minimize the environmental impact• Expand our concern for HSE (Product Stewardship)Expand our concern for HSE (Product Stewardship)
In SocietyIn Society• Be a respected member of societyBe a respected member of society• Support educational, sports, arts, cultural and scientific Support educational, sports, arts, cultural and scientific
programsprograms• Encourage young talentEncourage young talent
Risk Management
EUR mln
Net income* 770
Net sales 12,688
Operating income* 1,210
Number of employees (year-end) 61,450
* excluding nonrecurring items
Key Figures 2004Key Figures 2004
Risk Management
PeoplePeople
32%
19%
2%
47%
60%
14%
7%
15%
4%
PharmaCoatingsChemicalsOther units
EuropeNorth AmericaLatin AmericaAsiaOther regions
Risk Management
Breakdown Net Sales 2004Breakdown Net Sales 2004
PharmaCoatingsChemicals
25%
34%
41%
Risk Management
Research and DevelopmentResearch and Development
• 2004 R&D expenditures (EUR 823 million), 2004 R&D expenditures (EUR 823 million), were down 7,0% from 2003.were down 7,0% from 2003.
• R&D expenses as percentage of sales: 6.5%R&D expenses as percentage of sales: 6.5%
20%
15%
10%
5%
0%
3% 3%
Pharma Coatings Chemicals
16%
Risk Management
Why Risk Management and why now?Why Risk Management and why now?
• Dynamic and complex business environmentDynamic and complex business environment
Risk Management
Dynamic & Complex Business EnvironmentDynamic & Complex Business Environment
• Global CustomersGlobal Customers
• Fluctuating Exchange ratesFluctuating Exchange rates
• Increasing raw material/transport pricesIncreasing raw material/transport prices
• Changing regulationsChanging regulations
• Reduced raw material availabilityReduced raw material availability
• Complex logisticsComplex logistics
• etc.etc.
Risk Management
Why Risk Management and why now?Why Risk Management and why now?
• Dynamic and complex business environmentDynamic and complex business environment
• Changing risk arenaChanging risk arena
Risk Management
Changing Risk ArenaChanging Risk Arena
from 2000 onwardsfrom 2000 onwards late 1990’slate 1990’s
11 Loss of ReputationLoss of Reputation FireFire
22 Failure to ChangeFailure to Change Business InterruptionBusiness Interruption
33 Business InterruptionBusiness Interruption Employee RisksEmployee Risks
44 Product LiabilityProduct Liability EnvironmentalEnvironmental
55 Computer CrimeComputer Crime Computer CrimeComputer Crime
Clear tendency towards intangible & non-insurable risksClear tendency towards intangible & non-insurable risks
The Risk List ‘Greatest Risk Top 5’The Risk List ‘Greatest Risk Top 5’
Risk Management
Why Risk Management and why now?Why Risk Management and why now?
• Dynamic and complex business environmentDynamic and complex business environment
• Changing risk arenaChanging risk arena
• Shareholder & stakeholder expectationsShareholder & stakeholder expectations
Risk Management
• PeoplePeople
Shareholder & Stakeholder ExpectationsShareholder & Stakeholder Expectations
• ProfitProfit• PlanetPlanet
Risk Management
Why Risk Management and why now?Why Risk Management and why now?
• Dynamic and complex business environmentDynamic and complex business environment
• Changing risk arenaChanging risk arena
• Shareholder & stakeholder expectationsShareholder & stakeholder expectations
• Corporate Governance requirementsCorporate Governance requirements
Risk Management
Corporate Governance RequirementsCorporate Governance Requirements
• Transparency in operations (opportunities and risks)Transparency in operations (opportunities and risks)
• Risk based thinking (internal and external auditors)Risk based thinking (internal and external auditors)
• Law on behalf of Shareholders and StakeholdersLaw on behalf of Shareholders and Stakeholders
- Sarbanes Oxley- Sarbanes Oxley
- Tabaksblat- Tabaksblat
- European Corporate Governance Forum- European Corporate Governance Forum
Risk Management
Corporate Governance RequirementsCorporate Governance Requirements
COSO Internal Control framework
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
COSO ERM framework
Risk Management
Risks are inherent to our Risks are inherent to our business operationsbusiness operations
&
by taking measured risks by taking measured risks we want to we want to make moneymake money
Risk Management
Managing risks is a pre-requisite for Managing risks is a pre-requisite for generating sustainable valuegenerating sustainable value
&
mustmust therefore be an integral therefore be an integral part of our business activitiespart of our business activities
Risk Management
Enterprise Risk ManagementEnterprise Risk ManagementPrinciplesPrinciples
• Have opportunities and risks visible and understandableHave opportunities and risks visible and understandable
• Show transparency on balance of risks, internal and Show transparency on balance of risks, internal and externalexternal
• Avoid surprisesAvoid surprises
– FinancialFinancial– ReputationReputation– Compliance Compliance – Business principlesBusiness principles
Risk Management
Enterprise Risk Management Enterprise Risk Management ProgramProgram
CorporateGovernance•Tabaksblat•SOX
Risk Managementprocess
Internal risk reporting
External risk reporting
objectives/strategy
risk profiles
risk paragraphTOP, SOP, RF LOR
Framework: COSO Risk
Management Framework
and Process
Risk Management standards and best practices
Process owner: ARM
Business planning
Business planning levels• Akzo Nobel• Group• BU, sub BU, process,
site, plant• Corporate
departments
Risk awarenessIntegrated RM
Transparency Transparency
Risk Management
Enterprise Risk ManagementEnterprise Risk ManagementImplementation ApproachImplementation Approach
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Sites
Plants
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Compliance
Sub-BUs
Processes
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Operational
BUs
Corp. Depts.
