Handout 1
advertisement
ERM 57 Review Mike Elliott, CPCU, AIAF, MBA Rich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe, MBA RIMS – April 2014 Recording of this session via any media type is strictly prohibited. Page 1 Overview • Exam Basics – What to Expect • Test-Taking Tips • Review of Sections Students Find the Most Challenging Recording of this session via any media type is strictly prohibited. Page 2 What to Expect on the Exam • Educational Objectives • Balanced Exam • Pretest Items Recording of this session via any media type is strictly prohibited. Page 3 Test-Taking Tips • • • • • Get the easy ones Don’t get bogged down early Use the “mark for later review” feature Eliminate the obviously wrong answers Use your scratch paper to keep track Recording of this session via any media type is strictly prohibited. Page 4 Assignment 1 Introduction to Enterprise Risk Management Recording of this session via any media type is strictly prohibited. Page 5 ERM Definition RIMS A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. Recording of this session via any media type is strictly prohibited. Page 6 Traditional Risk Management Department Recording of this session via any media type is strictly prohibited. Page 7 ERM Governance Model Recording of this session via any media type is strictly prohibited. Page 8 Classifications of Risk Recording of this session via any media type is strictly prohibited. Page 9 Risk Quadrants Recording of this session via any media type is strictly prohibited. Page 10 Risk quadrants differ from risk classifications. While risk classifications focus on specific characteristics of the risk itself, risk quadrants focus on A: pure and subjective risks. B: subjective and objective risks. C: risk diversification. D: sources of risk. Recording of this session via any media type is strictly prohibited. Page 11 Assignment 2 Enterprise Risk Management in an Organization Recording of this session via any media type is strictly prohibited. Page 12 Purpose and Types of Maturity Models The purpose of a maturity model is to evaluate or improve a business process. Two types of particular interest are: • Capability Maturity Model • RIMS Risk Maturity Model Recording of this session via any media type is strictly prohibited. Page 13 Capability Maturity Model (CMM) and Capability Maturity Model Integration Has five levels: • Ad hoc • Initial • Defined • Managed • Optimizing Recording of this session via any media type is strictly prohibited. Page 14 Based on the Capability Maturity Model (CMM) developed by Carnegie Mellon, an organization that has basic risk management processes with no attempt at enterprise-wide risk management is at which one of the maturity levels? A: Managed B: Initial C: Ad hoc D: Defined Recording of this session via any media type is strictly prohibited. Page 15 RIMS Risk Maturity Model Uses 5 maturity levels based on CMM applied to 7 attributes: • Adoption of ERM-based approach • ERM process management • Risk appetite management • Root cause discipline • Uncovering risks • Performance management • Business resiliency and sustainability Recording of this session via any media type is strictly prohibited. Page 16 A risk maturity model that uses five maturity levels based on the Capability Maturity Model, determining the maturity level for each of seven attributes by evaluating the degree to which key drivers are present, is known as the A: Capability Maturity Model B: Standard and Poor’s (S&P) Risk Maturity Model C: RIMS Risk Maturity Model D: Aon Risk Maturity Index Recording of this session via any media type is strictly prohibited. Page 17 Organizational Functions Related to ERM Recording of this session via any media type is strictly prohibited. Page 18 Assignment 3 Enterprise Risk Management Framework and Process Recording of this session via any media type is strictly prohibited. Page 19 Framework and Process Recording of this session via any media type is strictly prohibited. Page 20 ISO 31000 Framework and Process Source: ISO 31000:2009 Recording of this session via any media type is strictly prohibited. Page 21 COSO ERM Source: COSO – Enterprise Risk Management – Integrated Framework Recording of this session via any media type is strictly prohibited. Page 22 Applying Risk Management Framework The main purpose of the framework is to integrate risk management throughout the organization. The framework has 4 components 1. Lead and establish creditability 2. Align and integrate 3. Allocate resources 4. Communicate and report Recording of this session via any media type is strictly prohibited. Page 23 Assignment 4 Risk Oversight Recording of this session via any media type is strictly prohibited. Page 24 Recording of this session via any media type is strictly prohibited. Page 25 The European Corporate Law Directive on Auditing has produced a recommended framework that defines the corporate governance roles. Under this framework, which one of the following is responsible for converting strategy into operational objectives? A: Board of directors B: Chief executive officer C: Operational management D: Senior management Recording of this session via any media type is strictly prohibited. Page 26 Recording of this session via any media type is strictly prohibited. Page 27 Which statement describes one of the responsibilities of an executive-level risk committee? A: Assist the board in