1 / 41

Troubled Waters

Troubled Waters. Enterprise Risk Management What is ERM and why is it important? Differences between ERM and Risk Management Benefits and Obstacles of implementing an ERM Program ERM Process Overview Sarbanes-Oxley and COSO Financial Aspects of ERM ERM Risk Management

morley
Download Presentation

Troubled Waters

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Troubled Waters

  2. Enterprise Risk Management What is ERM and why is it important? Differences between ERM and Risk Management Benefits and Obstacles of implementing an ERM Program ERM Process Overview Sarbanes-Oxley and COSO Financial Aspects of ERM ERM Risk Management Property Risks-Exposures & Controls Linking Risks and Processes Implementing an ERM Program Risk identification & Mapping Risk response paths Resources and Tools Sample Case Study Questions & Discussion Discussion Outline

  3. What is ERM? “… a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” • Source: COSO Enterprise Risk Management-Integrated Framework. 2004

  4. Enterprise Risk Management • enables management to effectively deal with uncertainty and associated risks and opportunities • creates Stakeholder value through leveraging of risks and opportunities • identifies potential events that may affect an entity • aligns risk appetite and strategy through risk quantification and risk mapping • leverages collaborative “knowledge” to enhance risk response decisions • reduces operational surprises and losses • improves deployment of capital • allows proactively realizing opportunities • supports achievement of key objectives

  5. Why is ERM important? • every entity, whether for profit or not, exists to realize value for its stakeholders • value is created, preserved or eroded by management decisions in all activities, from setting strategy to operating the enterprise day to day. • business risks are increasing • changing regulatory requirements • boards not performing optimally in risk oversight • corporate governance needs to be improved

  6. Comparison of Traditional & Enterprise Risk Management Characteristics

  7. ERM and Risk Management Differences between ERM and RM • RM deals primarily with operational risks • developing risk transfer/financing solutions • funding for losses • mitigating risk • loss control • claims management

  8. ERM and Risk Management ERM deals with broader risks including: • strategic-mergers & acquisitions, business execution, research & development, customers • operational-business interruption, supply chain, fraud, efficiency, safety • human capital-employment practices, turnover, leadership, absence management • legal/regulatory-compliance • technology- intellectual property, information security • financial- foreign exchange, credit • reputation- market share

  9. Charting the Course

  10. Investors Demand increased financial disclosure and regulatory compliance Market/Credit Analysts Require that management strengthen its risk disclosure capabilities Stakeholders Demand that management adequately identify all material risks that impact cash flow, capital and mission Auditors Current protocols require organizations to report risks in a forward-looking context Driving Forces Behind ERM Organization

  11. Obstacle inadequate senior management support inability to show immediate ROI time & resources required cultural incompatibilities inadequate IT systems risk silo thinking Benefit aligns management consensus and buy in provides process to measure business threats & ROI enhances capital allocation process links operations, strategic and financial decision making via portfolio management improves achievement of business objectives ERM Benefits and Obstacles

  12. The COSO Framework ERM as defined in the framework: • Is a process • Is effected by people • Is applied in strategy setting • Is applied across the enterprise • Is designed to identify potential events • Manages risks within risk appetite • Provides “reasonable assurance” • Supports achievement of key objectives Source: COSO Enterprise Risk Management – Integrated Framework, 2004

  13. ERM & Sarbanes-Oxley • Sarbanes-Oxley Section 404 • focuses immediate management attention on financial reporting risk and internal control systems • sets forth an ongoing requirement for annual attestation • financial reporting risks are closely linked to enterprise wide risk monitoring and reporting • COSO Framework • provides a comprehensive framework for addressing risk across the organization • helps to organize project based initiatives surrounding Sarbanes-Oxley towards a process oriented and sustainable approach

  14. Linking Risks & Processes • Reduce Operational Surprises and Losses - Identify • Weather • Terrorism • Skyrocketing Costs • Workers’ Compensation • Health Care • Retirement Funding • Insurance Cycles • Major Transportation System Failures • Economic Downturns • Baby Boomers Retiring • Fuel Prices • Consent Decrees

  15. Top 10 Insured Losses Worldwide,1970-2004 Seven of the ten most expensive disasters is world history occurred in the US: Two were hurricanes in 2004.