Top 10 Risks
Per Risk profile
Actions
Risk Profile
Strategic
BoM
Groups
Risk
Transparency
Risk
Consolidation
Risk
Responses
Management
Self-Assessment
Business
ObjectivesAkzo Nobel
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Sites
Plants
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Compliance
Sub-BUs
Processes
Top 10 Risks +
Risk Responses
Per Risk profile
Actions
Risk Profiles
Operational
BUs
Corp. Depts.
Top 10 Risks
Per Risk profile
Actions
Risk Profile
Strategic
BoM
Groups
Risk
Transparency
Risk
Consolidation
Risk
Responses
Management
Self-Assessment
Business
ObjectivesAkzo Nobel
Risk Management
Enterprise Risk ManagementEnterprise Risk ManagementWorkshop ProcessWorkshop Process
Key Success FactorsKey Success Factors
• Top-Down processTop-Down process
• Fully aligned with Business Planning Fully aligned with Business Planning
and Reportingand Reporting
• Bottom-Up reporting Bottom-Up reporting
• Execution at all (management) levelsExecution at all (management) levels
• Maximum use of employees Maximum use of employees
knowledge and experienceknowledge and experience
• Enforced Decision-making process Enforced Decision-making process
• Use of robust interactive toolsUse of robust interactive tools
Understand theBusiness
Clarify Objectives
AssessRisks
Identify Risks
Respond to Risks
1 2
34
5
Understand theBusiness
Clarify Objectives
AssessRisks
Identify Risks
Respond to Risks
1 2
34
5
2001 Initial Pilot 2002 Project Roll-out 2003 Operational 2004 Fully Applied2005 Continuous
Improvements
Risk Management
Akzo Nobel
Risk Policy
Policy
1 2
34 5
Understand Clarify
IdentifyAssess
Respond Process
E N V I R O N M E N T R I S K
I N F O R M A T I O N F O R D E C I S I O N M A K I N G R I S K
P R O C E S S R I S K
© 2001 Arthur Andersen. All rights reserved.
Customer SatisfactionHuman Resources
Product DevelopmentEfficiency
Cycle TimeCompliance
Product/Service FailureEnvironmental
Health and SafetyTrademark/Brand
Name Erosion
Capacity
OPERATIONS RISK EMPOWERMENT RISK
Leadership
OutsourcingCommunications
Authority/Limit
INFORMATION PROCESSING/TECHNOLOGY RISK
IntegrityInfrastructure
INTEGRITY RISK
Employee Fraud
Unauthorized Use
Reputation
CompetitorCatastrophic Loss Patent Regulatory Industry
Shareholder RelationsSovereign/Political
FINANCIAL RISK
CurrencyCommodity
Cash Flow
ConcentrationDefault
Price
Liquidity
Credit
OPERATIONALProduct Pricing
Regulatory ReportingContract Commitment
Financial Reporting Evaluation
FINANCIALBudget and Planning
Investment Evaluation
STRATEGICEnvironmental ScanBusiness Portfolio
Valuation
Resource AllocationPlanning
Technological InnovationGlobalization
Product AcceptanceResource Availability
Product Costing Product Life Cycle
Channel Effectiveness LanguageBusiness Plan
Q.Reviews
Reporting
Board
Business Units
Accountabilities
Letter of
LOR
Representation
AssuranceTools
Documentation
Website
Support
Akzo Nobel Enterprise Risk Management ProgramAkzo Nobel Enterprise Risk Management Program
Risk Management
Enterprise risk management Policy
Akzo Nobel is committed to creating long-term value for its customers, shareholders, employees and
society, recognising that sustainable profit is essential for the continuity of its business. Risks are an
integral part of our business and can feature both in terms of opportunities and gains, as well as
threats and losses.