establishing risk appetite and risk tolerance levels B: Monitor the organization’s compliance with established risk limits C: Approve the organization’s risk management strategies, including their design and implementation D: Oversee exposures of the organization’s critical risks and advise the board on risk strategy Recording of this session via any media type is strictly prohibited. Page 28 Assignment 5 Strategic Planning and Enterprise Risk Management Recording of this session via any media type is strictly prohibited. Page 29 Strategy Implementation Some organizations apply a balanced scorecard approach to implement strategy and to provide a foundation for strategy evaluation. The balanced scorecard approach translates an organization’s strategy into specific goals and actions assigned to each department within the organization. Recording of this session via any media type is strictly prohibited. Page 30 SWOT Analysis Table Recording of this session via any media type is strictly prohibited. Page 31 Organizational Levels Recording of this session via any media type is strictly prohibited. Page 32 Which one of the following types of strategy determines how individual departments within an organization direct their activities? A: Functional strategy B: Business strategy C: Corporate strategy D: Operational strategy Recording of this session via any media type is strictly prohibited. Page 33 Assignment 6 Risk-Based Performance and Process Management Recording of this session via any media type is strictly prohibited. Page 34 Key Performance Indicators A key performance indicator (KPI) measures progress toward an organization’s goals, provides an attainable standard for a specific activity, and gives the focus or direction the activity is to take. Recording of this session via any media type is strictly prohibited. Page 35 Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to as A: an operating standard (OS). B: a critical success factor (CSF). C: a key performance indicator (KPI). D: an objective gauge (OG). Recording of this session via any media type is strictly prohibited. Page 36 Purpose of Key Risk Indicators (KRIs) Effective KRIs provide objective, quantifiable information about emerging risks and trends in existing risks that can affect an organization’s success. A KRI can reveal an upward trend in the level of a risk that, if it continues, will exceed the designated risk threshold for that risk. Recording of this session via any media type is strictly prohibited. Page 37 Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor? A: Number of employee injuries B: Age of accounts payable C: Amount of budget variances D: Cost of raw materials Recording of this session via any media type is strictly prohibited. Page 38 Assignment 7 Internal Audit and Control Recording of this session via any media type is strictly prohibited. Page 39 Internal Control and Risk Management Internal control – a system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals. Recording of this session via any media type is strictly prohibited. Page 40 COSO Internal Control Framework Source: COSO Internal Control – Integrated Framework Recording of this session via any media type is strictly prohibited. Page 41 Three Lines of Defense Model Source: FERMA/ECIIA Recording of this session via any media type is strictly prohibited. Page 42 According to the Three Lines of Defense Model, internal audit’s role in risk assessment techniques is to A: design them. B: implement them. C: provide assurance on their effectiveness. D: perform a control risk self-assessment (CRSA). Recording of this session via any media type is strictly prohibited. Page 43 Evolution of Internal Audit Transaction Approvals Assurance of Internal Controls Risk-based Approach Recording of this session via any media type is strictly prohibited. Page 44 Risk-Based Auditing Aligns audit resources with the areas that pose the greatest organizational risk. Recording of this session via any media type is strictly prohibited. Page 45 The modern approach to internal auditing differs from the traditional approach by focusing on A: the effectiveness of internal controls. B: the relative riskiness of various activities. C: transaction approvals. D: systems-based compliance. Recording of this session via any media type is strictly prohibited. Page 46 Assignment 8 Regulation and Compliance Recording of this session via any media type is strictly prohibited. Page 47 Regulation Rules-Based • More certainty and predictability • Less responsive to change • Inflexible • Often circumvented Principles-Based • More flexible and focuses on outcomes • Responds more quickly in a changing environment • Requires more communication between the regulator and the regulated Recording of this session via any media type is strictly prohibited. Page 48 NAIC ORSA Risk Management Framework Assessment of Risk Exposure Prospective Solvency Assessment • Principles-based (guidelines) • Applies ERM to insurance companies Recording of this session via any media type is strictly prohibited. Page 49 The NAIC Own Risk and Solvency Assessment (ORSA) model law represents a change from past NAIC directives because it is A: specific in terms of reporting. B: retrospective. C: voluntary. D: principles-based. Recording of this session via any media type is strictly prohibited. Page 50 Assignment 9 Risk Assessment and Treatment Recording