  16. Handling Exposures

  17. Financial Aspects • Reduce Operational Surprises and Losses - Finance • Retention • Auto PD, Working layers for GL, EPL, LEL, W/C, Property, Auto Liability • Deductible/SIR • Can you afford your SIR Program? • Stop Loss • Gaps • Multiple Lines Loss • Uninsurable Losses

  18. Financial Aspects • Reduce Operational Surprises and Losses - Finance • Insure – A Financial Transfer • Excess - Auto, GL, EPL, LEL, W/C, PROPERTY • Variable Attachment Points • Aggregate Limits • “Basket Aggregates” • Blanket Property – Single Loss limits • Auto Liability

  19. Financial Aspects • Reduce Operational Surprises and Losses - Controls • Contractual Transfer • Road Construction – “Big Dig” • Prisons • Medical Malpractice • Sub-Contractors • “State Bids”

  20. Risk Management • Reduce Operational Surprises and Losses - Controls • Claim Management • Third Party Administrators • In-House • Guardrail Reimbursement Program • Workers’ Compensation Fraud Units

  21. Risk Management • Reduce Operational Surprises and Losses - Controls • Prevention • Investments • Diversify • Audits - Mandatory Vacations • Safety Programs

  22. Property Exposures- Natural • Seismic • Volcanic eruption • Winter storms / Arctic Freeze • Hurricane / Typhoon/ Windstorm • Floods / Water Damage • Landslide / Subsidence • Wildfire

  23. Bomb threats / Terrorist Attacks Civil disturbance Sabotage Theft Computer crime Unauthorized access Explosion Structural fire Hazardous materials release Transportation accident Utility failure Machinery Breakdown Property Exposures- Man Made

  24. Risk Assessments Management Programs Management of Change Contingency Planning Training / Drills Recovery Planning Media Management Facility Location & Site Features Physical / Construction Features Systems Security Fire Protection Communication Voice Data Property Risk Control

  25. Positive Change

  26. Implementing an ERM Program • Establish a vision and plan with objectives • Develop a supporting business case • Obtain senior level support • Form a cross functional team to lead the process • Communicate activities and progress

  27. Implementing an ERM Program Step 1 • Identify key risks via interviews and surveys • Link key risks to corporate strategic objectives • Benchmark risks • Map risks Step 2 • Quantify identified risks • Assess the entity’s risk appetite and operating environment Step 3 • Identify insurance and non-insurance risk responses Step 4 • Create specific, measurable and time-limited response plans that are acceptable and realistic to control risks • Implement continuous monitoring and improvement processes

  28. ERM Process • Risk • Identification • Risk • Quantification • Risk • Response • Implement • Solutions Step • Seek perspectives of • entity and key • stakeholders • Structured self assessment • Interviews/surveys • Benchmarking • Individual risk categories (strategic, operational, financial, legal/regulatory, technological or human capital) • Risk mapping • Risk analysis/ modeling • Financial impact • Probability • Interdependencies • Actuarial analysis • Risk portfolio modeling • Risk bearing capacity / corporate risk tolerance • Optimize risk financing • DFA models • Alternative Risk finance (captive, finite, etc.) • Pricing models • Risk management solutions / action plans • Develop risk finance marketing strategy and select markets/trading partners • Implement risk mitigation strategies • Implementation of risk financing strategies • Ongoing ERM process and organization • RM Information Systems and monitoring capabilities Activities • Risk inventory • Risk map (qualitative) • Key risks determined • Risk map (quantitative) • Quantitative risk profile • Advice to optimize financial and operational mitigation strategies • Risk finance programs • Risk mitigation programs • Ongoing ERM process Output