Our policy is to ensure that risks are timely identified, adequately understood, properly assessed and
effectively responded to by responsible employees at all levels within the company. Through our
enterprise risk management framework, we want to provide reasonable assurance that our business
objectives can be achieved and our obligations to employees and society can be met.
Approved by the Board of Management, December 2001
A clear policy statement
Risk Management
Akzo Nobel Risk Management ProcessAkzo Nobel Risk Management Process
Understand the Business
ClarifyObjectives
AssessRisks
IdentifyRisks
Respond to Risks
1 2
3 4
5
Workshop preparation
WorkshopIntroduction
Workshop execution
WorkshopFollow-up
Risk Management
The Risk Management Process in 5 basic stepsThe Risk Management Process in 5 basic steps
Understand the Business
Clarify Objectives
AssessRisks
Identify Risks
Respond to Risks
1 2
3 4
5
Risk Management
1.1. Understand the BusinessUnderstand the Business
What is the nature of the business?What is the nature of the business?
What is the culture and operating style within and What is the culture and operating style within and around the business?around the business?
What are the internal constraints which limit freedom of What are the internal constraints which limit freedom of action or choice?action or choice?
What are the external constraints like laws, regulations What are the external constraints like laws, regulations and mandatory standards?and mandatory standards?
The design of the enterprise risk management The design of the enterprise risk management framework will vary according to the characteristics framework will vary according to the characteristics of the business of the business
Risk Management
2. Clarify ObjectivesClarify Objectives
What expectations have been set?What expectations have been set?
What promises have been made?What promises have been made?
What must be delivered?What must be delivered?
Who is responsible for achieving the objectives?Who is responsible for achieving the objectives?
Do the objectives cover all elements of sustainable Do the objectives cover all elements of sustainable development (economic, social & environmental)?development (economic, social & environmental)?
Clarification of the objectives enables the Clarification of the objectives enables the identification of the related risksidentification of the related risks
Risk Management
3. Identify risksIdentify risks
Health, Safety & Environment
Customers
Asset Integrity
Financial
Natural events Reputation
IT systems
Laws & Regulations
People
Partnering
Research & developmen
t
Integrity
Risk Management
The Impact versus Likelihood map
Likelihood
Imp
act
HighLow
High
Low
Customer satisfaction
Regulatory
Reputation
Credit
Business Interruption
InterconnectedBilling and revenue
Assurance
IT SystemIntegrity
Financial ReportingEvaluation
Pricing
Technology obsolescence
Fraud
Capital Availability
PerformanceMeasurement
Medium Human Resources Product
Development
Efficiency
Competitor
4.4. Assess the RisksAssess the Risks
Risk Management
The Risk level versus Control effort map
CONTROL EFFORT
HighLow
Low
High
Risks may be Under-
controlled
Risks may be over-
controlled
Ris
k L
evel
Moderate
Acceptable level of control effo
rt
for the ris
k
4.4. Assess the RisksAssess the Risks
Risk Management
Risk Sourcing and Response DevelopmentRisk Sourcing and Response DevelopmentWhat do we need to do to deal with the identified risk?
Control Effort
Ris
k L
eve
l
low
low
high
• Reduce effort level
highModerate
• Maintain current effort level
What needs to be done?• Increase effort level
Risk Management
5.5. Respond to Risks (the four T’s)Respond to Risks (the four T’s)
In relation to a particular risk there areIn relation to a particular risk there arecertain basic strategies to choose from:certain basic strategies to choose from:
• TTerminate the activityerminate the activity
• TTransfer the risk to another partyransfer the risk to another party
• TTreat the risk by instituting appropriate business controlsreat the risk by instituting appropriate business controls
• TTake the risk (where no further cost effective controls ake the risk (where no further cost effective controls are possible)are possible)
Risk Management
Take
Intentionally pursue
Fully accept
Finance the consequences
Build in contingencies
Transfer
Insure
Share (JV, alliance, partnership
Contract out (outsource, assign)
Diversify / spread
Hedge
TeERMinate
Cease activity
Pull out of market
Divest
Change objectives
Reduce scale
Treat
Dealing with risk requires adaptation:
• Organization
• People & Relationships
• Direction
• Operational
• Monitoring
5.5. Respond to RisksRespond to Risks(possible risk response strategies)
Risk Management
Risk sourcingRisk sourcingFinding the root cause of the risk• The aim is:
– To create a clear picture of where and how business risks originate
– To focus attention on the specific areas that have the highest
influence on the respective risks
