IRM DIPLOMA MODULE 5 : Risk Solutions

1
IRM DIPLOMAMODULE 5 Risk Solutions

• ALEX HINDSON
• Lead Examiner
• alex.hindson_at_aon.co.uk

December 2008
2
Advice on Approaching the Module

• Read and understand fully the detailed study
  guide
• The exam will be based on this scope of syllabus
• Read as widely as time allows. The study guide
  will get you through the exam - just
• You need to demonstrate post-graduate level of
  understanding and application of concepts
• Keep up with developments in publications and on
  the internet.
• Put together revision notes.
• Look at sample example questions and mock
  papers when available to gauge level of answer
  needed

3
Exam Structure

• Do 4 out of 6 questions
• Section A
• Each question approximately 5-7 marks
• Short questions covering whole of syllabus
• Section B
• Each question in two parts, typically 10-15 marks
  each
• Longer analytical questions on selected parts of
  syllabus

4
SYLLABUS OVERVIEW

• Structured Approaches to Risk Management
• Risk Management Strategies
• Internal Controls
• Hierarchy of Risk Responses
• Eliminate Risk
• Control Risk

5
SYLLABUS OVERVIEW

• Finance Risk
• Manage Uncertainty Capture Opportunity
• Evaluating Management Options
• Risk Management Programmes
• Risk Management Culture

6
Element 1 Structured Approaches

• Why is risk management needed?
• Growing level of distrust in institutions
• Higher expectations from stakeholders and
  shareholders
• Enhanced regulatory and reporting requirements
• Consequences of getting it wrong are getting
  higher
• Failure of strategy in particular (eg/ Marconi,
  ICI, Northern Rock)
• Failure to respond appropriately to a crisis
• Eg/ Perrier, Coca Cola, Sandoz etc
• Not to forget competitive advantage in doing it
  right

7
Element 1 Consequences of Not Managing Risk
8
Element 1 - Tylenol
9
Element 1 - Sandoz
Sandoz Incident 1987 Major agrochemical warehouse
fire causes disastrous environmental impact on
River Rhine.
10
Element 2 Risk Management Strategies

• Different approaches exist and can be appropriate
  in a range of circumstances
• Robustness
• Redundancy
• Flexibility
• Resilience

11
Element 2 Regulation

• Regulation is a form of risk management at
  societal level
• Tends to be put in place to avoid reoccurrence of
  a major incident, accident or scandal
• COMAH regulations post Flixborough and Seveso
  explosions
• Clean Air Acts post major pollution incidents
• Cadbury Code post Guinness and Mirror scandals
• Sarbanes Oxley Act post Enron and Worldcom
• Can be a blunt instrument
• Precautionary Principle - controversial

12
Element 2 Consequences - Nokia / Ericsson Case
Study
March 17, 2000
Nokia Finland
Albuquerque New Mexico
Ericsson Sweden
Philips semiconductor plant
A 10 minute fire caused by a lightning bolt
hitting an electric power line
Philips The Netherlands
13
Element 3 Internal Controls what are they?

• any action taken by management, the board or
  other parties to manage risk and increase the
  likelihood that established objectives and goals
  will be achieved.
• They are designed to give assurance as to
• Effectiveness and efficiency of operations
• Reliable financial reporting
• Compliance with laws and regulations

14
Element 3 Examples of Internal Controls

• Senior management review
• Line management review
• Information processing
• Physical controls
• Performance indicators
• Segregation of duties

15
Element 3 Internal Controls COSO Framework

• The framework defines essential ERM components
• Links Control Environment to wider Enterprise
  Risk Management process
• Key elements from control perspective are
• Control Activities
• Information Communication
• Monitoring

