1 / 39

Working with your Board to Improve Risk Management and Board Risk Oversight

Working with your Board to Improve Risk Management and Board Risk Oversight. Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University Arya Yarpezeshkan – CRO at the Navigator’s Group Joe Pugh – Sr. Advisor, ERM at AARP. Presenters. • Paul Walker, Ph.D., CPA

wirt
Download Presentation

Working with your Board to Improve Risk Management and Board Risk Oversight

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Working with your Board to Improve Risk Management and Board Risk Oversight Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University Arya Yarpezeshkan – CRO at the Navigator’s Group Joe Pugh – Sr. Advisor, ERM at AARP

  2. Presenters • • Paul Walker, Ph.D., CPA • Schiro/Zurich Chair in ERM, St. John’s University • • Arya Yarpezeshkan • Chief Risk Officer, The Navigator’s Group • • Joe Pugh • Senior Advisor, ERM, AARP

  3. Top Issues for Boards • Board top issues: • Risk oversight • Strategic risks • Investors want more information on strategy and risk oversight (what the board is thinking)

  4. SEC 2014 National Exam Priorities • Designed to: • communicate with investors and registrants about areas that the staff perceives to have heightened risk • and to support the Securities and Exchange Commission (“SEC”) mission to protect investors;

  5. SEC 2014 National Exam Priorities • Corporate Governance, Conflicts of Interest, and Enterprise Risk Management. The NEP will continue to meet with senior management and boards of entities registered with the SEC, including their affiliates where appropriate, to discuss how each firm identifies and mitigates conflicts of interest and legal, compliance, financial, and operational risks. This initiative is designed to: (i) evaluate firms’ control environment and “tone at the top,” (ii) understand firms’ approach to conflict and risk management, and (iii) initiate a dialogue on key risks and regulatory requirements.

  6. What to Expect • Strategies for working with your board • Ways to present and report an integrated, transparent view of your organization’s risks • Ideas on improving and benchmarking risk management and board risk oversight

  7. 1. INTERNATIONAL SPECIALTY INSURANCE UNDERWRITER • 2. FOCUSED ON MARINE, ENERGY, SPECIALTY CASUALTY, AND D&O / PROFESSIONAL LIABILITY • 3. ONE OF THE “100 MOST TRUSTWORTHY COMPANIES” BY FORBES.COM

  8. Recommendation: Have a governance framework that is appropriate and effective for your organization Board of Directors – Risk Reporting Group ERM Management Committee Governance & Compliance Risk Sub-Committee UW & Claims Risk Sub-Committee Finance Risk Sub-Committee Operations Risk Sub-Committee

  9. Recommendation: Clarify roles and responsibilities Roles and Responsibilities Oversight Escalation Coordination Ownership Assurance

  10. Recommendation: Provide the Appropriate Information For the Board to Execute its Oversight Duties • Is the board receiving the information it needs to foster effective risk oversight, or is it drowning in data providing little knowledge or insight? • Are we providing the appropriate information for the board to determine if management is effectively managing risk? • Is there sufficient agenda time for discussing the enterprise’s risks?

  11. Recommendation: Know Your Audience • Broad or narrow skill sets? • Big picture or detail oriented? • Unsure of the appropriate level of detail? Then ask them.

  12. Example: Board Risk Reporting Agenda 1. Emerging risks and opportunities 2. Risk tolerances vs. actual 3. Key risks 4. Risk events 5. Appendix

  13. Example: Board Risk Reporting Emerging Risk Summary

  14. Example: Board Risk Reporting Risk Tolerance Summary Sample Risk Tolerances

  15. Example: Board Risk Reporting Capital Adequacy / Key Risks Summary

  16. Example: Board Risk Reporting Key Risk Example: Investment Risk Summary Investment risk increased by xx% as a result of heightened volatility in the Treasury Markets; however, the risk is still within our tolerances. Risk Drivers Changes in the macro-economic environment, etc. Quantification Key Risk Indicators … Action Items …

  17. Example: Board Risk Reporting Key Risk Indicators– Detail in Appendix Investment Key Risk Indicators Volatility of Expected Return by Risk Factor Global Financial Stress Scenarios Volatility at 99% VaR

  18. Example: Board Risk Reporting Emerging Risk – Detail in Appendix Prolonged Power Blackout

  19. Takeaways • Have a governance framework that is appropriate and effective for your organization • Clarify responsibilities • Know your audience • Use the Report Appendix to your advantage • The information presented herein is for informational purposes only and is not intended to be legal, accounting or other professional advice or opinions on specific facts or matters, used for trading or investment purposes or a complete description of certain aspects of the business of Navigators and its operating subsidiaries.

