The National Academies: Advisers to the Nation on Science, Engineering, and Medicine
NATIONAL ACADEMY OF SCIENCES NATIONAL ACADEMY OF ENGINEERING INSTITUTE OF MEDICINE NATIONAL RESEARCH COUNCIL
Current Operating Status
BMSA HOME PAGE

COMMITTEE ON APPLIED AND THEORETICAL STATISTICS

BMSA MISSION

BMSA MEMBER BIOS

STAFF AND CONTACT INFORMATION

PUBLICATIONS AND REPORTS

PAST EVENTS

ABOUT BMSA

DEPS HOME

LOCAL SEARCH

DRAFT AGENDA

Enterprise Risk Management

January 14-15, 2004

National Academy of Sciences Building

2100 C Street, NW

Washington, D.C.

The objectives of the workshop are to:

  • Explore the frontiers of the ERM discipline. We need to examine best practice, current issues and emerging ideas on as many aspects of ERM as possible.
  • Exchange best thinking between the public and private sectors. We should be challenging the IRS and other public sector agencies as well as private sector experts to explain what they do, how they are organized to do it, how they have approached risk management up to now, what enterprise risks worry them most, and how they hope to see their ERM evolve. As a workshop, it is important this is not a one-way street.
  • Provide participants with useful perspectives and insights. Participants should leave with new ideas, which will improve their understanding of enterprise risks and lead them to manage them differently going forward. The take away of the Workshop may not be an action plan for ERM, but it should have practical implications.
  • Provide participants with an extended network. Participants should leave knowing new people in the ERM discipline, an extended network with which to work to improve their ERM going forward.

Wednesday, January 14

8:00 a.m.

Registration and continental breakfast

8:45 a.m.

Welcome and overview of goals

8:50 a.m.

IRS welcome

9:00 a.m.

Framing the Challenges (plenary panel discussion). This should be a level-setting and thought-provoking session discussing the relevance and definition of enterprise risk management, the challenges faced by enterprise risk managers, and where the science of risk management is heading. This session will establish a common framework and language for ERM to facilitate discussions among workshop participants. Perhaps this session should consist of speakers from the private financial services sector, the IRS, and someone who has successfully dealt with risk management from a different perspective (e.g., in the nuclear power industry). Each speaker will address the sorts of risk they deal with, when and how they began moving to an ERM framework, measurement and aggregation methods they have tried, cultural impediments they’ve faced, what remains to be done, etc. If possible, speakers should be prepped to draw connections between their own experience/domain and that of other segments of the audience. Participants will walk away with an essential understanding of ERM (including an introduction to its concepts and trends), how ERM works in the real world, and where the science of ERM is heading, which sets the stage for subsequent sessions.

10:30 a.m.

Break

10:45 a.m.

Measuring Risk (plenary panel discussion) This session will give a high-level view of the state-of-the-art of risk measurement techniques, both quantitative and non-quantitative, to help participants understand what is and is not feasible and to stimulate discussion of how far measurement can and should be pushed. The session will cover the benefits and limitations of measurement techniques, and the appropriate use of these techniques within various decision-making contexts. The discussion will address the following questions, with examples: Why measure risk? What are some of the challenges to measuring risk? How can challenges be overcome? How much data is enough for decision making? What’s the connection between organizational performance and risk indicators/measures? Participants will leave this session with a basic understanding of what risk measurement is, what qualitative and quantitative techniques are available, how to combine quantitative and non-quantitative risk estimates, and which are more appropriate for different decision-making needs. The session should also cover estimating and managing government-specific risks, such as political risks and risks from OMB, GAO, or other oversight bodies, and the management of risks to the physical plant when self-insured. This session will be supplemented by Break-out Session A that delves deeper into specific measurement challenges.

12:15 p.m.

Lunch

1:30 p.m.

Parallel breakout sessions

Session A - Data for operational risks: panel discussion.

This session will cover how risks encountered by support functions impact line organizations. It also should include how to articulate/estimate/quantify risks in terms of meaningful business impacts.

  • Can better estimates be realized in practice through pooled data?
  • Technical challenges in anonymizing and combining sources (federal statistician?)
  • Experience from the trenches (someone speaking about their own experience dealing with real data, commercial compilations---their imperfections and how to overcome same)
  • How to conduct an effective small-scale survey

Session B - How to report operational risks: panel discussion.

This session will cover the problems of aggregating information etc. (Tied in with the Framing the Challenge session.) Covers effective ways to aggregate and characterize heterogeneous risk measurements.

Session C - Training and personnel issues: panel discussion.

This session will cover topics such as how to train staff to understand probabilities and risks; how to develop a common understanding of risks across a diverse organization; how to create incentives for controlling risks.

3:15 p.m.

Break

3:40 p.m.