16
Element 3 What happens if controls fail or are
not implemented?
Guinness directors showed contempt for truth,
http//news.bbc.co.uk/1/hi/business/34910.stm
1990Guinness Four guilty, http//news.bbc.co.u
k/onthisday/hi/dates/stories/august/27/newsid_2536
000/2536035.stm The Guinness Report and its
impact on take over bids and corporate
governance. http//www.legal500.com/devs/uk/ma/ukm
a_a16.htm
17
Element 4 Hierarchy of Responses to Risk

• Eliminate (Terminate)
• Reduce (Treat)
• Transfer
• Maintain Flexibility
• Accept

18
Element 4 Appropriately accepting risks

• This may make sense in the following
  circumstances
• The level of risk is so low that no risk control
  is not required
• The risk is such that no risk control approach is
  appropriate especially if the cost of mitigation
  is excessive
• The risk is such that no control measure exists
• The opportunities associated with taking the risk
  so far outweigh the threats that it appear
  justified
•  The primary challenges within organisations are
  to ensure that
•  The risk is known, recognised and characterised

19
Element 5 Avoiding Risks

• In the extreme this means withdrawing from a
  business activity completely if the risks
  considered inappropriate
• This may be the appropriate response or a sign of
  a risk averse organisation that will fail to
  capitalise on certain market opportunities others
  are prepared to exploit
• Outsourcing is not about risk avoidance. It is a
  form of risk transfer but that is not always
  understood.
• Risks are handed to a third party who through
  expertise is hopefully better placed to manage
  the risks

20
Element 5 Inherent Safety

• This is a concept whereby hazards are eliminated
  at source rather than trying to cure the symptoms
• Eg/ why breed tigers for eating when sheep are
  less dangerous
• Eliminating risk at source implies changing
  business processes and is therefore
  intellectually satisfying but not always
  possible.
• Product substitution is often an example
• Eg/ replacing leaded petrol with unleaded is risk
  mitigation for health environmental exposures
• Moving to electric vehicles might represent a
  more inherently safe solution

21
Element 6 Controlling Risks

• Property Loss Control
• Safety, Health Environmental Management
• Contract Risk Management
• Supply Chain Risk Management
• Fraud Risk Management
• IT Risk Management
• Business Continuity Management
• Crisis Management Communication

22
Element 6 Purpose of Risk Control

• The objective of any risk control approach is to
  treat or mitigate the risk in such a way as to
  render it acceptable to the organisation.
• Generally this implies minimising the Total Cost
  of Risk.
• The Cost of Risk for most organisations is
  defined as the total of
• Costs associated with risk management and
  mitigation programmes
• External Insurance premiums
• Retained and uninsured losses
• Costs associated with administering risk
  financing programmes

23
Element 6 Property Loss Control

• Fire Protection
• Eliminate/ Substitute
• Segregate
• Active protection
• Passive protection
• Physical security
• Protection against natural hazards
• Flood
• Windstorm
• Earthquakes

24
Element 6 SHE Management
Policy
Objectives
Communications
Roles Responsibilities
Risk Identification
Verification Audit
Risk Assessment
Monitoring Review
Risk Response
25
Element 6 Other Control Approaches

• Contract Risk Management
• Supply Chain Risk Management
• Fraud Risk Management
• IT Risk Management

26
Element 6 Business Continuity Management
BS25999 Part 1
27
Element 6 Crisis Management Communication

• Communication is a key element of managing a
  crisis
• Mistrust is a major issue in communicating to the
  public on risk issues
• Remember Vincent Covellos pointers
• Perception is reality as far as general public is
  concerned
• The primary goal of crisis communication is to
  establish trust and credibility.
• Sharing facts is a secondary activity.
• Trust and credibility start at low level and need
  to be earned.

