The OSU Risk Institute Launch
ERM and Business Strategy
October 23, 2014
James Lam
President
ph: 781.772.1961
james@jameslam.com www.jameslam.com
Filename
Key take-aways for today
1. Risks we face are highly complex and interdependent
2. Integrated enterprise risk management (ERM) can add
significant value
3. We must address four fundamental questions for
managing risk
4. Continuous ERM, including strategic risk management,
represents the next frontier
1
Key risks we face as a business
 Strategic/Business Risk
–
Do we have the right business model and strategy? Are we executing against that
strategy effectively? Are we pricing for the cost of risk in our products and services?
 Financial Risk
–
What is our exposure to market prices (i.e., interest rates, FX, equity prices, energy
prices)? What is our exposure to borrowers and counterparties who may fail to perform
on their contractual obligations? Can we raise cash to meet our obligations in cost
effective and timely manner?
 Operational Risk
–
What is our exposure to failures in people, processes, systems, and external events?
For example, are we protected against cyber-security risks?
 Legal/Compliance Risk
–
Are we in compliance with laws and regulations? Are we prepared for proposed laws
and regulations?
 Reputational Risk
–
What is the potential economic impact due to perceptions of our key stakeholders,
including customers, employees, shareholders, regulators, and the general public?
2
ERM is useful because the risks faced
by companies are highly interdependent
Enterprise-Wide Risks
Financial Risks
Event-driven
financial risks
Financial
Risk
Strategic
Risk
IT alignment with
business strategy
Operational
Risk
Documentation of
financial contracts
Credit Risk
Associated with
Investments
Market
Risk
Liquidity
Risk
Funding Liquidity
Asset Liquidity
Credit
Risk
Credit Risk
Associated with
Borrowers and
Counterparties
3
ERM requires balancing the hard and
soft side of risk management
Hard Side
Soft Side
 Measures and reporting
 Risk awareness
 Risk oversight committees
 People
 Policies & procedures
 Skills
 Risk assessments
 Integrity
 Risk limits
 Incentives
 Audit processes
 Culture & values
 Systems
 Trust & communication
4
Case study:
Background
2-Year ERM Program
 New capital
markets business
 Established risk policies and
systems
 Traders hired from
foreign bank
 Instilled risk culture
 Aggressive
business and
growth targets
 Captured 25% market share with
zero policy violations
 Survived “Kidder” disaster
 Recognized as best practice
5
Early adopters of ERM have reported
significant and tangible benefits
Benefit
Company
Actual Results
Market value improvement
Top money center bank
Outperformed S&P 500
banks by 58%
Early warning of risks
Large investment bank
Global risk limits cut by 1/3
prior to Russian crisis
Loss reduction
Top asset management
company
Loss-to-revenue ratio
declined by 30%
Regulatory capital relief
Large commercial bank
$1 billion regulatory capital
relief
Insurance cost reduction
Large manufacturing
company
20-25% reduction in
insurance premium
6
Benefits of Effective Governance and
ERM

McKinsey and Company (2002). Institutional investors in North America willing
to pay an premium of 12-14% for effective corporate governance

Gompers, Ishii, and Metrick (2003). Investment strategy of buying firms with
strong shareholder rights and shorting firms with weak shareholder rights
produced excess return of 8.5%

Cremers and Nair (2003). Firms with strong governance mechanisms produced
excess annualized returns of 8%

Brown and Caylor (2004). Firms with effective governance produce higher ROE,
higher profit margin, and greater dividend payout

Cheng and Wu (2005). Top decile companies in the ISS Corporate Governance
Quotient ratings produced higher ROAs, higher ROEs, and higher P/E ratios

Hoyt and Liebenberg (2009). ERM use among public US insurers was
associated with an equity price premium of 16.5%

