Enterprise Risk Management - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Enterprise Risk Management

Description:

Performance bar is raised for Financial Executives ... Rating agencies are incorporating ERM evaluation to overall corporate rating ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 30
Provided by: WEI1
Category:

less

Transcript and Presenter's Notes

Title: Enterprise Risk Management


1
Enterprise Risk Management
  • Lecture 9

2
Why the Interest in ERM?
  • Performance bar is raised for Financial
    Executives
  • Your company can optimize overall returns and
    minimize risks
  • Leverage existing control processes to meet
    emerging risk governance demands
  • Rating agencies are incorporating ERM evaluation
    to overall corporate rating
  • US Sentencing Guidelines offer consideration for
    effective risk management

3
Evolution of ERM COSO Internal Control Framework
  • Operations
  • Compliance
  • Financial Reporting

4
Evolution of ERM COSO Enterprise Risk Management
  • Strategy
  • Operations
  • Reporting
  • Compliance

5
Defining ERM Portfolio View
Possible Combinations of Risk and Return
Unattainable Combinations
Modified from www.monkeychimp.com
6
Defining ERM Key Concepts
  • Common Language
  • Common Measurement
  • Gross / Inherent Risk
  • Response/Control/Mitigation
  • Net / Residual Risk

7
Implementing ERM Getting Started
  • Get Buy in from the Top
  • Consolidate Risk Lists
  • Document Existing Risk Management Silos
  • Identify Gaps in Coverage
  • Decide Next Steps
  • Fill Gaps to Demonstrate Value
  • Establish Repeatable Process

Ad Hoc / Heroics Initial Tasking
8
Implementing ERM Leverage Existing Processes
  • Internal Audit
  • Compliance
  • Strategic Planning
  • Operational Planning
  • Board Reporting

Common Risk List Assess Gross Magnitude and
Likelihood Prioritization of Risks Self
Assessment of Response and Control
Capabilities Consensus View on Net
Risk Disclosure of Risk Exposures
9
Risk and Control Focus
10
Implementing ERM Establishing a Process
  • Get Management Talking About Enterprise Risk
  • Develop Common Language
  • Develop a Common Measurement Basis
  • Establish an Enterprise Risk Management Framework
  • Dedicate Staff
  • Develop Expertise

Repeatable Manageable
11
Implementing ERM Key Questions
  • Quality Are we talking the right kinds of risk?
  • Quantity Are we talking the proper amount of
    risk to meet our objectives?
  • Resources Are we allocating resources
    (financial, human, etc) efficiently to manage
    risks?
  • Advantage Do we have a competitive advantage in
    a particular type of risk?
  • Challenges
  • Cultural
  • Operational

Optimizing?
12
Sample ERM Implementation Lifecycle
  • Sample potential ERM Implementation Project
    Lifecycle
  • Comprehensive Risk Identification
  • Review existing risk lists
  • Interview senior management
  • Consolidate findings and report
  • Collect and Index Extant Risk Related Process
    Documents
  • Find policies and procedures related to
    significant risks
  • Assess gaps in coverage i.e. risk identified but
    no related processes
  • Assess gross risk
  • Interview business unit managers to determin risk
    events, potential impact and likelihood of
    occurrence
  • Review existing risk modeling at the business
    unit level
  • Assess risk materiality and prioritize risks
  • Document findings and report

13
Sample ERM Implementation Lifecycle ( Contd)
  • Assess capabilities to control and respond to
    risk
  • Determine organizational structure and identify
    risk management capabilities
  • Assist business unit managers in self assessing
    their capabilities to control and respond to risk
    using objective benchmarking criteria to
    determine relative strength
  • Determine the risk and capability alignment (one
    to one, many to one, one to many) and assess
    interdependencies
  • Document findings and report
  • Assess residual risks
  • Determine residual risk exposure based on higher
    risk materiality and lower related capabilities
  • Document findings and report
  • Develop Gap Closing Plan
  • For higher risk materiality and lower related
    capabilities develop action plans to either
    modify risk materiality or strengthen
    capabilities
  • Execute Gap Closing Initiatives
  • Additional projects need to be scoped

14
Value Proposition Demonstrate Good Governance
  • Transparency to Stakeholders
  • Reveal natural hedges
  • Understand how a single event or multiple events
    may impact the company as a whole
  • Broader understanding of the aggregate exposure
    to risk
  • No surprise
  • Clarify Roles and Responsibilities
  • Assign risks with no clear owner (reputation
    risk)
  • Enhance collaboration in response to events

15
Risk Environment
Interest Rate Risk Foreign Exchange Hedging
Programs
Customer Financing Prepaid Services Loans Bonds
Product Pricing Reserves Consumer
Behavior Catastrophes Reputation
People Processes Technology Outsourcing Fraud
16
Response and Control Capabilities
  • Compliance
  • Ethics
  • Internal Audit
  • Sarbanes Oxley
  • Human Resources
  • Technology
  • Product Development
  • Communications
  • Insurance Programs
  • Capital Management