of this session via any media type is strictly prohibited. Page 51 Risk Identification Tools • • • • • Facilitated workshops Delphi technique Scenario analysis HAZOP SWOT Recording of this session via any media type is strictly prohibited. Page 52 Which one of the following team approaches to risk identification involves a select group of experts in question-and-response cycles until a consensus is achieved? A: HAZOP B: Scenario analysis C: Delphi technique D: SWOT Recording of this session via any media type is strictly prohibited. Page 53 Risk Treatment Techniques Recording of this session via any media type is strictly prohibited. Page 54 Assignment 10 Risk Modeling Recording of this session via any media type is strictly prohibited. Page 55 Influence Diagrams and Probabilities GEV Industries hires inexperienced and experienced workers to operate simple and complex machines. Accident rates vary by worker experience and complexity of machine. GEV would like to estimate accident rates if it (a) assigns workers randomly to machines or (b) assigns workers to machines based on experience. Recording of this session via any media type is strictly prohibited. Page 56 Influence Diagram Worker assignment to machines Worker Experience ? Machine Complexity Accident Rate Cost of Risk Recording of this session via any media type is strictly prohibited. Page 57 Machine and Worker Data Simple machines Complex machines Inexperienced workers Experienced workers 40 160 60 140 Random Worker Assignments Probabilities Inexp. worker (30%) Exp. Worker (70%) Simple machine (20%) 6% 14% Complex machine (80%) 24% 56% Accident Conditional Probability Inexperienced Experienced Simple Machine 5% 0% Complex Machine 40% 10% Recording of this session via any media type is strictly prohibited. Page 58 Random Worker Assignments Probabilities Inexp. worker (30%) Exp. Worker (70%) Simple machine (20%) 6% 14% Complex machine (80%) 24% 56% Accident Conditional Probability Inexperienced Experienced Simple Machine 5% 0% Complex Machine 40% 10% Accident Probability Inexp. worker Exp. worker Simple machine .3% 0.0% Complex machine 9.6% 5.6% Total accident probability = 15.5% Recording of this session via any media type is strictly prohibited. Page 59 Worker Assignments by Experience Inexp. worker (30%) Exp. Worker (70%) Simple machine (20%) 20% 0% Complex machine (80%) 10% 70% Accident Conditional Probability Inexperienced Experienced Simple Machine 5% 0% Complex Machine 40% 10% Accident Probability Inexp. worker Exp. worker Simple machine 1% 0% Complex machine 4% 7% Total accident probability = 12% Recording of this session via any media type is strictly prohibited. Page 60 Twenty percent of PDQ Transport’s trucks have advanced safety equipment and 80% do not. Thirty of PDQ’s drivers are inexperienced and 90 are experienced. Assuming drivers are assigned randomly to trucks, what is the probability that an inexperienced driver is assigned to a truck without advanced safety equipment? A: 18% B: 20% C: 24% D: 60% Recording of this session via any media type is strictly prohibited. Page 61 Correlation • Relationship between two variables • Number between +1 and -1 • 0 means no correlation Recording of this session via any media type is strictly prohibited. Page 62 Two variables are perfectly positively correlated. If one of the variables increases, the other will A: increase in direct proportion. B: decrease in direct proportion. C: increase at half the rate. D: decrease at half the rate. Recording of this session via any media type is strictly prohibited. Page 63 Value at Risk (VaR) Recording of this session via any media type is strictly prohibited. Page 64 A $500,000, 2 percent VaR means losses are expected to be A: $10,000. B: less than $500,000 2 percent of the time. C: $490,000. D: greater than $500,000 2 percent of the time. Recording of this session via any media type is strictly prohibited. Page 65 Assignment 11 Risk-Based Capital Allocation Recording of this session via any media type is strictly prohibited. Page 66 Cost of Equity KE = rf + ß (rm – rf ) Where: ß = Beta of security rm = Expected return on the market rf = Risk-free rate Recording of this session via any media type is strictly prohibited. Page 67 Cost of Debt Equation Cost of debt KD = (risk free rate of return rf + risk premium) × (1 – tax rate) Recording of this session via any media type is strictly prohibited. Page 68 Polytech Company Tax rate 40% Risk-free rate 4% Current Debt $10 million Polytech credit spread 2.10% Curent Equity $100 million Expected market return 10% Market risk premium 6% Polytech Beta 1.20 Recording of this session via any media type is strictly prohibited. 69 Page 69 Polytech Company • Estimate the cost of debt • Estimate the cost of equity • Optimal capital structure = weighted average of the cost of debt and the cost of equity Recording of this session via any media type is strictly prohibited. 70 Page 70 Polytech Company – Cost of Debt (Risk-free rate of return + credit spread) X (1 – tax rate) (4% + 2.10%) X (1-.40) 3.66% Recording of this session via any media type is strictly prohibited. 71 Page 71 Polytech Company – Cost of Equity Risk-free rate of return + Beta X (Market rate of return – risk-free rate of return) 4% + 1.20 (10% - 4%) 11.20% Recording of this session via any media type is strictly prohibited. 