An Element of Good Governance
Presented
by
Rolando C. Cabrera
Risk Management Advisor
Chairman of the Board, Risk and Insurance Management Association of
The Philippines (RIMAP)
Risk Management Creates Value
Risk Management contributes to good Corporate
Governance by providing reasonable assurance to
boards and senior managers that the
organizational objectives will be achieved within
a tolerable degree of residual risk.
Acid Test of Good Governance
What are your Cooperative’s top 10 risks?
Do you have a concise report that shows the key exposures
and trends for strategic, financial, and operational risks?
Are you in compliance with internal policies, laws, and
regulations?
Were the majority of your Cooperative’s actual losses and
incidents identified by the risk reports?
Are you managing businesses on a risk-adjusted profitability
basis?
Common Definition of Risk
• the likelihood of something undesirable happening in a
given event
• the conditional probability of the event occurring times
the consequence of the event given that it has occurred
SEC Code of Corporate
Governance
“The Board must identify key risk areas
and key performance indicators and
monitor these to ensure the effectiveness
of internal control”
Why
take
?
The Three components of Risk:
 An event
 A probability of occurrence
 An impact
I. Basics of Risk Management
A. Elements of Risk Management
Event
Risk
Likelihood
Elements of Risk
8
Impact
B. Types of Risk
Types of
• Pure
Loss
Gain
(upside risk)
• Speculative
(downside risk)
Loss
9
Areas of Exposure to Loss (Pure and
BusinessRisk)
1. Property
2. Finance
3. Legal Liability
4. Personnel
BSP Supervision by Risk (Circular 510)
ERM Framework
Basel 2 (BSP)
BSP Supervision and
Examination
1.
2.
3.
4.
13
Strategic
Financial
Legal and
Compliance
Operational
1.
2.
3.
Credit
Market
Operational
1.
Credit
2.
Market
3.
Interest
4.
Liquidity
5.
Operational
6.
Compliance
7.
Strategic
8.
Reputation
Financial Risk
In the financial world, risk can be defined as “any event which can impair
corporate earnings or cash flow over short/medium/long-term horizons.”
Credit Risk
• Credit risk is defined as loss exposures due to
counterparties’ default on contracts.
Market Rate Risk
• Cooperatives investments may suffer a loss if
there is a fall in the market value of an
investment.
– Equity risk
– Currency risk
– Interest rate risk
Risk of loss of:
Properties
Income
Key personnel
Exposure to liabilities
Resulting from inadequate or failed:
Process
People
System
External events
Operational
Risk is…
T
Today’s organizations are
concerned about:
•
•
•
•
Risk Management
Governance
Control
Assurance (and Consulting)
Reputation Risk
• Reputation risk arises when a situation,
occurrence, business practice or event has
the potential to materially influence the
public and stakeholder’s perceived trust and
confidence in a cooperative.
• As with other risks, the board is responsible
for overall management of reputational risks.
RISK MANAGEMENT VALUE CONTINUUM
Key Issues:
1. What is the current location of the
Cooperative along the continuum?
2. What is the desired location of the
Cooperative along the continuum
3. How should the Cooprarative move
from the current to the
Business Risk
desired location?
Management
Assessment of
financial risk:
Traditional
Risk Management
Purchase of Insurance
or
self-insurance
of
risks affecting property,
income, liability and
people
RISK
Enterprise Risk
Management
Assess risks which threaten
objectives of
• Strategic Management
Process
• Core Business Processes
Develop ERM Framework
• COSO
• AS/NZS; AIRMIC; FERMA
•ISO 31000
• Credit Risk
• Market Risk
Portfolio view of risks
Silo approach
RBCA
MANAGEMENT
RBA
PERSPECTIVE
Recognize that ERM is a journey not a
destination and requires a change process
Why do we need to
begin our journey?
How do we
get there?
How will we know
we are successful?
“Achievable
Goal”
What are the
expected
outcomes?
What elements need
to be put in place?
Where are
we now?
What are the obstacles
along the way?
Why ERM Is Important To a Cooperative
Underlying principles:
•
Every entity, whether for-profit
or not, exists to realize value for
its stakeholders.
•
Value is created, preserved, or eroded
by management decisions in all
activities, from setting strategy to
operating the enterprise day
to
day.y-to-day.
Why ERM Is Important to a Cooperative
ERM supports value creation by enabling
management to:
•
Deal effectively with potential
events that create uncertainty.
future
•
Respond in a manner that reduces the
likelihood of downside outcomes and
increases the upside.
Enterprise Risk Management
(ERM)
COSO has defined ERM as follows:
a process, effected by an entity’s board of
directors, management and other personnel,
applied in strategy setting and across the
enterprise, designed to identify potential events
that may affect the entity, and manage risks to
be within its risk appetite, to provide reasonable
assurance regarding the achievement of entity
objectives.
The Enterprise Risk Management
(ERM) Evolution
What has changed?
• Treating the vast variety of risks in
a holistic manner
• Elevating risk management to a
senior management responsibility
Strategic RM
Operational
RM
focuses on ensuring that
the enterprise manages
the uncertainties that
exists around the
achievement of its
corporate objectives
Top
Down
is focused on managing the
risks that appear during its
day-to-day activities of
actually executing the
SBUs/BUs strategy.
Bottom
Up
Strategic
Tactical
The COSO Framework provides an understanding of the
components of ERM
Enterprise Risk Management:




