1 / 40

Enterprise Risk Management (ERM)

Enterprise Risk Management (ERM). James Rose and Jennifer Cutsinger 11/8/05. Agenda. Introduction What is ERM? How to be successful implementing ERM. Risk Appetite Origins of ERM Examples Regulatory Requirements for risk management. Resources Conclusion. Introduction.

quasar
Télécharger la présentation

Enterprise Risk Management (ERM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Risk Management (ERM) James Rose and Jennifer Cutsinger 11/8/05

  2. Agenda • Introduction • What is ERM? • How to be successful implementing ERM. • Risk Appetite • Origins of ERM • Examples • Regulatory Requirements for risk management. • Resources • Conclusion

  3. Introduction

  4. Where are you in the ERM process? • Just Getting Started • Still thinking about it, Initial Research • Beginning • Creating a process, seeking approval/buy-in, piloting • Intermediate • Refining/revising, implementing across all departments, common risk language • Advanced • Weaving ERM into the business, tying risk reviews to strategy, demonstrating high value

  5. What is ERM?

  6. What is ERM? • COSO ERM Definition • A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Source: Enterprise Risk Management – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004.

  7. What is ERM? • Conference Board ERM Definition • ERM is a framework, instituted by a firm’s board of directors and management, applied strategically and across the enterprise, designed to identify potential events that may impact the firm, manage risks within defined parameters and provide reasonable assurance regarding the achievement of the firm’s business objectives. Source: The Conference Board. More Companies Using Enterprise Risk Management to Handle Risks, 2005.

  8. What is ERM? • Key components of ERM • A process carried out by all levels of associates. • A process that is applied across the organization. • Applied strategically. • Designed to identify potential events that may impact the entity. • Manage risks to the entity’s risk appetite. • Achievement of the entity’s objectives.

  9. COSO ERM Framework Source: Enterprise Risk Management – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004.

  10. Why do you need to implement ERM? • Most companies do not have a common risk language • Most companies lack a systematic approach to roll up risks • Most companies operate in silos • Regulatory Pressures

  11. Why do you need to implement ERM? • Assess key risks – likelihood and impact Source: The IIA’s 2005 Risk and Control Conference. Enterprise Risk Management in a Changing Environment., 2005

  12. Who is implementing ERM? • ERM is still in the infancy stage. Many companies see it as a need, but are still in the planning stages. • The Conference Board’s ERM Survey shows that over 90% of companies surveyed see the need to implement ERM in their company. Rejected Preparing/ Developing/ Implementing Positively Disposed • Source: The Conference Board.Beyond Compliance: The Future of Risk Management, 2005.

  13. Who is implementing ERM? …and ERM is seen as an increasingly important responsibility Source: The Conference Board. Beyond Compliance: The Future of Risk Management, 2005.

  14. Why are companies implementing ERM? • Primary Drivers of ERM • Corporate governance requirements 66% • Greater understanding of strategic and operating risks 60% • Regulatory pressures 53% • Board requests 51% • Competitive advantage 41% ** Multiple answers allowed in the survey Source: The Conference Board ERM Survey, 2005

  15. Why are companies implementing ERM? • Highest Priority Objective of ERM • Ensure risk issues are considered in decision making 44% • Avoid surprises and predictable failures 40% • Align risk exposures and mitigation programs 24% • Institute more rigorous risk measurement 19% • Integrate ERM into other corporate practices like strategic planning 17% ** Multiple answers allowed in the survey Source: The Conference Board ERM Survey, 2005

  16. How to be successful implementing ERM

  17. How to be successful implementing ERM • Develop a common risk language • Capture complex topics and definitions; i.e. what is risk, impact of risk, likelihood of risk, inherent and residual risk, objectives, controls, etc. • Training for key associates • Creates understanding and alleviates cultural resistance • Incorporate risk management as a core competency within your Human Resources Model • Job Roles • Leverage your performance management system. • Determine at what level this should be incorporated.

