Enterprise Risk Management
Midwestern Actuarial Forum
Chicago, IL
March 26, 2002
André Lefebvre, FCAS, MAAA
Agenda
• Description of Enterprise Risk Management
Process
• CAS Activities
• Questions & Answers
Changes in the Business World
• In the new economy, CEOs are facing unrelenting
pressure to lead and improve their company’s
performance
• At the same time, the rules are changing:
• Increasing complexity of the global
economy
• Higher customer expectations
• Intense competition
• Rapid changes in technology
Master Risk  Create Value
• Organizations are searching for and developing
more comprehensive approaches to monitor and
manage business risks
• Business Risk: The threat that an event or action
will adversely affect an organization’s ability to
achieve its business objectives and execute its
strategies successfully1
1
Managing Business Risk: An Integrated Approach, The Economist Intelligence Unit, 1995
Enterprise Risk Management
ERM is an interactive process of well-defined
steps which, taken in sequence, support better
decision-making by contributing a greater insight
into business risks and their impacts
Elements of ERM Process
Establish Context
C
o
m
m
u
n
i
c
a
t
i
o
n
Identify Risks
Analyze/Quantify Risks
Integrate Risks
Assess/Prioritize Risks
Treat/Exploit Risks
M
o
n
i
t
o
r
&
R
e
v
i
e
w
Establish Context
• Understand the:
• strategic (external) context
• organizational (internal) context
• risk management context
• Develop the risk evaluation criteria
• Define the structure
Identify Risks
Document the conditions and events that
represent material threats to the organization’s
achievement of its strategic objectives or
represent areas to exploit for competitive
advantage
Types of Risks
• Strategic
– e.g., competitor risk, shareholder relations risk
• Operational
– e.g., customer satisfaction risk, authority/limit risk
• Financial
– e.g., price risk, liquidity risk, credit risk
• Hazard
– e.g., catastrophic loss risk, health & safety risk
Analyze / Quantify Risks
• Analyze risks in terms of consequence and
likelihood in the context of existing controls
• Quantify the consequence and likelihood using
qualitative, semi-quantitative, or quantitative (or a
combination of these) analyses
Integrate Risks
Aggregating all risk distributions, reflecting
correlations and portfolio effects
Assess / Prioritize Risks
• Evaluate the risk
• Prioritize list of risks
Treat / Exploit Risks
• Identify options for risk treatment
• Assess the options
• Prepare risk treatment plans
• Implement treatment plans
Monitor & Review
• It is necessary to monitor the risks, the
effectiveness of the risk treatment plan, the
strategies, and the management system that is
set up to control the implementation
• Ongoing review is essential to ensure that the
management plan remains relevant
Communicate
Important to develop a communication plan for
both internal and external stakeholders at the
earlier stage of the process
CAS Activities
• CAS Task Force on Non-Traditional Practice
Areas
• CAS Advisory Committee on Enterprise Risk
Management
• CAS Risk & Capital Management Seminar
CAS Task Force on
Non-Traditional Practice Areas
• Created in 1998
• Purpose was to formulate recommendations as to
how the CAS can better support its members that
are currently working, or wish to work in the
future, in non-traditional practice areas
• Report issued to CAS Board of Directors in late
1999
CAS Task Force on
Non-Traditional Practice Areas
A recommendation was that the CAS should
expand its education and research functions to
support new, priority practice areas much as it
did with DFA several years ago and it should
concentrate on developing specific skill sets that
have general applicability to a wide-range of
practice areas, including Enterprise Risk
Management
CAS Advisory Committee on
Enterprise Risk Management
• Established in early 2000 as a result of the
recommendation from the Task Force on NonTraditional Practice Areas
• Purpose is to identify research and education that
the CAS should undertake in the area of
Enterprise Risk Management and recommend
methods, priorities, and timetables to the
Executive Council for implementing that research
and education
• Report accepted by CAS Executive Council in late
2001
CAS Risk & Capital
Management Seminar
• Replacement & expansion of the former Seminar
on Dynamic Financial Analysis
• Intended to provide continuing education
opportunities for professionals interested in
serving in a strategic role in managing risk for an
enterprise
• Topics
– Dynamic Financial Analysis
– Enterprise Risk Management
– Capital Management and Allocation
• July 8-9, 2002 - Toronto, ON
Questions ?