Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

- Public Risk Management Association

advertisement 
Enterprise Risk Management
ASSE Using Risk Principles
March 24th, 2005
James Lam
President
phone: 781.772.1961
Email: jameslam@comcast.net
Website: www.jameslam.com
Our president, James Lam, has spent
20 years in risk management
Professional
Industry Activities
 President, James Lam &
Associates
 Founder and President, ERisk
 Partner, Oliver, Wyman & Company
 CRO, Fidelity Investments
 CRO, Capital Markets Services
Inc., a GE Capital company
 PRMIA Blue Ribbon Panel Member
 GARP Inaugural Financial Risk
Manager of the Year (1997)
 Published over 50 articles and
book chapters
 Quoted in Wall Street Journal,
Financial Times, Risk Magazine,
and CFO Magazine
Academic
Client Solutions
 Senior Research Fellow, Beijing
University
 Adjunct Professor, Babson College
 Lectured at Harvard Business
School as the subject of a HBS case
study
 MBA, UCLA School of Business
 BBA, Baruch College
 Consulting – ERM, strategic risk,
financial risk, and operational risk
 Software – Operational risk (with
OpenPages) and ERM Dashboard
(CXO Systems)
 Training – board and management
workshops
1
We are singularly focused on risk
management
Client Solutions
 Consulting services
 Software products
• CXO Systems
• OpenPages
 Training programs
Areas of Expertise