Risk management capabilities exist through out
the enterprise Front office / sales Middle
office / support Back office / processing
17
ERM Heat Map
18
Decisions Under Risk and Uncertainty
19
Risk Governance
  • Decision making and controls related to risk
    taking
  • Interagency Statement on Complex Structured
    Financial Transactions
  • Rating agency consideration of ERM
  • Organizational Sentencing Guidelines
  • Internal Audits role in ERM
  • Shape the control environment to maximize value,
    remember that wanting greater returns usually
    implies taking more risk

20
Identifying Elevated Risk CSFTs
Characteristics of Elevated Risk Complex
Structured Financial Transactions
  • Lack economic substance or business purpose
  • Questionable accounting, regulatory, or tax
    objectives
  • Create misleading disclosures
  • Involve circular transfers of risks
  • Involve undocumented agreements that impact
    regulatory treatment
  • Economic terms inconsistent with market norms
  • Provide disproportionate compensation

21
Organizational Sentencing Guidelines Overview
  • Established by the US Sentencing Commission
  • Most recent revisions effective November 1, 2004
  • Applies to many forms of organizations
  • Companies
  • Not for profits
  • Unions
  • Governments
  • Others
  • Focus on the effectiveness of compliance and
    ethics program

22
Effectiveness Criteria Responsibility and
Authority
  • Governing authority
  • Is knowledgeable of the compliance and ethics
    program
  • Exercises oversight of implementation and
    effectiveness
  • Specific high level individuals shall have
    responsibility for the compliance and ethics
    program
  • Specific individuals shall be delegated
    operational responsibility for the compliance and
    ethics program
  • Report to governing authority / high level
    individuals
  • Adequate resources
  • Appropriate authority

23
Effectiveness Criteria Procedures
  • Communication and training
  • Monitoring and auditing
  • Periodic evaluation of effectiveness
  • Anonymous reporting processes
  • Enforcement and consequences
  • Risk assessment

24
ERM, Ethics and Compliance
  • Adopting ERM is one way to demonstrate a
    commitment to good governance
  • Enterprise wide risk assessments can help put the
    need for compliance and ethics program in context
  • Compliance risk assessments can leverage the
    enterprise risk assessment and management process
  • A coordinated testing strategy can save time and
    effort and reduce information overload

25
Standard Poors Approach
  • Enterprise risk management will become a
    separate major category of our analysis
  • The companies that are seen to be the best
    performers in this category will be those that
    have robust risk management processes that are
    carried out across the entire enterprise and that
    form a basis for informing and directing the
    firms fundamental decision making

26
Standard Poors Classification
  • Weak
  • Limited capabilities to cosistently identify,
    measure, and manage risk exposures across the
    company and thereny limit losses.
  • Execution of risk management is sporadic
  • Losses cannot be expected to be limited n
    accordance with perdetermined tolerance
    guidelines
  • Business managers have yet to adopt a risk
    management framework
  • Risk management satisifies regulatory minimums
    but is not regularly applied to business decisions
  • Excellent
  • Extremely strong capabilities to consistently
    identity, measure, and manage risk exposures and
    losses within the companies predetermined
    tolerance guidance
  • Consistent evidence of the practice of optimizing
    risk adjusted returns
  • Risk and risk management are always important
    considerations in corporate decision making

27
Standard Poors Cultural Indicators
  • Most Favorable
  • Corporate risk management responsibility rest
    with a senior influential officer
  • With regular reporting and access to the board
  • Risk tolerance is clearly articulated and
    consistent with firm goals and expectations
  • Risk management polices and procedures are
    clearly stated and widely known
  • Management view its risk management capabilities
    as a competitive advantage
  • Least Favorable
  • Corporate risk management responsibility rest
    with a middle manager or is nonexistent
  • Access to the board is ad doc or limited
  • Risk tolerance is unclear and may vary from
    situation to situation
  • Risk management policies and procedures are not
    fully documented
  • Management views risk management as a frustrating
    constraint imposed by external policies

28
Standard Poors Control Indicators
  • Most Favorable
  • Demonstrate process to identify significant risk
    experience
  • All significant risk monitored on a regular basis
    with timely and accurate measures of risk
  • Clearly documented limits and standards for risk
    taking and management that are widely understood
  • Risk limits are enforced with clear predetermined
    consequence for exceeding limits
  • Defined loss event post mortem review to
    determine if process improvements are necessary
  • Least Favorable
  • Not all significant risk exposures have been
    identified
  • Risk monitoring is informal, irregular or
    nonexistent
  • Risk limits not documented or are too broad to
    have an impact on operational decision making
  • Review of compliance with limits is irregular and
    there are often no consequence for exceeding
    limits
  • Minimal or limited review of loss events

29
ERM Value
  • Better Decision Making
  • Facilitates risk management gap analysis
  • Helps optimize gap closing spend and activities
  • Common language and measurement of risk allows
    for more efficient risk monitoring and
    communication (eliminate duplication of effort)
  • Also provides a context to align risk and control
    responsibilities
  • Provides a meaningful context for external
    stakeholders
  • Shareholders aware of risk to strategy and
    management's process to respond and control
    unwanted risk levels
  • Rating agencies understand how risk is factored
    into decision making to optimize risk and reward
  • Demonstrate good tone at the top corporate
    governance
Write a Comment
User Comments (0)
About PowerShow.com