Add to collection(s) Add to saved
  1. Business
  2. Management

Risk-Management-NSF-Handouts

advertisement 
W E LO O K AT TH I N G S D I F F E R E NTLY
Risk Management The Supervisor’s Perspective
National Supervisors’ Forum
November 2013
David Matthews
Irish League of Credit Unions, 2012
W E LO O K AT TH I N G S D I F F E R E NTLY
Objective
1. To provide you with an overview of risk
management:
- Rationale, terminology, risk systems
- Two aspects –
• Risk Management system / process
• Risk Management culture
2. To explain the Supervisor’s perspective on
Risk Management – focus on culture!
Irish League of Credit Unions, 2012
W E LO O K AT TH I N G S D I F F E R E NTLY
Agenda
1. What is Risk Management
–
–
Why is it important?
Definitions & Terms
2. Risk Management System
–
–
Identify, analyse, action plan
System overview
Identify
Analyse & Measure
Evaluate Internal Controls
Residual Risk
Action Plan
Monitor & manage
3. The Supervisor’s perspective
4. Examples - Risk-Based Approach to Decision Making
5. Questions & Answers
Irish League of Credit Unions, 2012
3
W E LO O K AT TH I N G S D I F F E R E NTLY
Section 1:
What is Risk Management?
Irish League of Credit Unions, 2012
4
W E LO O K AT TH I N G S D I F F E R E NTLY
Definitions
Risk Management is a formal process that analyses
prevailing risks facing the credit union and identifies
appropriate responses for addressing them
A risk is anything that could impact negatively on your
credit union – transactional or organisational
Impacts: Financial Loss, Disruption to Operations,
Reputational Damage, Physical
Responses: Accept – Mitigate – Transfer – Avoid
Irish League of Credit Unions, 2012
5
W E LO O K AT TH I N G S D I F F E R E NTLY
Why is it important?
Republic of Ireland – now required by legislation
• System, process, culture, Risk Officer, risk register
• PRISM – focused on risk
Northern Ireland – not required by legislation
• But, a risk management culture is a key requirement of
a well-run business
All Board and management decisions and activities
should be framed within a risk management culture
Lessons from recent years where risk was not considered
Irish League of Credit Unions, 2012
6
W E LO O K AT TH I N G S D I F F E R E NTLY
Risk Management Terms
Risk Management Culture - a credit union’s collective
system of values that shape its risk decisions
Risk Capacity – how much risk can we afford to take?
Determined by how much capital we have
Risk Appetite – amount and type of risk that we are
prepared to seek, accept or tolerate
Zero, Low, Moderate, High
Risk Tolerance – the actual level of risk that we will accept
Irish League of Credit Unions, 2012
7
W E LO O K AT TH I N G S D I F F E R E NTLY
Risk Management Terms
Inherent Risk – the risk posed before systems and controls
that relate to the risk are considered
Residual Risk – the level of risk after considering the
effectiveness of systems and controls put in place to
manage the risk
Irish League of Credit Unions, 2012
8
W E LO O K AT TH I N G S D I F F E R E NTLY
Section 2:
Risk Management System
Irish League of Credit Unions, 2012
9
W E LO O K AT TH I N G S D I F F E R E NTLY
Risk Management System Overview
Step 1
• Identify risks
Step 2
• Analyse inherent risks
Step 3
• Determine “residual risk”
Step 4
• Report & Action Plan
Irish League of Credit Unions, 2012
10
W E LO O K AT TH I N G S D I F F E R E NTLY
Step 1: Identifying Risks
• Identify risks (current & future) that could impact
upon the credit union
• Will be similar (but not identical) for all credit unions
– Depends on structures, products, services, delivery
channels, etc.
• Description of risk should describe impact, event,
cause
– To enable action to be taken
Irish League of Credit Unions, 2012
11
W E LO O K AT TH I N G S D I F F E R E NTLY
Step 2: Analysing Risks
• Impact & likelihood of occurrence
– The impact of each risk is scored, e.g. 1 to 5
– The likelihood of occurrence is scored, e.g. 1 to 4.