Enterprise risk management
Market risk management
Credit risk management
Operational risk management
KRIs and risk reporting
2
As discussed in James’ recent book, we
define ERM as a value added function
Definition of ERM:
“An integrated framework
for managing credit risk,
market risk, operational
risk, economic capital,
and risk transfer in order
to maximize firm value.”
3
Discussion outline
 Key trends and requirements
 Best practices and practical applications
 ERM in the future
4
ERM is useful because the risks faced
by companies are highly interdependent
Enterprise-Wide Risks
Financial Risks
FX risk in a new
foreign market
Financial
Risk
Business
Risk
IT and business
process
outsourcing
Operational
Risk
Derivatives
documentation and
counterparty risk
Credit Risk
Associated with
Investments
Market
Risk
Liquidity
Risk
Funding Liquidity
Asset Liquidity
Credit
Risk
Credit Risk
Associated with
Borrowers and
Counterparties
5
Traditionally, risks were managed
within organizational “silos”
Strategic
Risk
Who
How
Business
Risk
Financial
Risk
• Board of
Directors
• Business
Managers
• CEO
• Project
Managers
• Strategic
planning
• Product
plans
• Country and
credit limits
• EVA
• Business
reviews
• Trading and
ALM Limits
• Project
management
• Financial
derivatives
• Balanced
scorecard
Operational
Risk
• CFO
• Internal Audit
• Treasurer
• Compliance
• IT
• Controls
• Audits
• Contingency
planning
• Insurance
6
ERM provides an integrated value-added
approach
Enterprise Risk Management
Chief Executive Officer/Chief Fisk Officer
Strategic
Risk
Business
Risk
Financial
Risk
Operational
Risk
Board
Line
managers
CFO
Internal Audit
Treasurer
Compliance
CEO
Project
Managers
IT
Financial Institutions
Barclays
GE Capital
JP Morgan Chase
Fidelity Investments
Non-Financial Corporations
Microsoft
Boeing
Duke Energy
Ford
Benefits
Broadens
risk
awareness
Aligns risk
profile and
strategy
Minimizes
surprises
and losses
Rationalizes
capital
requirements
Assures
regulatory
compliance
Improves
ROE and
shareholder
value
7
Case study: Microsoft’s risk intranet
is central to their ERM program
Background
ERM Program
• American software giant
initiated its ERM program
in 1994
• Initiated ERM with a comprehensive
inventory of risks
• Mike Brown, CFO: “The
web is an incredible
opportunity to take costs
out of your model, to
provide higher quality
services and to be much
more informed about
company issues.”
• Recognized that its insurance
strategies only covered 30% of risks
• Applied advanced technologies to
support risk analysis and
communication
• Incorporated into product pricing of
the expected litigation costs of
“repetitive stress injuries” associated
with a new keyboard
8
The growing acceptance of ERM is
driven by four key forces
• Banks
• Asset Managers
• Energy Firms
• Corporations
Best
Practices
Corporate
Disasters
• Enron
• WorldCom
• Adelphia
• Mutual Funds
Enterprise
Risk
Management
Regulatory
Actions
• S.E.C.
• Sarbanes-Oxley
• Basel II
• Treadway Report, US
• Turnbull Report, UK
• Dey Report, Canada
Industry
Initiatives
9
Companies are faced with an influx of
new requirements
Basel II
• New accord consists of three pillars:
– Minimum capital requirements
– Supervisory review
– Public disclosure
• Explicit treatment of operational risk
• More granular analyses of credit risk
• Section 404: Management assessment of internal controls for
financial reporting attestation by auditor
Sarbanes-Oxley
Act of 2002
Other
Requirements
• Section 302: CEO/CFO certification of financial statements
• Establish criminal penalties for executives and independence
requirements of auditors
• SEC/NYSE/NASDAQ corporate governance rules
• State attorney general probes
• Patriot Act; anti-money laundering and bank secrecy act
10
A proactive approach to ERM is driven
by best practices, not regulations
Proactive Approach
Reactive Approach
Current state
CEO
?
?
?
SarbanesOxley
?
?
• Benchmarking
• Gap analysis
• Recommendations
Basel II
Desired state (best
practices or best-in-class
practices)
• Common themes
• Unique standards
Governance
Requirements
New
industry
standards
SarbanesOxley
Basel II
Governance
Requirements
New
industry
standards
11
Early adopters of ERM have reported
significant and tangible benefits
Benefit
Company
Actual Results
Market value improvement
Top money center bank
Outperformed S&P 500
banks by 58%
Early warning of risks
Large investment bank
Global risk limits cut by 1/3
prior to Russian crisis
Loss reduction
Top asset management
company
Loss-to-revenue ratio
declined by 30%
Regulatory capital relief
Large commercial bank
$1 billion regulatory capital
relief
Insurance cost reduction
Large manufacturing
company
20-25% reduction in
insurance premium
12
Annualized total shareholder returns (19982003) for differing degrees of risk model
sophistication and risk tool usage
Source: PA Consulting
Survey of Global Banks
13
Discussion outline
 Key trends and requirements
 Best practices and practical applications
 ERM in the future
14
An ERM framework should encompass
seven key building blocks
1. Corporate Governance
Establish top-down risk management
2. Line Management
Business strategy
alignment
3. Portfolio
Management
Think and act like a
“fund manager”
5. Risk Analytics
Develop advanced
analytical tools
4. Risk Transfer
Transfer out
concentrated or
inefficient risks
6. Data and Technology
Resources
Integrate data and
system capabilities
7. Stakeholders Management
Improve risk transparency for key stakeholders
15
The enterprise risk management
process
ERM
Foundations
• Senior management
and board
participation (“tone
from the top”)
• Governance structure
• Resource allocation
• Culture, principles,
and values
• ERM framework and
policies
• Linkage to strategy,
performance
measurement and
incentives
• Organizational
learning
Risk
Identification and
Assessment
• Top-down assessments
– Barriers to strategic and
financial goals
– Executive team CSAs
 Bottom-up assessments
– Barriers to business,
customer, and product
goals
– Business unit CSAs
– Functional unit CSAs
 Independent assessments
– Internal audit
– External audit
– Regulators
– Customers
– Other stakeholders