28
Element 6 - Crisis Management what can go wrong

• June 1999 Coca Cola product contamination
• 120 people sick in Belgium after consuming
  products
• Further 80 people sick in France
• Head office response merely a bad odour
• Misjudged media regulatory response
• Investigation revealed 2 separate issues
• Defective Carbon Dioxide at Antwerp
• Fungicide sprayed onto wooden storage pallets at
  Dunkirk
• Story gathered own momentum

29
Element 6 Crisis Management Case Study
Global Impact
30
Element 7 Objectives of Risk Financing

• Pre-loss objectives
• operating efficiency
• acceptable levels of risk retained
• meet legal constraints
• Post-loss objectives
• survival
• continuity of operation

31
Element 7 Insurance in Context

• Volatility - survival after large losses (e.g.
  Vapour Cloud explosion)
• Frequency survival after multiple smaller
  losses (e.g. Damaged boiler)
• Risk Transfer to guarantee stability of earnings
• Pooling of risk should allow insurers provide
  affordable capacity
• Smooth Operating Costs
• Earnings stability enables Capital Ventures
• Loss Prevention

32
Element 7 Risk Retention

• Why retain risk?
• How to determine appropriate levels
• Liquidity / Debt
• Options for retaining risk
• Expenses
• Contingency funds
• External risk funds
• Captives

33
Element 7 Captive structures

• Paper / Virtual
• Small-scale
• Rent-a-captive
• Protected Cell Companies (PCC)
• Full scale captive
• ownership (Single / Multi-parent / Pool/ Mutual)
• scope of operation
• function
• location

34
Element 7 Captive operation
Insurance Captive
Reinsurance Captive
35
Element 7 Captives benefits limitations

• Access to Reinsurance/ARF markets,
• Pricing- Reinsurance market operates on a lower
  cost structure
• Reduce costs
• Avoids commercial insurers admin costs/ margin
• Recaptures underwriting profits
• Earn investment income on unpaid loss reserves
• Premiums not subject to industry wide performance
• Generates ability to smooth results over time
• As surplus increases greater ability to retain
  risk
• Less reliant on commercial marketplace
• Minimises effects of volatility of the Insurance
  market

36
Element 7 Alternative Risk Financing options

• Loss portfolio transfer
• Finite Reinsurance
• Cash Assets
• Overdrafts / Term Loans
• Credit Lines
• Long Term Finance
• Long Term debt
• Equity
• Contingency Loans
• Securitisation
• Catastrophe Bond / Insurance Securitisation (see
  separately)
• Capital markets / Derivatives (see separately)

37
Element 7 Insurance Securitisation
Interest
Premium
Premium
Bond
Capital Markets
Insured
Re/ Insurer
Special Purpose Vehicle SPV
Capital
Policy
Policy
38
Element 7 - Derivatives

• Forward Contracts
• Futures
• Options
• Caps, Floors and Collars
• Currency / interest rate swaps

39
Element 7 Contract Risk Financing Outsourcing

• Risk Control Transfer
• Contractual transfer where transfer
  responsibility for controlling and financing
  exposures to third party
• Risk Financing Transfer
• Contractual transfer where only transfer
  responsibility for funding losses to third party
• Outsourcing is a form of risk control transfer
  and is currently growing in application
• Risks in outsourcing are not always understood
  and managed
• Worth understanding what leads to successes or
  failures in this area

40
Element 7 Outsourcing Case study Ontario
Government and Accenture

• Objective
• Create a real-time, web-enabled application
  with some 800 rules governing social service
  payment eligibility, preventing fraud, reduced
  caseloads and improved service.
• Press Headlines
• Although tried and tested processes, poorly
  designed specifications resulted in significant
  scope creep
• Result
• Original quote 180 million Cost close to 400
  million
• Frustration
• Threat of litigation and adverse PR

41
Element 7 Outsourcing Case StudyBT and
Accenture

• Objective
• Accenture provides a wealth of support services
  to BT, including HR services, to 87,000 employees
  and pension administration for 180,000 policies
• Press Headlines
• Accenture HR services has a proven track record
  of consistently high quality service and a true
  partnership approach
• Result
• Renewal of previous 5 year contract for further
  10 years and 306 million