72 Page 72 Polytech Company – Weighted Average Cost of Capital $10 mil. debt divided by $110 mil. (debt + equity) = .091 .091 weight of debt; .909 weight of equity (3.66% X .091) + (11.20% X .909) .333% + 10.181% 10.514% Recording of this session via any media type is strictly prohibited. 73 Page 73 Market Value Surplus (MVS) Recording of this session via any media type is strictly prohibited. Page 74 Economic Capital Recording of this session via any media type is strictly prohibited. Page 75 Market Value Surplus Example Autumn Assurance Group has assets at fair value of $100 million. The present value of Autumn’s liabilities is $85 million. The market value margin is $5 million. Using probability models, Autumn determines that its VaR is $8 million because it expects to incur an $8 million or greater loss of capital at a .5 percent probability over a one-year period. 1. What is Autumn’s MVS? 2. What is Autumn’s economic capital? 3. Does Autumn have excess capital or a deficiency in capital? Recording of this session via any media type is strictly prohibited. Page 76 Questions? Recording of this session via any media type is strictly prohibited. Page 77 Evolution of Risk Management Insurance Management Risk Management Enterprise Risk Management Recording of this session via any media type is strictly prohibited. Page 78 ERM Value Proposition • • • • • Identify key risks Employ risk-based decision making Improve internal control Improve risk governance Comply with legal and regulatory requirements Recording of this session via any media type is strictly prohibited. Page 79 Solvency I and II (Insurance Cos) Solvency I • Early 1970s • Focused on capital adequacy Solvency II • 3 pillars • 1 – Risk-based capital • 2 – Risk management and governance • 3 – Transparent reporting • Includes an own risk and solvency assessment (ORSA) Recording of this session via any media type is strictly prohibited. Page 80 Basel II and III (Banks) Basel II • Issued in 2004 • Minimum capital requirements using weights for different types of credit risk Basel III • Response to the Great Recession • Operational risk added • Risk management framework • Board of directors role (approve framework, risk appetite, governance) Recording of this session via any media type is strictly prohibited. Page 81 ERM Process Model Recording of this session via any media type is strictly prohibited. Page 82 Risk Identification Tools – Risk Register Public University Event ID Risk Scenario Likelihood Impact Risk Level Risk Treatment (present) Proposed improvement action Next Review Date 1 Loss of personal computer 3 1 None None Remove from list 2 Damage to reputation 2 4 Review policy Implement … 2 months Loss of state funding 3 5 None 3 •Increase lobbying •Step up giving campaign 1 month …. Recording of this session via any media type is strictly prohibited. Page 83 Risk IdenficationTools - Risk Map Public University 3 2 1 Loss of a personal computer 2 Damage to reputation 3 Loss of state funding 1 Recording of this session via any media type is strictly prohibited. Page 84 Inherent and Residual Risk Inherent Treat Residual Treat Optimum Recording of this session via any media type is strictly prohibited. Page 85 A risk map showing a large difference between inherent and residual risk indicates that the A: current risk treatment is ineffective. B: risk does not need to be treated. C: current risk treatment is effective. D: risk exceeds the organization’s risk tolerance. Recording of this session via any media type is strictly prohibited. Page 86 Decision Tree Recording of this session via any media type is strictly prohibited. Page 87 X X X Risk Appetite Expected Value of the Return ERM Tools - Modern Portfolio Theory X Risk – standard deviation (variability) Recording of this session via any media type is strictly prohibited. Page 88 The efficient frontier consists of portfolios that A: are riskless. B: provide the average market return. C: provide the highest return at different risk levels. D: return the risk-free rate of return. Recording of this session via any media type is strictly prohibited. Page 89 Earnings at Risk Recording of this session via any media type is strictly prohibited. Page 90 Earnings at risk of $200,000 with 90 percent confidence are projected to be A: $180,000. B: less than $200,000 10 percent of the time. C: $200,000 90 percent of the time. D: greater than $200,000 10 percent of the time. Recording of this session via any media type is strictly prohibited. Page 91 Assignment 12 Risk Management Environment and Culture Recording of this session via any media type is strictly prohibited. Page 92 Risk Centers and Owners Risk center – unit within an organization at which level a risk (or risks) is most effectively managed Risk owner – individual accountable for identification, assessment, treatment, and monitoring of risks in a specific environment Recording of this session via any media type is strictly prohibited. Page 93 Advantages of Risk Centers Reduces the scope of risk analysis Allows for the involvement of operational managers Helps focus on the organization’s strategic goals and operational objectives Ensures that risks are managed at the most appropriate level in the organization Recording of this session via any media type is strictly prohibited. Page 94 Risk Attitude Risk Avoiding Risk Optimizing Risk Seeking Recording of this session via any media type is strictly prohibited. Page 95