Risk
Measurement
and Reporting
Risk Mitigation
and Management
• ERM dashboard
– Earnings volatility
– Key risk metrics
– Policy compliance
– Real-time event
escalation
– Drill-down
capabilities
• Policy enforcement
• Scenario analysis
– Historical
– Managerial
– Simulation-based
• Event and crisis
management
• Value-based growth and
restructuring strategies
• Risk transfer strategies
• Contingency planning
and testing
• Disclosure
– Board reporting
– External reporting
16
An ERM system should address all risk types,
qualitative and quantitative data, and risk
monitoring and management applications
Basic ERM applications:
• Executive reporting
• Key risk indicators
ERM Dashboard
• Loss/incident tracking
• Control self assessments
• Early warning indicators
• Risk mitigation projects tracking
CREDIT
RISK
Data Mining
MARKET
RISK
BUSINESS
RISK
RISK “PILLARS”
OPERATIONAL
RISK
• ERM content management
Advanced ERM applications:
• Risk transfer
• Economic capital
• Scenario analysis
• Shareholder value management
Internal and External Data
17
Characteristics and sources of effective key
risk indicators
1
Reflect objective
measurement
Incorporate risk
drivers:
• Exposure
• Probability
• Severity
• Correlation
2
3
4
5
Track in time
series against
standards or
limits
Balance of leading
and lagging
indicators
6
Tie to objectives, risk owners,
and risk categories
Be useful – support
business decisions
and actions
7
8
Can be benchmarked
internally or
externally
Key Risk Indicators
Be quantifiable –
$, %, #
Strategies/
Objectives
• Business plans
• Management goals
• Performance metrics
Regulations
& Policies
• Legal requirements
• Regulatory standards
• Policy limits
Losses &
Incidents
• Actual losses
• Incidents
• Industry data
10
Timely and
cost
effective
9
Simplify risk
without being
simplistic
Stakeholder
Requirements
• Customers
• Vendors
• Other
18
An ERM dashboard should address five
key questions for senior management
1.
Are any of our strategic,
business, and financial
objectives at risk?
2.
Are we in compliance with
policies, limits, laws, and
regulations?
3.
What risk incidents have been
escalated by our risk functions
and business units?
4.
What key risk indicators and
trends that require immediate
attention?
5.
What are the risk
assessments that we should
review?
19
Example: monthly risk report
Gross Losses
YTD
YTD
OperationalLosses
Losses
Operational
Credit
CreditLosses
Losses
Market
MarketLosses
Losses
Other
OtherLosses
Losses
Sub-Total:
Sub-Total:
Loss/Revenue Ratio:
Loss/Revenue Ratio:
Current
Current
Risk Incidents
Incident
Exposure Response
1.
Management
Assessment
1.____________________
____________________
____________________
_________
2.
2.
3.
4.
3.
Accounting for
actual losses
incurred
Reporting of risk
incidents, exposures,
and near misses
Management
discussion of major
4. risk issues (“what
keeps me up at night”)
Losses
1992 1993 1994
1995 1996 Q1 97
20
Example: monthly risk report (cont’d)
Core Risk Measures
Key Risk Trends
Real Estate Index
Operational Performance
Goal
+
MAP
Region
Period
Credit Counterparty Exposure
Other Trouble Indicators
Notional
Limit
Period
Period
Interest Rate Exposure
Improving Trends
Limit
Period
Period
21
Case study:
Background
• $1 trillion of
assets under
management
3-Year ERM Program
• Organized Global Risk Forum
• Implemented annual Global Risk
Review
• Automated loss accounting
• Private company
• Decentralized
business culture
• Developed ERM framework
• Implemented intranet-based
Global Risk MIS
• Experienced significant reduction
in loss ratio
22
Basic risk management processes
can lead to significant improvements
Education
•
•
•
•
•
New associates
Management
Business/Operational processes
Best practices
Lessons learned
Risk Event Log
Event
Loss
Root
Causes
Controls
Needed
Actual Loss Experience
100%
85% Decline
80%
60%
40%
Risk Metrics
20%
Goal
0%
1995
1996
1997
1998
MAP
23
ERM requires balancing the hard and
soft side of risk management
Hard Side
Soft Side
 Measures and reporting
 Risk awareness
 Risk oversight committees
 People
 Policies & procedures
 Skills
 Risk assessments
 Integrity
 Risk limits
 Incentives
 Audit processes
 Culture & values
 Systems
 Trust & communication
24
An company’s “risk culture” provides
the foundation of its ERM program
 Definitions of “risk culture”
– In a typical risk culture, people will do the right things
when risk policies and controls are in place
– In a good risk culture, people will do the right things even
when risk policies and controls are not in place
– In a bad risk culture, people will not do the right things
regardless of risk policies and controls
25
Case study:
Background
2-Year ERM Program
 New capital
markets business
 Established risk policies and
systems
 Traders hired from
foreign bank
 Instilled risk culture
 Aggressive
business and
growth targets
 Captured 25% market share with
zero policy violations
 Survived “Kidder” disaster
 Recognized as best practice
26
Hallmarks of success in ERM
 Engaged senior management and board of directors
 Established policies, systems, and processes, supported
by a strong risk culture
 Clearly defined risk appetite with respect to risk limits and
business boundaries
 Robust risk analytics for intra- and inter-risk measurement,
summarized in an “ERM dashboard”
 Risk-return management via integration of ERM into
strategic planning, business processes, performance
measurement, and incentive compensation
27
Discussion outline
 Key trends and requirements
 Best practices and practical applications
 ERM in the future
28
Ten predictions on the future of
enterprise risk management
1. ERM will become the industry standard
2. CROs prevalent in risk-intensive companies
3. Audit committees will evolve into risk committees
4. Economic capital in; VaR out
5. Risk transfer executed at enterprise level
6. Advanced technologies key to advancement
7. A measurement standard will emerge for operational risk
8. Risk-based or economic reporting becomes standard
9. Risk becomes part of corporate and college programs
10. Salary gap among risk professionals continues to widen
29
The role of a Chief Risk Officer
 Evangelist