  20. 1. SOCIAL MISSION ORGANIZATION • 2. NON-PROFIT & NON-PARTISAN • 3. FIGHTS FOR PEOPLE 50+ • 4. A TRUSTED SOURCE OF INFORMATION • 5. OFFERS ACCESS TO PROGRAMS, SERVICES & DISCOUNTS • 6. CONNECTS PEOPLE TO VOLUNTEER OPPORTUNITIES

  21. ERM at AARP • Program maturity Modeling the message

  22. Does the full board have primary governance oversight? • Is the full board focused on the top strategic risks? • Is the full board dealing with the details of how management is managing the risks? • Is the board’s role one of “risk” management or “list” management? • Recommendation: Assign ERM to the full board and keep them focused

  23. Recommendation: Include ERM on board self-assessment • “Critical risks facing the organization are proactively identified by management and fully vetted with the board” • “An appropriate process is in place to effectively manage each of the critical risk areas” • “The board holds management accountable for effective ERM stewardship”

  24. Recommendation: Benchmark your program • Board’s like to know how your program stacks up • Is the board comfortable that you have an effective program in place for managing risks? • – If not, share statistics • Are we “right-sizing” the benchmarking data?

  25. Recommendation: Keep risk reporting simple • Does the board have the right information for effective risk oversight? • Content over quantity • Are we providing transparency and insight in our risk reporting?

  26. Agenda • Residual risk heat map • Summary risk profile scorecard • Individual risk mitigation scorecards • Example: Board Risk Reporting

  27. Example: Board Risk Reporting Sample Illustration Only

  28. Example: Board Risk Reporting Sample Illustration Only

  29. Example: Board Risk Reporting Sample Illustration Only

  30. Takeaways • Assign ERM to the full board and keep them focused • Include ERM on board self-assessment • Benchmark your program • Keep risk reporting simple

  31. Board Risk Oversight Improvement • ERM: required and also increases value, lowers earnings volatility, leads to better decisions, improves reputation… • Governance metrics are used by analysts, viewed by the market, bad/good news, impact the ability to attract board members • We have governance metrics and board assessment but not BRO metrics or assessment

  32. Board Risk Oversight Improvement • Benchmark, review, improve ERM and BRO • BRO Methods • BRO assessment and self-assessment • BRO metrics and questions

  33. Board Risk Oversight Improvement • NACD 10 • Deloitte 20/21 • BRO 30 (Walker et al. 2012) • RCC 27 (Walker et al. 2014)

  34. Confidential; not for distribution Board Risk Oversight Tool • In recent work the authors found that the number one tool used by companies to manage risk is not some sophisticated modeling tool or even a risk assessment exercise. Instead, the number one tool preferred by many companies is to have a conversation about risks with management, and with and among the board. The tool presented here is not meant to replace that conversation, but should be used to ignite that conversation. • For each question for which the board believes there is a lack of consensus, the board should have a discussion about why they are not following this practice. In some cases, the questions are rooted in mandated regulations. In other cases, they are considered a best practice by many companies and by the research team.

  35. Confidential; not for distribution Tool • The board and the organization have a rigorous strategic plan which incorporates all major and emerging risks. • The board is comfortable that management has identified all enterprise level risks. • The board has a clearly defined risk oversight process and has clearly established risk responsibility. • The organization has a CRO or ERM leader with direct line reporting to the board or a respective board committee. • The board quarterly reviews risk maps, risk dashboards, or related risk reporting. • The board and organization go beyond risk maps and generate risk action plans as well as related risk metrics. • Corporate decision making includes a discussion of the potential risks embedded in those decisions. • The organization is prepared for a S&P or Moody’s assessment of their ERM process. • The board is informed of emerging risks on a timely basis. • The board has received ERM training.

  36. Confidential; not for distribution Tool • Executives openly share all risk information with board committees. • The organization has had no major risk debacles in the past fiscal period. • Executives and management level risk committees have adequate resources and training to identify and manage risks. • Important risk information is streamlined and reported to the appropriate executives and board level committees promptly. • ERM is viewed as a critical way to create value and grow the organization, while taking the appropriate risks. • The organization identifies the risks related to compensation plans. • Performance is evaluated in relation to the risks taken in achieving that performance. • The organization views and assesses risk by business unit.

  37. Confidential; not for distribution Tool • The board is engaged in the discussion of strategy and the related risks. • The board includes some members who are experts in the organization’s relevant risks or risk oversight. • The board feels confident in the risk oversight process. • The board examines its own talent for diversity of views and for the ability to oversee risk. • The board examines risks that management missed to determine if the risk was not identified or if it was not assessed properly. The feedback is used to manage future risks better. • The board has good communication with the CEO on the risks facing the enterprise (both current and emerging). • The board and management regularly assess their ERM process.

  38. St John’s Univ/Tobin College of Business • MS Risk • MS Enterprise Risk Management • MBA/MS Acct with a conc. in Risk and ERM • Center for Excellence in ERM • Executive Education – Certificate in ERM • Booth _____

  39. Questions, Final Comments and Contact Information Paul Walker Schiro/Zurich Chair of ERM, St. John’s University walkerp@stjohns.edu (212) 284-7011 Arya Yarpezeshkan Chief Risk Officer, The Navigator’s Group AYarpezeshkan@navg.com (203) 905-6372 Joe PughSenior Advisor, ERM, AARP jpugh@aarp.org (202) 434-3647

More Related