ERM

Contents
1. Traditional RM
2. ERM
3. ERM – Aspects
4. Key concepts and learnings
5. Holistic approach
6. Risks
Traditional RM
Traditional RM
 Key objective:
 Maximize risk adjusted return

 Typically applied in a silo approach

 Applied within individual departments or BU
 Each parts of a business work independently

 Problem with the silo approach

 Misses the interactions between risks from different BUs
 Diversification or concentration of risk between different silos
 Risks can fall through the cracks or mismanaged due to the lack of ownership

4
Traditional RM
 Risk management is the process of:
 Identifying the risks faced
 Assessing the likelihood of these risks materializing and their impact
 How to deal with each risk
 Retain ? If so the risk needs to be monitored
 Remove , reduce or transfer the risk

5
ERM
ERM
Lam 2014
 Risk:
 A variable that can cause deviation from an expected outcome

 ERM: A comprehensive and integrated framework for managing key risks in order to:
 Achieve business objectives
 Minimize unexpected earnings volatility
 Maximize firm value

7
ERM
COSO 2004 (Committee of sponsoring organization)
 ERM is a process :
 Effected by an entity’s: Board of directors, Management and Other personnel

 Applied in:
 Strategy setting
 Across the enterprise

 Designed to:
 Identify potential events that may affect the entity
 Manage risk to be within its appetite
 Provide reasonable assurance regarding the achievement of entity objectives

8
ERM
ISO 31000
 International standardization organization

 Risk: Effect of uncertainty on objectives

 Risk management: Coordinated activities to direct and control an organization with regard to risk

9
ERM
CAS ERM Research Committee: Overview of Enterprise Risk Management 2002

 ERM:
 Discipline by which an organization in an industry assesses, controls, exploits, finances, & monitors risks from sources
 To Increase the organization's short- and long-term value to its stakeholders

10
ERM - Aspects
Framework
1. Recognize the context
2. Identify the risks
3. Assess and comparing the risks with risk appetite
4. Deciding on the extent to which risks are managed
5. Taking the appropriate action
6. Reporting on and reviewing the action taken

12
Evolution

13
Implementation
 DO >- Firms need to take a strategic view about how ERM aligns with insurer’s values, culture & approach

 AVOID >- RM frameworks developed in a piecemeal or ad hoc manner is unlikely to garner broad-based
support across the organization and will more likely reinforce a view that ERM is something more akin to a
compliance exercise

 Implementation process
 Enabling environment
 Board’s role
 Key learnings

14
Enabling environment
 Demonstrable executive management support is critical
 Strong and direct linkages must be made between ERM and the company’s business strategy and its day-to-
day operations
 The company must establish clear accountabilities for the various aspects of risk management,
distinguishing between those in line management roles and those in risk management roles

15
Board’s role
 Buy in and support from the Board
 Needs to inform the board about issues they want and need to know

 ERM is one of the few truly enterprise wide business capabilities that both provides an opportunity to change
the way an organization does business
 BUT also can be ‘used’ to drive certain agendas that may not be aligned to the business imperatives, and
stakeholder needs
 The output of ERM may not suit all stakeholders
 Board buy-in with management is critical
 Ensure needs and expectations are met and the ERM investment delivers max return and minimizes any
agency/stakeholder bias
 The Board is well placed to:
 Take a strategic and holistic perspective to ensure long term sustainability of the ERM investment

16
Key learnings and
concepts
Key learnings
 Clear objectives for delivery of expected outcomes
 Assign experience and suitably skilled resources
 Sufficient detailed planning upfront
 Implement rigorous process to:
 Tightly manage scope
 Gated criteria for milestones and cost / benefits
 Appropriate project governance: clear executive level ownership and accountability
 Realism about
 Expected pain through early stages of implementation and support required
 Complexity, cost and time frames
 RM, mitigation and support systems
 Culture of transparent reporting, welcoming of “bad news” and addressing earlier at less cost

18
Key concepts
 Holistic approach
 Upside and downside risk
 Quantifiable risks
 Qualitative risks
 Response to risk

19
Holistic approach
Holistic approach
 Holistic consideration of risk information relating:
1. Past events (e.g. losses)
2. Current performance (e.g. risk indicators)
3. Future outcomes (e.g. the risk profile or risk assessment)

 Considering the risks of the enterprise as a whole (concern with all risk faced by the enterprise)
 Can appreciate the concentration of risk that arise from variety of sources within the enterprise
 Account for diversification across the enterprise

 RM techniques are applied consistently across the whole enterprise (e.g. Common definitions ,
classifications and recording of risk)
 This is necessary for RM to operate effectively
 Ensure all risks are covered consistently in terms of the way they are identified, reported and treated

21
Holistic approach
 Structure
 From top down (lead by the board )
 Coordinate through risk management function (e.g. IRM) that is lead by a CRO
 Incorporate into the day to day operations of all personnel

 Ensures
 All risks faced by an enterprise are considered
 Taken into account links between risks from different parts of the business
 Same risk appetite for the whole enterprise

22
Risks
Upside and downside risk
 Risk: Uncertainty and volatility
 Upside risk: Better than expected outcome
 Important to consider both upside and downside risk when outcomes is not symmetrical

 ERM and Upside Risk:

 ERM should allow company to exploit upside risks (opportunities)
 Need to thoroughly understand the risks the company faces to determine if there’s capacity to take on more risk
 ERM can create value by seizing suitable opportunities to optimize risk-adjusted return (In addition to minimizing
effect of downside risk)
 Integrate RM and measurement into the business processes and strategic decision making
 Value creation is one of the additional elements of ERM to traditional RM

24
Quantifiable risks
 Measurement of risk (after the risk is identified)
 E.g. ranking , assessment of the absolute levels of risk
 To determine whether the level of risk is acceptable?

 Good risk measurement practices are essential to ERM

 Severity: Financial impact of a risk (e.g. risk of counter-party default, risk of interest rate)
 Frequency: Likelihood of its occurrence over a given time horizon

25
Unquantifiable risks
 Risk that cannot be measured
 E.g. due to unidentifiable loss distribution - difficult to assess nature of the risk
 Often these are operational risks, e.g. terrorist attack on firm HQ

 Important to consider these risks and assess them in a qualitative way

 E.g. consider the likelihood and severity into low, mid, high

 ERM is concerned:
 Behaviors (the risk management “culture”)
 Risk control processes

26
Response to risks
 Doing nothing
 Retain
 Remove
 Reduce
 Transfer

27