1 / 38

PricewaterhouseCoopers LLP

World Bank Risk Management Seminar Corporate Governance and ERM: A Framework for Integrating Risk and Performance Management May 21, 2004 Presented by: Richard C. Reynolds, PwC Partner. PricewaterhouseCoopers LLP. Agenda. Overview of Enterprise-wide Risk Management

elina
Télécharger la présentation

PricewaterhouseCoopers LLP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. World Bank Risk Management SeminarCorporate Governance and ERM:A Framework for Integrating Risk and Performance ManagementMay 21, 2004Presented by: Richard C. Reynolds, PwC Partner PricewaterhouseCoopers LLP

  2. Agenda • Overview of Enterprise-wide Risk Management • Designing and Implementing an ERM Framework and Organization Structure • Impact of International Financial Reporting Standards on ERM

  3. Overview of COSO ERM Framework Framework Application Guidance • COSO ERM project launched in 2001 (PwC Authored) • Builds on COSO Internal Control Framework (PwC Authored) • Consists of conceptual framework and application guidance

  4. Why ERM is Important • Underlying principles: • Every entity, whether for-profit or not, exists to realize value for its stakeholders. • Value is created, preserved, or eroded by management decisions in all activities, from strategy setting to operating the enterprise day-to-day. • ERM supports value creation by enabling management to: • Deal effectively with potential future events that create uncertainty. • Respond in a manner that reduces the likelihood of downside outcomes and increases the upside.

  5. Enhancing Management Capabilities • Enterprise risk management provides enhanced capabilities to: • Align risk appetite and strategy • Link growth, risk and return • Enhance risk response decisions • Minimize operational surprises and losses • Identify and manage cross-enterprise risks • Provide integrated responses to multiple risks • Seize Opportunities • Rationalize capital

  6. Framework Components The Framework Has Eight Interrelated Components

  7. Improving shareholder value Improving/maintaining credit rating Economic capital savings Improved risk management strategy Closer working relationship between Finance & Risk functions Alignment of individual’s compensation to risk-sensitive behaviour Improved MI in other related areas Cost reduction through organisational realignment and/or process improvement The COSO ERM Framework lays the foundation for organizations to advance ERM. Opportunities Ensure market understands risk adjusted performance Set value targets to satisfy investor and analyst expectations in line with well articulated risk appetite Strategyselection Investor andcredit rating agency communication Capitalallocation Value and risk managementprinciples RewardSchemes Performancereporting Set performance measures to drive creation Link executive remuneration to value creation to align management and shareholder interests

  8. Leading organizations have many building blocks in place. The challenge is in creating seamless connectivity top to bottom. SVA / Risk Adjusted Performance Measurement • Link risk adjusted performance measurement to shareholder value and planning processes • Align performance measures with desired behavior • Rebalance, hedge the portfolio (capital optimization) • Correlation, VaR, marginal contribution Active PM • Manage concentrations through limits • Establish allowances (capital preservation) Portfolio Risk Traditional PM • Portfolio reporting and analysis • Aggregation of exposure (notional & risk adjusted) • Analysis of Loss & default experience • Data management / MIS Portfolio Risk Identification Linking the Building Blocks • Relationship profitability analysis • Risk adjusted pricing (value creation - MTM / RAROC) • Structuring individual transactions • Allocation of limits to clients / products Transactional risk management Transaction Risk • Risk Assessment • Risk Modeling • Pricing Analysis • Client, Industry and Market information Transactional risk identification Data Management • Data acquisition, maintenance and distribution

  9. However, beyond financial risks, executives have a much different view as to what are the most significant risks. Non-Financial Risks Financial Risks Reputational Risk 53% Regulatory Risk 28% Operational Risk 24% Political/external risk 11% Credit Risk 34% Market Risk 23% How important are the following risks to your institution’s financial services business? (percentage of respondents rating each risk as the biggest their organization faces) • Source: Economic Intelligence Unit and PricewaterhouseCoopers survey of 160 senior financial executives

  10. Leading organizations are moving towards an integrated approach to governance, risk and compliance. Governance Determining Objectives and Knowing We Are Executing Appropriately Enterprise Risk Management Identifying Risks That May Affect Our Ability to Achieve Objectives And Determining How to Respond Compliance Executing as Expected To Support Achievement of All Objectives

