| RUS | UKR | ENG | ÄîíÍÒÓ> Ïîðòàë ìàãèñòðîâ ÄîíÍÒÓ |
|
|
| Ãëàâíàÿ |
Ìàòåðèàëû:
Ðåôåðàò | Áèáëèîòåêà |Êàòàëîã áèáëèîòåêè | Ññûëêè | Îò÷åò î ïîèñêå
Email: kseniya.mos@gmail.com |
| Áèîãðàôèÿ |
| Ðåçþìå |
| Ïóáëèêàöèè |
| ×ëåíñòâî â AIESEC |
| Êîíòàêòû |
Dec’01
by Laura Sullivan
In 1994 Gert Cruywagen came to the Iscor Corporation, based in Pretoria, South Africa, faced with an almost insurmountable task: establish an enterprisewide risk management program for a resources company that deals in the industries of steel, iron ore, coal, base metals and heavy minerals. The tough part: not only was there no risk management program, but Iscor had only begun buying conventional insurance two years previously.
Enterprise Risk Management in Action: Risk Management Committees
Today, the risk management program runs through Iscor like veins in a circulatory system. Cruywagen has created a system that involves individuals from all levels and sectors in the company. Key to this are the forty-one risk management committees, divided into three levels: executive, business unit and department.
These committees are responsible for how the risk management program runs—from identifying risks to prioritizing them, from implementing interventions to benchmarking performance and expediting claims settlements. Their meetings act as forums to exchange views on risk management and insurance issues, discuss risk management needs and concerns, and share lessons.
The executive risk management committee, also called the risk management council, has overall control of the risk management program direction. It is chaired by Iscor’s executive director of finance, and committee members include the executive committee of Iscor, the CEO of Iscor’s on-shore captive insurer Ferrosure (SA)—who also happens to be Iscor’s risk manager, Cruywagen—and, as appropriate, other Iscor personnel, insurance brokers, risk consultants, and insurance and risk financing experts. (Iscor’s CEO attends meetings as his schedule allows.)
The risk management council meets every quarter (or when the need arises) and is specifically responsible for:
The risk management program at the operational level is managed by the local risk management committees, subdivided by business unit and department. These committees, chaired by the heads of the business unit, meet at least once every quarter. Committee members include the management team of the business unit; the heads of safety, security, fire protection and maintenance; the information technology practitioner; Cruywagen, if the council, the chairman or he deems it necessary; outside specialists as needed; and any other person the chairman or Cruywagen considers necessary.
The local risk management committees have the following responsibilities:
In addition to the planned meetings of these groups, Cruywagen also holds separate meetings with the materials management departments to evaluate new projects and to assess whether stand-alone financing or existing insurance is appropriate.
Since meetings are solely dedicated to discussing risk management issues, Cruywagen says, real decisions are made. There is also a specific etiquette to the meetings: once an issue has been discussed and a consensus has been reached, the issue is considered closed. Also, since financial managers attend the meetings, they understand the motivation for risk mitigation expenses and are more receptive to requests for funding.
The effectiveness of the groups can be seen in the expenditures for risk management that have been approved. Over the past sixteen months more than R 1.4 billion (approximately $156 million) has been spent on projects to improve the risk profile of the Iscor Group. In addition, the committees have been able to spread an awareness of risk management and its methodologies throughout the organization.
Calculating Total and Unit Risk-Bearing Capacity
On an annual basis, Cruywagen determines the overall risk-bearing capacity of Iscor and each of its business units. This not only allows him to be sure that the company insures—through its two captive insurance companies, one on-shore, the other off-shore—only catastrophic losses, but also that self-insured levels are not set higher than the company or a unit can sustain.
In order to calculate the most complete assessment of risk capacity, Cruywagen uses the ten most widely accepted techniques. He then calculates the ten values and weighs them accordingly to develop an average value for risk bearing capacity. (See sidebar below.)
Risk Bearing Capacity
Net Working Capital Value x .25
Quick Asset Value x .25
Times Interest Cover Value x .10
Annual Cash Flow x .10
Surplus Cash x .10
Total Sales x .05
Net Income after Tax and Interest x .10
Fixed Assets Value x .05
Annual retained Earnings x .10
Distributable Reserves x .10
Identifying the Risks
“Proper risk assessment is the foundation of the risk management program at Iscor,” Cruywagen says. Although decision making is considered a strategic element of the organization and thus is never contracted out, risk assessments and benchmarking are conducted by outside specialists. The model that is used to identify risks is based on a three-tiered methodology developed by Cruywagen to ensure that risks are identified according to the business processes, the source of the risk and the relative size of the risk.