Source: COSO proposed ERM Framework
R
PO
RE
G
TIN
CO
M
CE
IAN
L
P
Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information & Communication
Monitoring
SUBSIDIARY

NS
BUSINESS UNIT

TIO
RA
E
OP
DIVISION

GI C
TE
RA
T
S
ENTITY-LEVEL

Is a process
Is effected by people
Is applied in strategy setting
Is applied across the enterprise
Is designed to identify potential
events
Manages risks with risk appetite
Provides reasonable assurance
Supports achievement of objectives
Risk Management Responsibility
The Board is responsible for the total process of
risk management, as well as forming its own
opinion on the effectiveness of the process
The Risk Management Process
The Board should set the risk strategy in liaison
with management
Management is accountable to the Board for
designing, implementing and monitoring the
process and integrating it into the activities of the
company
Risk Management Structure
BOARD of DIRECTORS
M
A
C
R
O
RM Committee
RM Council
RM Steering Committee
Risk Mgt.
Team
Risk Mgt.
Team
Risk Mgt.
Team
Internal
Audit /
Compliance
M
I
C
R
O
Risk Management Teams (RMTs)
31
riskWATCH INTERNATIONAL, INC.
ERM Roles & Responsibilities
•
Management
•
The board of directors
•
Risk officers
•
Internal auditors
Example: ERM Organization
Vice President and
Chief Risk Officer
Insurance
Risk Manager
ERM
Director
ERM
Manager
Staff
Corporate Credit
Risk Manager
FES
Commodity
Risk Mg.
Director
ERM
Manager
Staff
Staff
Basic Risk Management Process
PROCESS
DESCRIPTION
STEPS
Risk Identification
Risk
Assessment
Risk
Treatment
Monitoring and
Control
34
Risk Analysis
Risk Control
Risk Finance
Risk Administration
Assess Risk
Risk
assessment
is
the
identification and analysis of
risks to the achievement of
business objectives. It forms a
basis for determining how risks
should be managed.
Event Identification
•
Involves identifying those incidents, occurring
internally or externally, that could affect
strategy and achievement of objectives.
•
Addresses how internal and external factors
combine and interact to influence the risk
profile.
Formal Risk Assessment
The Board should ensure that a formal risk
assessment is undertaken at least annually for the
purpose of making its public statement on risk
management
Risk assessment should address :
Physical
and operational risk
Technology Risk
Credit and Market Risk
Risks should be assessed on an ongoing basis and
control activities should be designed to respond to
risks throughout the company
Companies should develop a system of risk
management and internal control that builds more
robust business operations
How OFTEN will the loss occur?
How BIG will the loss be?
Will it THREATEN our FINANCIAL STABILITY?
Will they INTERFERE with our basic OBJECTIVES?
Risk Analysis
WHAT CAN GO WR
?
The process of determining what, where,
when, why and how something could happen.
Risk Identification
Risk, Peril, or Hazard?
Impact vs. Probability
High
I
M
P
A
C
T
Medium Risk
Share
Mitigate & Control
Low Risk
Accept
Low
High Risk
Medium Risk
Control
PROBABILITY
High