  11. They are also implementing frameworks that deliver integrated profitability and risk information for decision making… Best Practice Methodologies for Managing business functions Achieving operational excellence Market Op. Cost Credit Revenue Profitability Risk Business Unit Level Customer Level Product Level Legal Entity Level Organizational Level Risk-adjusted Performance Shareholder Value Drivers Enabling consistent business management Integrated Planning Cycle Tactical, operational and strategic decision support Achieving Strategic Excellence Shareholder Value Creation

  12. …and support forward looking analysis for strategic planning. Scenario analysis Earnings Sensitivity Complexity Modeling Market Op. Cost Credit Revenue Profitability Risk Business Unit Level Product Level Customer Level Legal Entity Level Organizational Level Risk-adjusted Performance Shareholder Value Drivers Impact on future earnings and Shareholder Value

  13. Risk measures are aligned with both control objectives and value creation targets to provide management a dynamic view of current financial results and risks to the strategic plan. Types of Measures: Value Metrics– financial and non-financial measures that demonstrate value creation for investment community Value Metrics Focus: Strategy Dashboard Corporate Dashboard – provide management with insight into actions that need to be taken to achieve strategy Key Risk Indicators* Leading/Risk Indicators – identify systemic issues or causal factors related to strategy; and they are tactical and predictive Key Risk Indicators Leading Indicators (Proactive) Escalation Triggers – are reported after a predetermined trigger is tripped, they are designed to facilitate management intervention prior to day-to-day risks manifesting beyond an expected or acceptable tolerance. Escalation Criteria (Reactive) Focus: Steady State Lagging Indicators Lagging Measures– are after the fact Transactions and Data * PwC defines key risk indicators as measures that can be collected atANY time during the period as required by management

  14. Strategic risk management focuses on balancing capital optimization with capital preservation. Transaction Relationship Line of Business Portfolio Enterprise Capital Optimization Analyze Structure Measure Monitor Report Capital Preservation Too often, the pendulum swings; towards lax controls and overly aggressive risk taking in good times, and overly restrictive controls and risk aversion in bad times.

  15. We have utilized the following framework with several leading financial institutions to gain better role clarity, particularly around the integration of strategic, financial and risk management planning. Validate/refine strategy Business Cycle Business Strategy and Planning Business Process and Execution Evaluation • Business mission and strategy • Value proposition and risk appetite • Organization and governance • Business planning and budgeting processes • Capital allocation and balance sheet management • Business and individual performance objectives • Risk policies and procedures • Risk measurement methodologies • Risk-based pricing and customer profitability • Risk aggregation and reporting • Active portfolio and balance sheet management strategies • Value drivers • Internal reporting • Performance measures • External disclosure Procedures Analysis Limits Key Controls Capital Policy Reporting Re-allocate capital/limits Risk Management Systems Infrastructure

  16. ERM is a key enabler of value creation and preservation Value Risk Trust Transparency Performance Reputation Brand Value is created, preserved, or eroded by management decisions, from strategy setting to operating the enterprise day-to-day.

  17. Agenda • Overview of Enterprise-wide Risk Management • Designing and Implementing an ERM Framework and Organization Structure • Impact of International Financial Reporting Standards on ERM

  18. A thorough understanding of your business objectives is critical to designing an infrastructure that meets your specific needs and fits within your culture and environment. Environment Environment Environment Environment Infrastructure Infrastructure Process Process Strategy Strategy Business Missionand Strategy Validation/ Validation/ Reassessment Reassessment Risk Strategy Value Proposition Risk Appetite Risk Risk Risk Risk Value Value Measurement Measurement Assessment Assessment Operations Operations Awareness Awareness Evaluation Evaluation and Control and Control and Action and Action Organization Organization Limits & Limits & Methodologies Methodologies Systems Systems Data Data Policies Policies Reporting Reporting & People & People Controls Controls Communi Communi- - - Performance Performance Culture Culture Training Training Rewards Rewards cations cations Measures Measures Enterprise-wide Risk Management Framework