42
Element 8 Capturing Opportunities
43
Element 8 Responses to Uncertainty

• Shapers
• Aggressive strategy seeking to influence market
  directly and drive change to their advantage
• Eg/ EasyJet and Ryan have changed aviation market
• Adapters
• Defensive strategy based on responding rapidly to
  market trends
• Eg/ HP customising printers to end-user
  requirements local to market rather than driving
  needs

44
Element 8 Continuous Improvement

• Toyota drove initial thinking around Continuous
  Improvement
• Challenging organisations to drive out waste and
  become more efficient
• PDCA cycle
• Plan
• Do
• Check
• Act
• Business Process Management about reviewing and
  challenging current work methods

45
Element 8 Portfolio Management

• Many organisations manage portfolios of
  opportunities and need to make decisions around
  which investments to develop
• Oil / Gas reserves
• Pharmaceutical Research pipeline
• Private equity investment portfolio
• Different techniques can be adopted to help
  evaluate and manage portfolios
• Net Present Value
• Decision Tree Analysis
• Real Options

46
Element 8 Corporate Responsibility

• commitment of business to contribute to
  sustainable economic development, working with
  employees, their families, the local communities
  and society at large to improve the quality of
  life.
• Embracing Corporate Responsibility can be a
  proactive approach to protecting and enhancing
  brand and corporate reputation.
• This is important because organisations are in
  competition for
• Customers
• Talent
• Ideas
• Investment

47
Element 8 Mergers Acquisitions
From CIMA Enterprise Governance
48
Element 9 Evaluating Options

• Key steps include
• Review causes and controls
• Define risk mitigation objectives
• Identify risk mitigation options
• Design risk mitigation solutions
• Evaluate risk mitigation solutions
• Appropriateness
• Effectiveness
• Cost/Benefit

49
Element 9 Decision Making

• Structured approaches include
• Cost Benefit Analysis using financial models
• Decision Analysis using structured scoring
• Management decision making
• Not always based on financial evaluation
• Trade offs may be necessary
• Absolute minimum
• Barely satisfactory
• Most cost-effective
• Accepted industry norm
• Best achievable result with current techniques

50
Element 10 RM Programme Design

• Risk Management Programme
• Needs to be integrated into other key business
  processes (planning etc)
• Address both key business risks and risk
  management process itself
• Risk Management Improvement Plan
• Incorporate tangible activities than can be
  tracked towards completion
• Capable of demonstrating benefits from investment
• Support development of Risk Management within
  the organisation over time

51
Element 10 RM Programme Implementation

• Risk Management programme is a change management
  exercise
• Need to recognise change needs managing
• Key success factors include
• Clearly defined and communicated objectives
• Effective stakeholder engagement
• Coherent communication strategy
• Clarity of roles and responsibilities
• Risk Management infrastructure

52
Element 11 Risk Management culture

• Risk culture is difficult to define but critical
  to successfully implementing Enterprise Risk
  Management
• Key enabling factors include
• Senior management sponsorship
• Communicating a risk philosophy across the
  organisation
• Selling success stories across the organisation
• Securing local champions to drive the process
  forward
• Encourage management to support staff taking
  appropriate risks

53
Element 11 Risk Culture - Challenges

• Key challenges might include
• Lack of senior management engagement
• Inadequate resources available
• Failure to clearly assign responsibilities
• Failure to communication benefits
• Sensitivity to different organisational and
  regional cultures
• Time required to communicate and drive change
• Time required to building capability and
  understanding

54
Element 11 Risk Culture - Skills

• Embedding risk management requires the transfer
  of skills and knowledge within the organisation
• Tangible skill transfer
• Risk management knowledge
• First hand experience of techniques
• Clearly defined roles and responsibilities
• Intangible skill transfer
• Comfort in managing uncertainty
• Encouraging Risk aware culture
• Encouraging appropriate risk taking

55
IRM DIPLOMAMODULE 5 Risk Solutions

• ALEX HINDSON
• Lead Examiner
• alex.hindson_at_aon.co.uk

December 2008