Risk Mapping
High
F
r
e
q
u
e
n
c
y
Moderate
Low
High
Moderate
Low
High
S e v e r i t y
Likelihood / Probability
2
3
6
1
4
5
Significance / Impact
Likelihood / Probability
2
3
6
1
4
5
Significance / Impact
Prioritizing Risks
• Establish the risks to be eliminated
due to potential impact.
• Establish the risks which require
regular management attention.
• Establish the risks that are
sufficiently minor to avoid detailed
management attention.
Risk Prioritization
HIGH
R
E
W
A
X
R
D
LOW
XX
R
I
S
K
HIGH
RISK CONTROL
Stops
Losses
from
Happening
Elements of Risk Control
Mitigate Risks
Risk Control
Plan for
Emergencies
Measure and
Control
RISK CONTROL
TOOLS:
A. Risk Avoidance
WAREHOUSE
RIVER
RISK CONTROL
TOOLS:
B. Loss Prevention
RISK CONTROL
TOOLS:
C. Loss Reduction
Fasten your seatbelt
RISK CONTROL
TOOLS:
D. Segregation of Risk
1. Separation
Production
Warehouse
RISK CONTROL
TOOLS:
D. Segregation of Risk
2. Duplication
Head Office’s Computer
Back-up System at
Branch Office
Risk Response
•
Identifies and evaluates possible responses to
risk.
•
Evaluates options in relation to entity’s risk
appetite, cost vs. benefit of potential risk
responses, and degree to which a response
will reduce impact and/or likelihood.
•
Selects and executes response based on
evaluation of the portfolio of risks and
responses.
Development of Risk Strategies
AVOID
• Divest
• Prohibit
• Stop
• Target
• Screen
• Eliminate
59
RETAIN
• Accept
• Re-price
• SelfInsure
• Offset
• Plan
REDUCE
• Disperse
• Control
TRANSFER
• Insure
• Allocate
• Hedge
• Indemnity
• Securitize
• Share
• Outsource
EXPLOIT
• Allocate
• Diversify
• Expand
• Create
• Redesign
• Reorganize
• Price
• Arbitrage
• Renegotiate
• Influence
RISK FINANCING
(Risk-Based Capital Adequacy)
Provides Funds for Losses that do Occur
RISK FINANCING
A. Risk Retention Scheme
- Current Expense
- Unfunded Reserve
- Funded Reserve
- Borrowing Funds to Pay for Losses
B. Risk Transfer Scheme
- Insurance
- Contractual Transfer of Risk
Monitoring
Effectiveness of the other ERM
components is monitored through:
•
Ongoing monitoring activities.
•
Separate evaluations.
•
A combination of the two.
Internal Control
A strong system of internal
control is essential to effective
enterprise risk management.
Embedding Risk Management in
A Cooperative
• A risk aware culture
• Senior Management Commitment
• A common business risk language
• Risk management structure
• Risk management process
The Road Beyond 2015 for a
Cooperative
• Business Continuity Planning (BCP)
• Corporarte Resiliency: your inner strength
Management theorist Peter Drucker has
pointed out that the only way to increase
the yield from a given amount of world
resource is to introduce risk. To run away
from risks is to miss the point: You need
to take the right risks and to be aware that
that’s what you’re doing.
It is only when one has put all the risks to
bed, that one can have a quiet night’s
sleep!
End of Presentation
Thank You!
Contact details:
Rolando C. Cabrera
Mobile No. 09064703322
Email: rolcabrera@gmail.com
Q&A