• Scoring is a subjective exercise
– Will vary between credit unions
• Scores are multiplied to get the risk ranking score
• Low scoring risks are excluded
• High scoring risks are taken to next stage for further
analysis
Irish League of Credit Unions, 2012
12
W E LO O K AT TH I N G S D I F F E R E NTLY
Impact of Risk
What is the impact?
Score
There is a negligible impact on the credit union
1
There is a minor impact on the credit union
2
There is a significant impact on the credit union
3
There is a very serious impact on the credit union that
would undermine the stability of the organisation
4
There is a disastrous impact on the credit union that
could result in termination of business
5
Irish League of Credit Unions, 2012
13
W E LO O K AT TH I N G S D I F F E R E NTLY
Prevalence of Risk
How likely?
Score
This risk is very unlikely to occur
1
There is some possibility that this risk will occur
2
It is likely that this risk will occur
3
It is almost certain that this risk will occur
4
Irish League of Credit Unions, 2012
14
W E LO O K AT TH I N G S D I F F E R E NTLY
Risk Ranking – Fraud
Risk
1.2
1.5
1.4
1.1
1.3
An officer grants several large loans to family members outside the
credit union’s loan policy requirements.
A member cashes a number of fraudulent cheques through the credit
union resulting in a significant financial loss.
An officer of the credit union has been transferring funds from
dormant member accounts.
An officer defrauds the credit union of significant sums of money by
setting up false loans for fictitious members.
An officer of the credit union steals a series of small sums of cash from
the cash drawer over a period of months.
Irish League of Credit Unions, 2012
Score
12
12
8
4
4
15
W E LO O K AT TH I N G S D I F F E R E NTLY
Step 3: Determining Residual Risk
• This step will determine the threat posed by a risk
once internal controls have been considered
• A control is any measure deliberately put in place to
manage risks
• Determine effectiveness of these internal controls
• Risk ranking score is multiplied by the controls’
effectiveness scores to determine residual risk
Irish League of Credit Unions, 2012
16
W E LO O K AT TH I N G S D I F F E R E NTLY
Mapping Internal Controls
Policy / Plan
People
Practices
Paperwork
Irish League of Credit Unions, 2012
17
W E LO O K AT TH I N G S D I F F E R E NTLY
Example: Credit Risk
Plan:
People:
Loans Policy &
Procedures
Loans Officers,
Credit Committee
Practices:
Paperwork:
Credit referencing,
lending limits
Loan forms, proofs,
evidence
Irish League of Credit Unions, 2012
18
W E LO O K AT TH I N G S D I F F E R E NTLY
Internal Control Effectiveness
Internal control strength
Score
Extremely robust controls - almost completely remove any
threat.
0.2
Robust internal controls - greatly reduce the threat of the risk
to an acceptable level.
0.4
Reasonable effective internal controls - reduce the threat of the
risk but not to an acceptable level.
0.6
Internal controls are weak and only offer minimal protection
against the threat posed by the risk.
0.8
Internal controls are completely ineffective or completely
absent, and do not reduce the threat of the corresponding risk.
1.0
Irish League of Credit Unions, 2012
19
W E LO O K AT TH I N G S D I F F E R E NTLY
Calculating Residual Risk
(Risk Ranking Score) x (Internal Control Score) =
Residual Risk
12 x 0.2 = 2.4 (low residual risk)
8 x 0.6 = 4.8 (medium residual risk)
10 x 0.8 = 8.0 (high residual risk)
Irish League of Credit Unions, 2012
20
W E LO O K AT TH I N G S D I F F E R E NTLY
Step 4: Report & Action Plan
• Process has identified internal controls that must be
improved
• Develop risk response plan
• Report findings to the Board for approval
• Delegate tasks to appropriate officers and set firm
deadlines for delivery
• Review effectiveness of actions
Irish League of Credit Unions, 2012
21
W E LO O K AT TH I N G S D I F F E R E NTLY
Irish League of Credit Unions, 2012
22
W E LO O K AT TH I N G S D I F F E R E NTLY
Section 3:
The Supervisor’s perspective
Irish League of Credit Unions, 2012
23
W E LO O K AT TH I N G S D I F F E R E NTLY
Supervisor’s perspective
• Board and management should be aware of risks as
well as rewards
– Doesn’t mean that all risk must be avoided, but that
decisions consider pros as well as cons
• Assessment of risk should be part of the credit
union’s decision-making process
• Board should promote a strong risk management
culture – key issue for Supervisors
Irish League of Credit Unions, 2012
24
W E LO O K AT TH I N G S D I F F E R E NTLY
Supervisor’s perspective
• Supervisors should ask themselves:
– What would I want to know if I was making this decision?
