330 likes | 594 Vues
Risk Management - The Supervisor’s Perspective National Supervisors’ Forum November 2013 David Matthews. Objective. 1. To provide you with an overview of risk management: - Rationale, terminology, risk systems - Two aspects – Risk Management system / process Risk Management culture
E N D
Risk Management - The Supervisor’s Perspective National Supervisors’ Forum November 2013 David Matthews
Objective 1. To provide you with an overview of risk management: - Rationale, terminology, risk systems - Two aspects – • Risk Management system / process • Risk Management culture 2. To explain the Supervisor’s perspective on Risk Management – focus on culture!
Agenda • What is Risk Management • Why is it important? • Definitions & Terms • Risk Management System • Identify, analyse, action plan • System overview • The Supervisor’s perspective • Examples - Risk-Based Approach to Decision Making • Questions & Answers Identify Analyse & Measure Evaluate Internal Controls Residual Risk Action Plan Monitor & manage
Section 1: What is Risk Management?
Definitions Risk Management is a formal process that analyses prevailing risks facing the credit union and identifies appropriate responses for addressing them A risk is anything that could impact negatively on your credit union – transactional or organisational Impacts: Financial Loss, Disruption to Operations, Reputational Damage, Physical Responses: Accept – Mitigate – Transfer – Avoid
Why is it important? Republic of Ireland – now required by legislation • System, process, culture, Risk Officer, risk register • PRISM – focused on risk Northern Ireland – not required by legislation • But, a risk management culture is a key requirement of a well-run business All Board and management decisions and activities should be framed within a risk management culture Lessons from recent years where risk was not considered
Risk Management Terms Risk Management Culture - a credit union’s collective system of values that shape its risk decisions Risk Capacity – how much risk can we afford to take? Determined by how much capital we have Risk Appetite – amount and type of risk that we are prepared to seek, accept or tolerate Zero, Low, Moderate, High Risk Tolerance – the actual level of risk that we will accept
Risk Management Terms Inherent Risk – the risk posed before systems and controls that relate to the risk are considered Residual Risk – the level of risk after considering the effectiveness of systems and controls put in place to manage the risk
Section 2: Risk Management System
Step 1: Identifying Risks • Identify risks (current & future) that could impact upon the credit union • Will be similar (but not identical) for all credit unions • Depends on structures, products, services, delivery channels, etc. • Description of risk should describe impact, event, cause • To enable action to be taken
Step 2: Analysing Risks • Impact & likelihood of occurrence • The impact of each risk is scored, e.g. 1 to 5 • The likelihood of occurrence is scored, e.g. 1 to 4. • Scoring is a subjective exercise • Will vary between credit unions • Scores are multiplied to get the risk ranking score • Low scoring risks are excluded • High scoring risks are taken to next stage for further analysis
Step 3: Determining Residual Risk • This step will determine the threat posed by a risk once internal controls have been considered • A control is any measure deliberately put in place to manage risks • Determine effectiveness of these internal controls • Risk ranking score is multiplied by the controls’ effectiveness scores to determine residual risk
Step 4: Report & Action Plan • Process has identified internal controls that must be improved • Develop risk response plan • Report findings to the Board for approval • Delegate tasks to appropriate officers and set firm deadlines for delivery • Review effectiveness of actions
Section 3: The Supervisor’s perspective
Supervisor’s perspective • Board and management should be aware of risks as well as rewards • Doesn’t mean that all risk must be avoided, but that decisions consider pros as well as cons • Assessment of risk should be part of the credit union’s decision-making process • Board should promote a strong risk management culture – key issue for Supervisors
Supervisor’s perspective • Supervisors should ask themselves: • What would I want to know if I was making this decision? • Does the Chair encourage debate and dissent? • Are dissident views given fair consideration? • Does everyone contribute to the debate? • Are directors asking the right questions? • Are they really considering both sides of the argument? • Does the Board encourage a robust assessment of risk?
Section 4: Risk-based approach to decision making – some examples
Introducing a new service Positives • More services for members • Additional income • Cross sale opportunities Negatives • Compliance requirements • Conduct risks • Cost v benefit?
Staff Structure Manager and six tellers • What if the manager is on leave or gets sick? • Manager may spend too much time on admin work • No promotional opportunities for staff • But – lower cost, quick decisions and communication
Proposing a dividend • Surplus is sufficient to pay 4% ! • Board keen to propose it, but what are the risks? • What is the outlook for next few years? • Should we boost our capital / reserves instead? • Attractive to savers – but do we need more savings? • Additional capital requirements • What about our borrowers (primary source of income)? • Precedent – members will expect same again • Reputational Risk if we can’t pay it
Loans to new members • Potential for new borrowers identified in strategic planning process • Member survey said that assessment criteria were too strict and intrusive • Board is considering relaxing its requirements for small loans (to attract new borrowers) • What factors should the Board consider? • What are the risks that might result a) if the board proceeds? & b) if the board does not proceed?
Benefits of Risk Management • More robust business decisions • Clear assessment of pros and cons • Fewer shocks and unwelcome surprises • Continuous process improvement • Should lead to better internal controls • Should facilitate sharing of best practice • Risk management culture • Structured approach to assessing opportunities • Enhanced member confidence
Key points • Objective is to manage risks, not to eliminate them • Accept, mitigate, avoid • Inherent Risk - identify, analyse, measure, rank • Residual Risk – consider internal controls, rank, plan • Process - identify, assess, manage and monitor risks • Boards should consider risk as part of their decision making process • Supervisor’s perspective – risk management culture should permeate the credit union
Thank you for your attention! Any questions?