  19. The starting point is to define a clear mission statement for the Corporate Risk Manager. Key themes in a Mission Statement of the Corporate Risk Manager • Protect the franchise • Avoid surprises, no unexpected losses • Acknowledge the sources of earnings volatility • Facilitate risk taking • Support efficiency of capital usage and performance evaluation processes • Mold the risk culture • Partner with the business • Build a risk management network • Report v. manage • Devolve risk management from the corporate level into the business units

  20. The mission must balance the risk management objectives and the complexity of the risks assumed by the organization. E I D L B C J K F G H A M Your Company???? Risk Management Styles • Strategic: • Assist in molding views of regulators • Frequent global stress testing to analyze potential impacts of market events • Risk Management partners with the business in decision-making • True understanding of positions and risks • Development and analysis of risk-adjusted returns • Control Focused: • Respond to requests by regulators • Quarterly stress testing at the desk or business unit level (to meet regulatory requirements) • Risk Management performs a purely limit monitoring role • Monitoring of positions and risks against limits Strategic Risk Management Style Control Focused Simple Complex Risk Profile

  21. The next step is to define the overall approach for corporate risk management. Below is an illustration of a risk management framework. Risk ControlFramework Limits • The allocation of capital to the business units: • signifies approval of the business plan • serves as an overall limit on risk taking activities • provides a benchmark for required returns Capital • Risk management policies and procedures: • define and set the standards for Client risk taking activities • set parameters for permissible risk taking • clearly define roles, responsibilities and accountabilities Procedures Re-allocate capital/limits Policy • An effective risk and performance reporting framework: • provides timely feedback to evaluate the business strategy • effectively communicates risk, elevates awareness and promotes consistency and transparency • ensures monitoring of policy compliance Analysis Reporting

  22. Integrating risk into the strategic planning and budgeting process is also key. Annual business plans form a contract with shareholders for the management of capital and required returns. Annual Business and Risk Management Planning Process Business Units Formulate • Annual Business Plan • Strategy • Product and service offerings • Capital budget • Forecasted absolute and risk adjusted returns • Key risks and limits • Infrastructure weaknesses and action plans • Other information Shareholders Total Return Financial Control Assist Capital Corporate Risk Management Approve

  23. ERM reports should clearly articulate the nature of the business, including key risks, profitability, the risk-reward relationship and the impact of external events. • RISK REPORTING OBJECTIVES: • Do we acknowledge, understand and articulate our risks clearly, accurately and comprehensively? • Are these risks aligned with our stated risk appetite and strategy? • Are we being adequately compensated for these risks? • Are we overly reliant on any revenue, risk or other concentrations that could adversely impact the quality or sustainability of earnings? • What is the quality and sustainability of our earnings stream? • What is the impact of the current and potential external environment on our business?

  24. An effective ERM reporting framework should address the daily, monthly and quarterly objectives of the target risk management audience. Enterprise-Wide Risk Reporting Framework • Risk Reporting Objectives: • Heighten Awareness and Transparency of ALL Risks • Include Quantitative and Qualitative Information • Promote Shareholder Value Creation Daily Risk Summaries Monthly Risk Packages Quarterly Risk Package • Key Objectives: • Identify risk issues that require immediate attention and potential management action by reviewing: • limit excesses • risk concentrations • P&L changes • market/credit/operational risk events • Target Audience: • Business, Line and Risk Managers • Contents: • Detailed market risk • Selected credit, liquidity, valuation and operational risk metrics and issues • P&L attribution analysis • Scope: • Desk level • Key Objectives: • Reaffirm risk appetite, business propositions and boundaries by assessing: • risk profile • performance • internal and external business environment and risk implications • Target Audience: • Senior Management • Contents: • Summary market risk • Detailed credit, liquidity, valuation and operational risk • Trend analyses • Business and market outlook • Scope: • Business units globally • Key Objectives: • Promote shareholder value creation by evaluating: • capital/resource allocation decisions • earnings reliability and sustainability • short and long term business opportunities and their risks • Target Audience: • Executive Management • Contents: • Summary of all business and customer risks • Risk-adjusted performance measurement • Trend analyses • Business and market outlook • Status of key initiatives • Scope: • Global Markets consolidated

