1 / 16

Integration of ERM into S&P's Credit Rating Process for Non-Financial Companies

This article discusses the integration of enterprise risk management (ERM) into Standard & Poor's credit rating process for non-financial companies. It highlights the reasons for adding ERM to credit ratings, the application of ERM to ratings, and the bridging of ERM and credit ratings. The article also explores how ERM can positively affect key risk areas and provides insights into what corporate Canada is doing in terms of risk management.

riosj
Download Presentation

Integration of ERM into S&P's Credit Rating Process for Non-Financial Companies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integration of ERM into S&P’s Credit Rating Process for Non-Financial Companies 2009 Canadian Institute of Actuaries Annual Meeting June 26, 2009 Halifax, Nova Scotia

  2. Why Are We Adding ERM to Credit Ratings? • Enhance Analytical Process and Focus • Create More Forward-Looking Ratings • Better Insights and Communication on Management • Differentiate Better

  3. ERM – What We Are Looking For… Having an approach to attend to key risks Making conscious decisions about which risks to take Understanding risk tolerances Knowing what can go wrong andhaving a Plan B Avoiding outsized risks Being resilient There are many different ways to demonstrate this

  4. ERM – What We Are Not Looking For… Eliminating all risks Cramming together disparate policies Solely compliance/disclosure requirements Replacement for internal controls A shiny new software program Naming a CRO and calling it a day These mindsets can actually hinder effectiveness

  5. How Will S&P Apply ERM to Ratings? “The reviews will focus predominantly on risk-management culture and strategic risk management, two universally applicable aspects ofERM.” – Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings, May 7, 2008 Culture = Communications, Frameworks, Roles, Policies, Metrics, Influence Strategic = Identification and Updating Process, Impact on Key Decisions

  6. How We See ERM • An approach to assure the firm is attending to all risks • A set of expectations about which risks are taken…or not • Methods for avoiding losses that exceed tolerances • Systems for trimming excess risks • Tools to help fulfill board and senior management duties • A language for communicating the firm's risk profile Enterprise risk can be a key driver of credit risk

  7. Bridging ERM and Credit Ratings • Credit ratings start with the assessment of the business and competitive profile • Country risk, industry risk, competitive position, profitability/peer group comparisons • Business risk helps define financial risk for a given rating • Accounting, financial governance and policies/risk tolerance, cash flow adequacy, capital structure/asset protection, liquidity • Companies with identical financial measures can be rated very differently ERM can positively affect these key risk areas…or not

  8. Applying ERM to Credit Ratings • Ratings take into account sector-specific risk management • Risk practices are weighed more heavily for riskier companies • Automakers and suppliers are exposed to intense global competition, volatile production costs, and constantly evolving customer preferences and regulatory mandates • Transmission and distribution utilities enjoy supportive regulation, have monopoly service territories, serve stable markets, and have predictable capital spending and financing needs • Faulty risk management for a lower risk company could affect returns, but is less likely to significantly weaken its ability to repay debt Ultimately, we are looking for evidence of effectiveness

  9. Applying ERM to Credit Ratings • Policies, Infrastructure, and Methodology (PIM) for electric power marketers and agribusinesses with large trading operations • Extend use of the PIM approach to oil and gas issuers with large trading operations • These are exceptions, because trading risks can be measured, modeled, and hedged • Operational risks in the corporate sector are usually difficult to quantify What if it can’t be modeled?

  10. What Is Corporate Canada Doing? • Early assessment of Canada’s leading corporates and utilities • How are key risks identified, updated, and dealt with? • How is risk tolerance defined and communicated? • Who “owns” risk in the organization and how is success measured? • What is the board’s involvement in risk management? • How did your company respond to _______________ ? Some interesting findings…

  11. Key Enterprise Risks • Most ERM programs outline numerous quantifiable risks: • Tolerance and effects of changes in key inputs/outputs, operational disruptions, credit or financial derivative risks • Strong programs in place to model outcomes for frequency and severity • Regulatory risks are less quantifiable • Provide a roadmap to early assessment, mitigation, and ultimately avoidance of adverse outcomes • Reputation is the most often cited ‘unknowable’ risk • Can be the most severe, most difficult to foresee, and virtually impossible to model Overall riskiness can be inferred from tolerances of individual risks

  12. Risk Ownership and Control • Key executive sponsorship (CEO, CFO, CRO) is critical for success • Ownership is being pushed down to the operational level, with divisional units reporting to executive and board committees • Links between risk assessment and compensation are primarily aimed at key risk executives • Subjective criteria for success are the largest component of any changes to planning and compensation • All surveyed emphasize the importance of organization-wide learning about key risks…and learning from risk events ERM should be iterative and educational

  13. Risk Tolerance • What size loss has management and the board agreed is tolerable? • Probability and loss tolerance are the key inputs in risk grading • VaR measures are used to quantify specific dollar losses, typically focusing on operational losses: • Physical losses are quantified and insured (property and business interruption insurance, hedging programs) • Less quantifiable risks must still be managed • Regulatory actions, protracted negative media attention, and loss of community support can be as catastrophic as any impaired asset Overall riskiness can be inferred from individual risk tolerances

  14. ERM and Credit Ratings • ERM is a tool for management to assess risk—and a tool for stakeholders to assess management • Risks will often be unknowable and unmeasurable: ‘How yellow is yellow?’ • Will management respond as prescribed in risk plans? Should they? • Preparation of a solid ERM program is important • But our assessment will hinge most on management’s ability to plan for, manage, and learn from risk Building a risk management culture

  15. Rollout for ERM in Non-Financial Corporate Ratings JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC Discuss at Management Meetings, Collect Information Benchmarking Comparative Text Criteria Opinions

  16. www.erm.standardandpoors.com Analytic services and products provided by Standard & Poor’s are the result of separate activities designed to preserve the independence and objectivity of each analytic process. Standard & Poor’s has established policies and procedures to maintain the confidentiality of non-public information received during each analytic process.

More Related