  29. Risk Risk Definition Definition Current State Current State Risk Identification: Risk Scorecards Development and execution of succession plans for key employees Ability to recruit and/or retain qualified employees Development and execution of succession plans for key employees Employee Retention Employee Retention High Opportunity For High Opportunity For Improvement Improvement Ability to support growth initiatives Ability to support growth initiatives Creation of work/life balance for key employees Creation of work/life balance for key employees Includes impact of stock option dilution on employee incentive plans Current Metrics Current Metrics Risk Owner(s) Risk Owner(s) Total compensation expense Total compensation expense • • Human Resources Human Resources • • Voluntary and involuntary turnover Voluntary and involuntary turnover • • Business Unit Leaders Business Unit Leaders • • Employee satisfaction survey metrics Employee satisfaction survey metrics • • Action Plans Action Plans Current: Current: Planned: Planned: Recommended Action Plans: Recommended Action Plans: • • Stock option incentive plan Stock option incentive plan • • Improve bench strength at VP level and Improve bench strength at VP level and • • Measure baseline employee commitment Measure baseline employee commitment above through external hiring and increased above through external hiring and increased • • External recruiting initiatives External recruiting initiatives • • Develop total compensation statements Develop total compensation statements training training • • Annual management process to identify Annual management process to identify • • Rollout formal succession planning Rollout formal succession planning • • Conduct exit interviews with all departing Conduct exit interviews with all departing next level of leadership next level of leadership campaign holding key managers campaign holding key managers employees employees accountable for their successors accountable for their successors • • Outsourcing selected functions Outsourcing selected functions • • Institute employee referral bonuses Institute employee referral bonuses • • Cross Cross - - training initiatives training initiatives

  30. Risk Identification-Risk Mapping

  31. Risk Response Strategies Avoid Risk Mitigate Mitigate, then Transfer Transfer Organizational solutions (Enhance management processes to better manage risk) Risk management and mitigation Financing solutions Exit risk area Capital Markets Insurance Hybrid Strategy People Process Systems Risk Response Paths

  32. Case Study XYZ Company • $4 Billion Financial Services & Publishing Company • Wanted an Insurance-related Risk Assessment • Driven by CFO, Treasurer and Risk Manager • Interview Process to Obtain Information • Scope Changed Immediately during Interview with Chairman

  33. Original: “Insurance-related risks to the organization.” Revised: “Any business risk having an impact on the organization exceeding a certain financial threshold.” XYZ Company - Parameters Scope

  34. XYZ Company - Process Team Interview Candidates – 60 Corporate and Divisional Managers Time Horizon Three to Five Years Perspective None / Financial Impact on Organization

  35. Structured Interview Process • Cross Section of Senior Management • Duration 1 to 1.5 Hours • Topics - General, Function, Division, Company • Follow-Up Required

  36. Business Profile XYZ Co Analysis Date Company: Corp Level Business Objectives 09/02/06 Scope: High A 3 2 B 6 1 C Likelihood 4 D E 5 F Low High IV III II I Financial Impact Process Output Financial Threshold: $20MM

  37. XYZ Company - Results • Identified and Quantified Risks; Developed Specific Plans to Mitigate (Above Financial Threshold) • IT and Facility Business Continuation Exposures for Multiple Locations (One Representing >40% Net Income) • Chairman Set Up a Cross Functional Team to Reduce the IT / Facility Exposure • Insurance – Increase Limits for Two Major Coverages

  38. Advancing Along the ERM Continuum Most organizations currently reside here on the continuum Value/Risk Optimization Stakeholder Value Risk Specialization Risk Management Integration Enterprise Risk Awareness RM IS Audit Legal HR Ops. Risk Management Sophistication Indicators • Risk Specialization • Independent risk management activities, including insurance purchasing and S-O 404 compliance • Limited focus on the linkage between enterprise-wide risks and strategies • Enterprise Wide Risk Awareness • Adoption of an ERM framework • Executive ownership of risk management • Communication of strategic risks to the Audit Committee • Routine risk assessments • Risk Management Integration • Fully integrated ERM structure based on an S-O 404/ approach for all types of risk • Enterprise-wide risk monitoring and reporting • Coordinated ERM activities • Value/Risk Optimization • Risk management embedded in strategic decision making process • Identification and monitoring of early warning risk indicators based on key risk indicators • Linkage of risks to shareholder value • Effective use of risk modeling tools

  39. Security Blanket

  40. ERM • Questions and Discussion

More Related