Motivate
 Leader

Change
 Steward

Control
 Consultant

Help
 Technician

Teach
Must have!
Nice to have
30
What makes a good CRO?
 Organizational and leadership skills to effect change
 Communication skills – “to simplify without being simplistic”
 Technical skills in credit, market, and operational risk
 Judgment to balance business and risk requirements
 Courage to push back and “say no”
 High EQ (emotional quotient) in addition to high IQ
 Ultimate CRO test: ability to integrate risk management into
strategic planning and day-to-day business processes
31
ASSE defined functions for safety
professionals
 Anticipate, identify and evaluate hazardous conditions
and practices
 Develop hazard control methods, procedures and
programs
 Implement, administer and advise others on hazard
controls and hazard control programs
 Measure, audit and evaluate the effectiveness of
hazard controls and hazard control programs
32
Role for safety professionals in
enterprise risk management
 Promote awareness of hazard risks, as well as the
interdependencies with other key risks
 Integrate hazard risks into control self assessments
and audit findings
 Develop key risk indicators and management
dashboards for hazard risk
 Participate in ERM initiatives to mitigate and manage
enterprise-wide risks
33
Related documents
Comcover Fact Sheet - Department of Finance
Comcover Fact Sheet - Department of Finance
WCMSRiskManagement
WCMSRiskManagement
Risk
Risk
ENTERPRISE RISK MANAGEMENT, Implementation challenges
ENTERPRISE RISK MANAGEMENT, Implementation challenges
What is Enterprise Risk Management?
What is Enterprise Risk Management?
Presentation PPT
Presentation PPT
Managing Risk for Opportunity
Managing Risk for Opportunity
Enterprise Risk Council
Enterprise Risk Council
concept note on change management and risk management
concept note on change management and risk management
Download
advertisement