  25. An Illustration…. $MM Economic Capital Marginal Capital Revenue Quality Return on Economic Capital Revenue/Expense 2002 Last 12 m 2002 Last 12 m 2002 Last 12 m 2002 YTD Commercial 90.6 66.0 22.4 25.4 3.0 4.6 263% 459% 2.5 Personal 147.0 156.7 130.5 134.6 1.3 1.3 115% 149% 2.5 Life and Annuities 49.1 46.2 33.7 34.8 4.9 5.1 506% 549% 3.3 Investments 60.8 63.4 35.1 20.6 1.9 1.6 111% 93% 1.7 Banking 63.1 94.5 (20.5) 8.3 0.5 0.9 40% 110% 2.0 Treasury 30.7 17.3 7.7 (0.5) 0.3 0.4 21% 40% 2.0 International 298.4 306.1 249.3 268.8 (0.0) 0.1 0% 24% 2.0 TOTAL 458.3 491.9 458.3 491.9 1.9 1.9 138% 181% 2.0 Economic Capital represents capital needs based on monthly revenue volatility of each business. The higher the volatility of a business’ revenues the higher the economic capital required for the business (annualized monthly revenue volatility x 2.33). Marginal Capital represents the relative contribution of each business to the total capital of the Fixed Income business. It takes into account diversification/correlation effects across businesses (2.33* 12-month Revenue volatility *Correlation). Revenue Quality is the ratio between average monthly revenue and monthly revenue volatility. It provides an assessment of the quality and sustainability of earnings over time. The higher the ratio, the better the quality of earnings. Return on Economic Capital measures risk adjusted profitability across businesses. YTD return on capital represents YTD annualized revenue divided by last 12 months economic capital. Revenue/Expense Ratio measures the degree of operational efficiency. These ratios were estimated based on 1997 financial performance. Commercial

  26. To implement ERM, a clear line between the responsibilities and accountabilities of the corporate risk manager and the business unit risk managers must be drawn. Degree of Decentralization in Risk Management Approach Business Unit Risk Managers Corporate Risk Manager Credit Cards ConsumerLoans Treasury International • Set standards • Policies • Corporate data requirements • Reporting to business managers, senior management and the Board • Risk measurement • Aggregation of common risk factors across business lines • Scenario analysis / Stress testing • Limit Setting • Macro assessments of the risk profile and the drivers of change (Windows on Risk) • Capital allocation methodology, calculations and decisions • Support management of stakeholder relations • Risk identification • Communicate key risk factors • Risk aggregation by risk factor within the business line • Adhere to reporting and other standards • Proactive implementation of appropriate policies and procedures • Support decisions regarding new products, new businesses and new geographies

  27. Some of our clients employ a decentralized approach that includes company-level standards, endorsed by the board, with business-specific delegations and accountabilities. Board of Directors • Provides broad, independent oversight of Company activities • Endorses Company Risk Management Standards and acknowledges aggregate Group risk profile BoD Audit Committee • Reviews unintended exposures/risks that result from control weaknesses, process fails or other shortcomings BoD Risk Management Committee • Reviews risks consciously taken through business decisions and plans • Reviews the overall Company exposure/risk profile, risk appetite, and risk capacity • Reviews Company Risk Management Standards Corporate Risk Management • Establishes Company Risk Management Standards • Approves broad Company risk parameters and limits; allocates risk limits to businesses • Approves business-specific risk management standards and practices and endorses the risk management culture embedded in those standards and practices • Maintains overall accountability and authority for the adequacy and appropriateness of all aspects of the Company risk management process Business Risk Management • Establish business-specific risk management standards, policies and practices for the approval, measurement, reporting, monitoring, limiting and analysis of exposure/risk • Establish business-specific risk limits within allocated capital levels • Board of Directors • Audit Committee • Risk Committee Office of the Chairman Corporate Risk Management InvestmentRisk Underwriting Risk Operat-ionalRisk Asset/ Liability Risk Risk Capital Business Risk Management P&C Life International Treasury

  28. The business units are responsible for establishing a comprehensive risk organization within their businesses that interacts with other risk management and support groups. Corporate Audit To be defined • Market Risk • Credit Risk • Insurance Risk • Operational Risk • Country Risk Business Units Corporate Risk Management Financial Control Other Support Groups Business Operations Global Risk Managers To be defined Operations & Technology Business Unit Risk Managers Legal and Compliance Financial Control Human Resources Risk Architecture Other Support Groups Tax Other