  18. How to be successful implementing ERM • Support from a Senior Executive, preferably the CEO. • Establish accountability • Determine risk categories • Determine how you will store and report the information you obtain? • Start small – tackle one business unit at a time. • Develop an assessment process

  19. Other tips for success • Research • Case Studies • Surveys • Industry Publications • Visit companies that have implemented ERM • Attend ERM conferences/network • Determine what will work best for your company – there is no one right way to implement ERM

  20. Risk Appetite

  21. Risk Appetite • What is it? • The amount of risk a company is willing to accept • Tolerance for risk – how much risk can I afford to take without excessively exposing the business to potential financial distress? • Risk/Return trade-off • Who should own the company’s risk appetite? • Board of Directors/CEO • CFO/CRO

  22. Origins of ERM

  23. Origins of ERM • Treasury • Operations • Strategic Planning • Risk Management Departments or Chief Risk Officers • Compliance • Financial Reporting – CFO • Internal Audit

  24. Examples

  25. Examples • MasterCard International – Steps to Implement ERM • Determine primary driver for implementing ERM • Governance • Greater understanding of risk • etc. • Benchmark • Research • Network • etc. Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.

  26. Examples • MasterCard International, continued • Create the ERM process • Develop a plan • Identify top risks • Develop an ERM policy • Establish risk governance • Develop preliminary reporting process Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.

  27. Examples • MasterCard International, continued • Seek Approval • Gain buy-in from: • Executive Management • Board of Directors/Audit Committee • Pilot • Assess risks • Start with one group at a time • Preliminary Reporting • Initial quantification • Employee communications Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.

  28. Examples • MasterCard International, continued • Refine/Revise the process • Solicit feedback • ERM process • Quantification • Reporting • Format • Contents • Process • Incorporate the feedback in your process Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.

  29. Examples • MasterCard International, continued • Implement • Communications • Reporting • Management practices • Integrate ERM into strategic planning Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.

  30. Examples • Bristol-Myers Squibb Company • ERM system in progress since 2003 • Linked at outset to strategy and planning • Initiated with pilot programs • Gradual expansion to businesses and functions • Communication Source: The Conference Board’s 2005 Enterprise Risk Management Conference. ERM Sustainability. Bristol-Myers Squibb Company, 2005.

  31. Examples • Bombardier • Develop an integrated risk management approach • Benchmarking, analyzing similar companies, etc. • Develop a model (6 months) • ERM as a sustainable process, not a project • Ensure simplicity and ease of use and quick results • ERM Pilot • Support of ERM from Executive Management • Solicitation of successes both strategic and operational. Source: The IIA’s 2005 Risk and Control Conference. Enterprise Risk Management at Bombardier., 2005

  32. Regulatory Requirements

  33. Rating Agency/Regulatory Requirements • Standard & Poor’s – “ERM will be one new category of analysis along with the existing categories of Competitive Position, Management and Corporate Strategy, Operating Performance, Capitalization, Liquidity, Investments, and Financial Flexibility. For each company, the importance of each of the rating factors to the overall financial strength of the company is the driver for the weightings among the factors. ERM will not be the sole determining factor, nor is it likely to be completely unimportant for any insurance company.” Source: Standard & Poor’s, Insurance Criteria: Evaluating The Enterprise Risk Management Practices of Insurance Companies, 2005.

  34. Rating Agency/Regulatory Requirements • NYSE – “Discuss policies with respect to risk assessment and risk management; While it is the job of the CEO and senior management to assess and manage the listed company's exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled. The audit committee should discuss the listed company's major financial risk exposures and the steps management has taken to monitor and control such exposures. The audit committee is not required to be the sole body responsible for risk assessment and management, but, as stated above, the committee must discuss guidelines and policies to govern the process by which risk assessment and management is undertaken. Many companies, particularly financial companies, manage and assess their risk through mechanisms other than the audit committee. The processes these companies have in place should be reviewed in a general manner by the audit committee, but they need not be replaced by the audit committee.” Source: NYSE, 303A.07 Audit Committee Additional Requirements, 2004.

  35. Resources

  36. Resources • IIA www.theiia.org • The Conference Board www.conference-board.org • The Committee of Sponsoring Organizations of the Treadway Commission www.coso.org

  37. Conclusion

  38. Conclusion • No one right model • Many companies are just in the beginning stages and experimenting with the right process for their company. • The Conference Board ERM Survey indicates over 90% of responding companies see the need to implement ERM. • ERM takes time to implement. • Difficulty of selling the value add of aggregating risks across the company. • “ERM must be completely tailored to the culture, markets, and businesses that the company operates in if it is to be effective.” Source: Standard & Poor’s, Insurance Criteria: Evaluating The Enterprise Risk Management Practices of Insurance Companies, 2005.

  39. Questions Questions?

  40. Contact Information • James Rose, Director of Internal Audit jrose1@humana.com • Jennifer Cutsinger, Director of Audit Consulting jcutsinger@humana.com

More Related