1. Center Processes. For each company sector there are three questions: What can go wrong? What is the probability of something going wrong? What would the damage be if something were to go wrong? These questions are answered by looking at:
SWIFT—Structured what-if technique
FMEA—Failure Mode Effect Analysis
FRR—Facility Risk Review
Hira—Hazard Identification and Risk Assessment (a technique used in safety and health and a legal requirement in South Africa)
HAZOP—Hazard and Operability Study
FTA—Fault Tree Analysis,
FMECA—Failure Mode Effect and Cause Analysis,
ETA—Event Tree Analysis.
3. Risk Size. “Every risk assessment must look at not only the major exposures, but also medium risks and smaller risks,” says Cruywagen. “The philosophy behind this is, if a risk with the potential of R 50 million (approximately $5.5 million) manifests as a R 5 million loss (approximately $550,000), it is a success, but where a risk of R 5 million manifests as a R 5 million loss, it is a disaster. Most bigger exposures consist of a series of smaller exposures and by consciously identifying the smaller ones, the root causes of the big exposures will be determined.”
Assessing Criticality
Cruywagen has also modified a technique for Iscor to calculate the critical nature of each of its identified risks. By determining the exposure, severity and probability, a rating is established that allows for comparisons of different types of risk, comparisons of risks between business units, assessments of the absolute importance of a risk and evaluations of the progress of risk mitigation methodologies from year to year. Cruywagen also notes that these values can be used to determine premium loadings and discounts and to establish a highly protected risk culture.
The ratings are calculated using the methodology described in the chart below.
Probability
1 = High: One in 1-5 years
2 = Moderate/high: One in 5-15 years
3 = Moderate: One in 15-25 years
4 = Low/Moderate: One in 25-50 years
5 = Low: One in 50-100 years
6 = Remote: One in 100 years or more
The criticality of the risk exposures is calculated using internationally accepted methodologies. The criticality rating not only shows absolute risk importance but also relative importance between risks and helps to prioritise the risks and the resultant risk intervention actions. The classification of the risk count is as follows:
Risk Count Risk Classification
> 500 Too high- Extreme risk
300-500 Very high-Immediate corrective action needed
150-300 High-Urgent corrective action needed
70-150 Substantial risk-corrective action needed
20-70 Possible risk-attention may be necessary
<20 Risk possibly acceptable as is
The risks are ranked by monetary value, constituting the estimated maximum loss, which is a product of the material damage and the business interruption losses which could be sustained on a single event or incident, considered to be within the realms of probability. The listed risks do not take into account earthquake, tornado or aircraft catastrophe risks, which may be a possibility but remain extremely unlikely.
The risks are listed according to the Estimated Maximum Loss (EML) as a product of material damage (MD) and business interruption (BI) costs, location, probability and a brief description of the risk. The business interruption loss is stated as the period of business interruption, which may be partial in certain circumstances, as well as monetary values where this makes more sense.
| Estimated Maximum Loss | Probability | Risk Exposure | Criticality | |
| XYZ Iron Ore Mine (MD 1 000 BI 20 days) | 6 | Major fire in crusher control room | 600 | |
| ABC Iron Ore Mine (MD 2 500 BI 4 weeks) | 4 | Fire in main incoming sub-station | 550 | |
| FGH Coal Mine (MD 3 000 BI 3 months) | 4 | Fire in control room | 400 |
The Risk Management Mission Statement
In the past seven years, Cruywagen’s efforts with Iscor have resulted in a 60 percent reduction in the estimated maximum loss values for the top ten risks in the company. The average normal loss expectancy for the top ten estimated maximum losses has been cut by nearly 79 percent. For his efforts, Cruywagen received the South African risk manager of the year award for 2001 from the South African Risk and Insurance Management Association.
So how can all the work he has put into the risk management program at Iscor best be summed up? The answer can be found in the Iscor risk management mission statement, which Cruywagen penned:
In respect of Pure Risks:
|
ÄîíÍÒÓ>
Ïîðòàë ìàãèñòðîâ ÄîíÍÒÓ>
Ðåôåðàò | Áèáëèîòåêà | Ññûëêè | Îò÷åò î ïîèñêå
Email: kseniya.mos@gmail.com |