– Does the Chair encourage debate and dissent?
– Are dissident views given fair consideration?
– Does everyone contribute to the debate?
– Are directors asking the right questions?
– Are they really considering both sides of the argument?
• Does the Board encourage a robust assessment of
risk?
Irish League of Credit Unions, 2012
25
W E LO O K AT TH I N G S D I F F E R E NTLY
Section 4:
Risk-based approach to decision
making – some examples
Irish League of Credit Unions, 2012
26
W E LO O K AT TH I N G S D I F F E R E NTLY
Introducing a new service
Positives
• More services for members
• Additional income
• Cross sale opportunities
Negatives
• Compliance requirements
• Conduct risks
• Cost v benefit?
Irish League of Credit Unions, 2012
27
W E LO O K AT TH I N G S D I F F E R E NTLY
Staff Structure
Manager and six tellers
• What if the manager is on leave or gets sick?
• Manager may spend too much time on admin work
• No promotional opportunities for staff
• But – lower cost, quick decisions and communication
Irish League of Credit Unions, 2012
28
W E LO O K AT TH I N G S D I F F E R E NTLY
Proposing a dividend
Surplus is sufficient to pay 4% !
Board keen to propose it, but what are the risks?
• What is the outlook for next few years?
– Should we boost our capital / reserves instead?
• Attractive to savers – but do we need more savings?
– Additional capital requirements
– What about our borrowers (primary source of income)?
• Precedent – members will expect same again
– Reputational Risk if we can’t pay it
Irish League of Credit Unions, 2012
29
W E LO O K AT TH I N G S D I F F E R E NTLY
Loans to new members
• Potential for new borrowers identified in strategic
planning process
• Member survey said that assessment criteria were
too strict and intrusive
• Board is considering relaxing its requirements for
small loans (to attract new borrowers)
• What factors should the Board consider?
• What are the risks that might result a) if the board
proceeds? & b) if the board does not proceed?
Irish League of Credit Unions, 2012
30
W E LO O K AT TH I N G S D I F F E R E NTLY
Benefits of Risk Management
• More robust business decisions
– Clear assessment of pros and cons
– Fewer shocks and unwelcome surprises
• Continuous process improvement
– Should lead to better internal controls
– Should facilitate sharing of best practice
• Risk management culture
– Structured approach to assessing opportunities
– Enhanced member confidence
Irish League of Credit Unions, 2012
31
W E LO O K AT TH I N G S D I F F E R E NTLY
Key points
• Objective is to manage risks, not to eliminate them
– Accept, mitigate, avoid
•
•
•
•
Inherent Risk - identify, analyse, measure, rank
Residual Risk – consider internal controls, rank, plan
Process - identify, assess, manage and monitor risks
Boards should consider risk as part of their decision
making process
• Supervisor’s perspective – risk management culture
should permeate the credit union
Irish League of Credit Unions, 2012
32
W E LO O K AT TH I N G S D I F F E R E NTLY
Thank you for your
attention!
Any questions?
Irish League of Credit Unions, 2012
33
Related documents
Irish League of Credit Unions
Irish League of Credit Unions
Industrial Relations PowerPoint Presentation
Industrial Relations PowerPoint Presentation
Irish Culture - Ms. Dooley
Irish Culture - Ms. Dooley
Stephen Walker - WALKERDesigns
Stephen Walker - WALKERDesigns
Labor Unions and Reform Laws
Labor Unions and Reform Laws
3 Philip Singleton – EI
3 Philip Singleton – EI
HERE - Roc Kickballers
HERE - Roc Kickballers
America`s History Chapter 9
America`s History Chapter 9
Download
advertisement