Standard & Poor’s (2010). North American and Bermudan insurers with
“excellent ERM” had better stock performance in 2008 (-30% vs. -60%) and 2009
(+10% vs. -10%) when compared to those with “weak ERM”
7
ERM Framework and Processes
Governance Structure
and Policies
Who?
How?
(ex-post)
Dashboard Reporting
and Monitoring
Enterprise
Risk
Management
Risk Assessment
And Quantification
How?
(ex-ante)
Risk Management
What?
8
The “three lines of defense” for ERM
3rd Line of
Defense
Board of Directors (and Audit)
• Establish board risk governance and oversight processes
• Approve risk policies; link strategy, risk, and compensation
• Accountable for periodic review and assurance of controls
2rd Line of
Defense
CRO and ERM Function (and Corporate Management)
• Establish and implement risk and compliance programs
• Execute risk policies and standards, risk appetite & tolerances, and
reporting processes
• Accountable for ongoing risk monitoring and oversight
1st Line of
Defense
Business Units (and Operating Functions)
• Assume risk to generate profits and growth
• Execute customer management, product pricing, P&L plans
• Ultimately accountable for business/risk management
9
Value drivers
Risk Management Impact
Revenue
Expenses
ROE
Losses
 1. Risk-based pricing
 2. Target customer selection
 3. Relationship management
 4. Risk oversight costs
 5. Insurance/hedging expense
 6. Credit and market losses