Organizing Enterprise Risk Management: Structures, responsibilities, and risk ownership in different organizational settings (plenary panel discussion).

This session covers how to design an effective ERM program within a strategic planning context, addressing the positive impact that ERM can have on organizational decision making (risk-based decision making), and the tensions that can exist between effective ERM and operational realities. It will cover how ERM links to strategic planning, how to use both processes synergistically, and how ERM and program management work together. This session should cover risk management program design considerations and touch on measurement and organizational culture where appropriate. It should address the following specific issues:

  • Provide examples of how organizations arrived at the decision to take a more

strategic, enterprise view of risk.

  • How did these organizations structure themselves?
  • What decisions were enhanced?
  • How does risk information inform spending decisions and strategy formulation?
  • Discussion of IRS’ strategic planning process and opportunities for using risk

management disciplines

Participants will leave this session with a practical understanding of how to develop

an ERM capability as a strategic planning tool and an awareness of potential

challenges to designing an effective ERM program.

5:15 p.m.

Reception

6:00 p.m.

Dinner with welcome from an Academy executive.

7:30 p.m.

After-dinner speaker

Thursday, January 15

8:00 a.m.

Continental breakfast

9:00 a.m.

Compliance (Plenary panel discussion)

This session will discuss methods for measuring and managing compliance risks from diverse environments. Include suggested “to-do” items. Compare and contrast ways in which organizations deal with compliance/enforcement.

  • How does the IRS estimate compliance risk? (IRS speaker)
  • Analogous issues from an auditing firm
  • Compliance and enforcement in another setting (e.g., FAA; banks)
  • Overview of research into pattern recognition and detection of correlations (to inform the audience of general directions that may not have made it into practice, and their limitations)

10:15 a.m.

Break

10:45 a.m.

Organizational Culture (Plenary panel discussion)

This session will discuss the challenges and benefits of developing a healthy risk management culture within organizations, one that is open and communicative, with distributed decision making, and that takes measured and appropriate risks. The session will discuss how ERM affects and is affected by organizational culture. Speakers might include someone from the financial sector who can discuss how that sector has become comfortable with credit risks, someone from either NASA or the FAA, both of which are experiencing stress and change, and perhaps an academic, cross-cutting perspective. Drawing on case studies and basic research, speakers should address incentives, habits, leadership and measurement and management of organizational factors. One real-life case study might show how culture can not only cost organizations significant losses in dollars and reputation, but also in human life. This case study might come from either the public or private sector. Questions answered in this session include: Can ERM help change culture? How can risk management take hold in risk-verse organizations? What can organizations and their constituencies do to mitigate risk and improve reliable performance? Participants will walk away from this session with a realistic understanding of the challenges that organizational culture can place on effective ERM. Speakers might be encouraged to develop “to-do” lists of best practices, depending on where an organization is in its evolution to a risk-aware culture. This session might also cover topics such as models of human behavior, motivating behavioral change, design of processes and work environments, and establishing a risk-aware workplace.

12:15 p.m.

Lunch

1:15 p.m.

Aggregation: panel discussion

Three speakers with differing experience in grappling with aggregation to the enterprise level. This session should include some visual examples of how risks have been or could be aggregated. It also should include discussion on the utility of scorecards/dashboards – What are their strengths/limitations? Where have they been used effectively?

2:30 p.m.

Breakout sessions

Session D Computer security

Panel discussion, including experts in Windows and Linux environments, plus a computer security expert who can talk about risks that are emerging or not yet well addressed. Include a discussion of data integrity, too.

Session E Using estimates of contextual risks

Panel discussion of, for instance, how to choose external data; what to believe and not believe in estimates of credit and interest risks; how to properly account for the uncertainties in macroeconomic models.

Session F Modeling heavy-tail events

Panel discussion to share experience in estimating the rare events that can have very serious, even catastrophic, impact. The goal is for participants to develop a better understanding of how much to trust risk estimates for such events. Might include speakers with expertise in statistical reliability, catastrophe modeling, and perhaps someone who extracts signals from rare events in a different sector, such as epidemiology.

Session G How to create and nurture a federal network for ERM

Open discussion among self-selected federal participants. Might include a short talk about NSF’s capabilities and interests in risk management and decision analysis, as a resource for other government agencies. Might also include a discussion of shared challenges and common concerns.

4:00 p.m.

Break

4:15 p.m.

Reports from all seven breakout groups, giving the high points of their discussions and take-home messages. 6 minutes per group.

5:00 p.m.

Adjourn
RSS News Feed | Subscribe to e-newsletters | Feedback | Back to Top
Copyright © . National Academy of Sciences. All rights reserved. 500 Fifth St. N.W., Washington, D.C. 20001.
Terms of Use and Privacy Statement