  29. The business units, financial control, corporate risk and audit should have clearly defined, collaborative roles supported by appropriate infrastructure elements. Formulate Formulate Manage Manage Validate Request Request Formulate Formulate Reconcile Review Approve Facilitate Manage Review Request Review Review Review Produce Review Review Facilitate Formulate Analyze Approve Approve Analyze Approve Approve Review Review Test Test Review Review Review Test Test Test Validate/refine strategy Evaluate Set Strategy Budget/ Plan Execute Control Business Cycle Business Units Financial Control Corporate Risk Management Corporate Audit Procedures Analysis Limits Key Controls Capital Policy Reporting Re-allocate capital/limits Risk Management Infrastructure (O&T, HR, Legal, Compliance, Tax, other)

  30. Agenda • Overview of Enterprise-wide Risk Management • Designing and Implementing an ERM Framework and Organization Structure • Impact of International Financial Reporting Standards on ERM

  31. Why talk about IFRS? • Many non-US banks move to IFRS • Similar to US GAAP – often subtle yet important differences • No more avoiding of “difficult” accounting • Interest Method • Hedge Accounting • Impairment • Implementation: new accounting, systems, data requirements

  32. IFRS and Risk Management • Spotlight on transparency – more detailed analysis and disclosures on: • Concentrations of risk • Sensitivity of cash flows to risk scenarios and market variables • Failure to manage earnings and investment risks associated with IFRS could seriously undermine financial stability and credibility • IFRS will have an impact on credit, funding and liquidity risks • IFRS will have extra demands on data capture, modelling and other information systems • Complying with IFRS will be fraught with potentially costly pitfalls • A broader and more integrated approach to risk management could help companies to turn IFRS compliance into shareholder value

  33. IFRS - Key Aspects for Banks Expected IFRS impact – Relevant accounting issues • Financial statement presentation – Flows and disclosures • Fair value of financial instruments • Investment securities – Classification and transfers • Impairment (investments, loans, other assets) • Hedge Accounting • Provisions – Recognition criteria • Income and expense recognition – interest and commissions • Deferred taxes • Other complex issues?

  34. Impact of IAS/IFRS on consolidated financial statements + Financial Instruments (IAS 39/ IAS 32) Investments/ consolidation (IAS 27/28, SIC 12) Provisions (IAS 37) Financial Impact Business Combination (IAS 22) Impairment and intangibles (IAS 38/IAS 36) Commissions (IAS 18) Deferred taxes (IAS 12) Financial statements and cash flow (IAS 1, 30 et 7) Segment Information (IAS 14) Property, plant and equipment (IAS 16) Employee Benefits (IAS 19) - - + Complexity of implementation

  35. Expected IFRS Impact – Business impacts • Overall Business Impacts • Volatility of earnings • Difficulty in forecasting and budgeting • Product profitability/design • Regulatory compliance • Performance measurement and reporting • Tax planning strategies • Debt covenants • Share-based compensation plans • Transparency + Financial Impact - - + Complexity of implementation

  36. Top 15 implementation issues • Shareholder and analyst understanding • Understanding and analysing impact on financial performance • Commitment and involvement at all levels of the organisation • Significant resources required • Underestimation of the amount of work involved • Costly and time consuming to embed into the organisation • Data availability and system requirements • Re-alignment of management information reporting / systems • Co-ordination with regulator reporting requirements

  37. Top 15 implementation issues • Training (“Knowledge transfer”) of management as well as finance functions in all locations • Regulatory environment continues to change • Risk management • Earnings management • IAS continues to evolve • Minimal expertise

  38. This document is protected under the copyright laws of the United States and other countries as an unpublished work. The document contains information that is proprietary and confidential to PricewaterhouseCoopers LLP, which shall not be disclosed outside of the recipient's company or duplicated, used or disclosed, in whole or in part, by the recipient for any purpose other than to review the document. Any other use or disclosure, in whole or in part, of this information without the express written permission of PricewaterhouseCoopers LLP is prohibited. Our people Your worlds

More Related