– To assist in developing effective risk responses (action plans)
plant reliability
dependency on single source
catastrophic accidents
No back-up capacity
political/legislation
Business interruption
inherent hazardproduct
process
maintenance risk
inaccessibility
Lack of preventive maintenance
Having chosen to have one supplier
No other suppliers known
No other suppliers available
terrorism
Natural catastrophe
human error
Accident at neighbour
Site infrastructure and utility restriction
Logistics related accidents
sabotage
Lack of knowledge
Investment too high
no back-up plan
Previous experience
public opinion
permit issues
HSE legislation
Create a Contingency plan
Analysis opportunity cost vs worsecase scenario
Review and update maintenance programs
Risk Management
Response DevelopmentResponse DevelopmentWhat must be done to deal with the root cause?Risk Source/Root
causeAction Responsible Due date
plant reliability
dependency on single source
catastrophic accidents
No back-up capacity
political/legislation
Business interruption
inherent hazardproduct
process
maintenance risk
inaccessibility
Lack of preventive maintenance
Having chosen to have one supplier
No other suppliers known
No other suppliers available
terrorism
Natural catastrophe
human error
Accident at neighbour
Site infrastructure and utility restriction
Logistics related accidents
sabotage
Lack of knowledge
Investment too high
no back-up plan
Previous experience
public opinion
permit issues
HSE legislation
Create a Contingency plan
Analysis opportunity cost vs worsecase scenario
Review and update maintenance programs
Risk Management
Follow-up and Closing Follow-up and Closing Risk Management reporting format (I)
Report date (dd-mm-yy):
Organisation Updated Organisation Updated
(s)BU risk profile Top-10 risks in terms of Risk level (impact * likelihood)
# Impact Likelihood Control Effort Risk Level Risk PriorityA 0.0 0.0
B 0.0 0.0
C 0.0 0.0
D 0.0 0.0
E 0.0 0.0
F 0.0 0.0
G 0.0 0.0
H 0.0 0.0
I 0.0 0.0
J 0.0 0.0
Most significant risks in terms of risk level (descending order of risk level = Impact x Likelihood)
Risk Management Report for TOP/RF(sub-)Business Unit:
Risk Maps
Description of risk
1.0
5.0
9.0
1.0 5.0 9.0Likelihood
Impact
1.0
41.0
81.0
1.0 5.0 9.0 Control Effort
Risk Management
Enterprise Risk ManagementEnterprise Risk ManagementMonitoring RisksMonitoring Risks
Last year’s Risk profile
This year’s Risk profile
Continuous Management ReviewContinuous Management Review
• External developmentsExternal developments
• Changes in the Changes in the Business ObjectivesBusiness Objectives
• Internal DevelopmentsInternal Developments
• Other Risk Profiles in Other Risk Profiles in the Organizationthe Organization
• Risk Mitigation ActionsRisk Mitigation Actions
Risk Management
Enterprise Risk Management Enterprise Risk Management StandardsStandards
• Risk profiles throughout the organization Risk profiles throughout the organization
(BoM, BUs, sBUs, processes, main sites and corporate)(BoM, BUs, sBUs, processes, main sites and corporate)
• Actual & up to date risk profiles and actions plans (Annually Actual & up to date risk profiles and actions plans (Annually
reviewed)reviewed)
• Risk Profiles for strategic changesRisk Profiles for strategic changes
(major investments, acquisitions, divestments, etc.)(major investments, acquisitions, divestments, etc.)
Risk Management
ERM on track forERM on track forCorporate GovernanceCorporate Governance
• SEC Final rule SOX 404: COSO
• Tabaksblat: COSO
• PCAOB Audit Standard No. 2: COSO
Risk Management
ERM on track forERM on track forCorporate GovernanceCorporate Governance
SEC Final rule SOX 404:• The COSO Framework satisfies our criteria and may be used as an evaluation
framework for purposes of management's annual internal control evaluation
and disclosure requirements. Tabaksblat:• “II.1.4. It would be logical for the management board to indicate in the
declaration on the internal risk management and control systems what framework or system of standards (for example the COSO framework for internal control) it has used in evaluating the internal risk management and control system.
PCAOB Audit Standard No. 2:• The COSO report, provides a suitable and available framework for purposes
of management's assessment. For that reason, the performance and reporting directions in this standard are based on the COSO framework.
Risk Management
Enterprise Risk ManagementEnterprise Risk ManagementProcess applied to:Process applied to:
• Projects (e.g. Investments, Outsourcing, Innovation, etc.)Projects (e.g. Investments, Outsourcing, Innovation, etc.)
• Acquisition/DivestmentsAcquisition/Divestments
Risk Management
ConclusionConclusion
• Enterprise Risk Management is proven to add value to Enterprise Risk Management is proven to add value to the companythe company
• Enterprise Risk Management is mandatory for Akzo Enterprise Risk Management is mandatory for Akzo Nobel, both internally as well as externallyNobel, both internally as well as externally