Shareholder
Value
Equity
New Business
 7. Capital management
 8. Risk transparency
 9. New business development
Growth
M&A
 Risk Management
by Silos (5, 6)
Financial risk
management (4–7)
 10. M&A/Diversification strategy
Enterprise risk
management (1-10)
10
Risk-adjusted pricing
Required
Net
Income
Required
Net
Income
=
Cost
Economic
of
X
Capital
Capital
+ Tax
+
Expense
+
Risk
Losses
=
Required
Net
Revenue
11
Measuring profitability and pricing
Calculate ROE
Calculate Pricing
Exposure
$100 mm
$100 mm
Margin
2.50%
2.20%
Revenue
$2.5 mm
$2.2 mm
Risk Losses
<0.5 mm>
<0.5 mm>
Expense
<1.0 mm>
<1.0 mm>
$1.0 mm
$0.7 mm
<0.4 mm>
<0.3 mm>
Net Income
$0.6 mm
$0.4 mm
Economic Capital
$2.0 mm
$2.0 mm
RAROC
30%
20%
Pre-Tax Net Income
Tax
12
Adverse selection
Will lose competitors
who use risk-adjusted
price
Risk-Adjusted
Price
Price
Non-RiskAdjusted Price
AAA
AA
A
Risk Rating
Will win business
from competitors
but earn below
hurdle rate return
BBB
13
WSJ Article: Airbus Officials
Cite Challenges
Key Takeaways
 Hans Peter Ring, Airbus CFO, said:
“[Airbus] must now do a better job of putting a price tag
on the risks inherent in their airplane programs.”
“We are in a high-tech, complex business, and there is a
lot of risk in our business. That won’t change. The
question is how to price risk. Obviously, in some cases
we didn’t price it right.”
 Posted over €2 billion charges for two big programs –
A380 superjumbo (maximum luxury, e.g., showers and
private suites, vs. production problems) and A440M
military plane (fixed price contract vs. immature
technology)
 Boeing also faced significant delays and cost overruns
with its 787 (efficient production among large number of
suppliers vs. complex outsourcing issues)
Source: WSJ, June 10, 2010
14
Between 1982 and 2003, 76 companies
within the S&P 500 experienced a 30% or
more relative value decline in one month
Industry Mix
Energy
• Halliburton Co.
• Transocean Inc.
Energy
5%
Financials
9%
Financials
• Capital One
• Providian
• U.S. Bancorp
Utilities
• AES Corp
• Dynegy Inc.
• Williams Cos.
Materials
• Allegheny
• Sealed Air Corp.
Materials
4%
Industrials
13%
Industrials
• Lockheed Martin
• Tyco International
• Waste Mgmt.
Telecom
5%
Utilities
17%
Health Care
• Baxter Int’l
• Lily(Eli) & Co.
• United Health
Consumer
Products
21%
Health Care
26%
Telecom
• Nextel Comm.
• Qwest Comm.
• Sprint Corp.
Consumer Prod.
• Mattel Inc.
• NIKE Inc.
• Clear Channel
15
Strategic 61%
co
g
e
ct
Pr
ic
l
in
g
&A
es
re
su
su
Is
es
M
d
Le
ga
De
m
an
Pr
er
od
u
iv
Pr
t it
un
t in
m
pe
ns
um
Number of events
20
I rr
eg
C o u la r
s t it ie
Ov s
er
D
ru
M
eb
an
t P ns
ag
ro
em
bl
em
en
tI
s
Su s u
p p es
ly
Ch
ai
Co
n
m
m
Fo
od
re
ity
F o ig n
Pr
Ex
re
ic
ig
ch
es
n
a
M
ng
ac
e
ro
Ra
-E
te
co
In
n
t e om
re
s t ic
Ra
te
s
Ac
Co
Co
Strategic and operational risks were
major factors, and 33 out of 76 have
not recovered by the end of the period
25
STRATEGIC
61%
15
OPERATIONAL
30%
10
FINANCIAL
9%
5
0
Operational 30%
Financial 9%
16
Strategic risk identified as the major
cause for financial distress
Organization
Research Methodology
Key Findings
James Lam &
Associates (2004)
 S&P 500 (1982-2003)
 One-month stock price
decline of 30% or greater
relative to the S&P 500
 61% were exposed to
strategic risks
 30% were exposed to
operational risks
 9% were exposed to financial
risks
The Corporate
Executive Board
(2005)
 Fortune 1000 companies
(1998-2002)
 Top 20% of companies with
the greatest market value
declines
Deloitte Research
(2005)
 65% were exposed to
strategic risks
 20% were exposed to
operational risks
 15% were exposed to
financial risks
Among the 100 largest declines:
 Thomson Financial Global
 66 involved strategic risks
1000 Companies (1994 62 involved external events
2003)
 61 involved operational risks
 One-month stock price
decline relative to the Morgan  37 involved financial risks
Stanley Financial World Index
17
Integrating Strategy and Risk
Management Performance
Integrating Strategy and ERM
Distribution of Outcomes
1. Define business strategy and
objectives [or functional
performance targets]
2. Establish KPIs based on
expected performance
3. Identify risks that can drive
variability in performance (risk
assessments)
Worst Case
Performance
Expected
Performance
4. Establish KRIs for critical risks
5. Provide integrated monitoring
with respect to 1-4
18
ERM 2.0 Vision: Shaping continuous
risk management practices
1. ERM is a robust and continuous management process, with
its overall performance tracked in a feedback loop
2. In partnership with Finance, ERM supports the
organization’s strategy and strategy execution processes
3. Data and analytics are interconnected from ERM, audit,
compliance, and other key functions
4. A collaborative reporting system enables integrated analysis
and reporting, including role-based dashboard reporting
5. ERM is fully integrated into board, corporate management,
and business line decision-making
19
An ERM dashboard should address five
key questions for senior management
1. Are any of our business
objectives at risk?
2. Are we in compliance
with policies and
regulations?
3. What risk incidents
have been escalated?
4. What KRIs and trends
require immediate
attention?
5. What risk assessments
need to be reviewed?
20
One of the most critical questions
facing risk professionals today
“How do you know if your risk management
program is working effectively?”
21
Establishing a feedback loop
on ERM
Earnings-at-Risk Analysis
Worst Case
EPS = ($1.00)
1.
2.
3.
4.
5.
Expected
EPS = $3.00
Business Plan:
Interest Rates:
Oil Price:
Key Initiatives:
Expense Control:
$2.00
$1.00
$0.50
$0.30
$0.20
$4.00
Earnings Attribution Analysis
Expected EPS :
Actual EPS:
Difference:
$3.00
$1.00
$2.00
Business Plan:
Interest Rates:
Key Initiatives:
Unforeseen Factors:
$1.00
$0.50
$0.10
$0.40
$2.00
Key Questions:
1. Did we identify the key risk
factors?
2. Were our EPS sensitivity
analyses accurate?
3. Did risk management impact
our risk/return positively?
22