Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Risk Management James Lam President phone: 781.772.1961 Website: ASSE Using Risk Principles March.

Similar presentations

Presentation on theme: "Enterprise Risk Management James Lam President phone: 781.772.1961 Website: ASSE Using Risk Principles March."— Presentation transcript:

1 Enterprise Risk Management James Lam President phone: 781.772.1961 Email: Website: ASSE Using Risk Principles March 24 th, 2005

2 1 Our president, James Lam, has spent 20 years in risk management Professional President, James Lam & Associates Founder and President, ERisk Partner, Oliver, Wyman & Company CRO, Fidelity Investments CRO, Capital Markets Services Inc., a GE Capital company Industry Activities PRMIA Blue Ribbon Panel Member GARP Inaugural Financial Risk Manager of the Year (1997) Published over 50 articles and book chapters Quoted in Wall Street Journal, Financial Times, Risk Magazine, and CFO Magazine Academic Senior Research Fellow, Beijing University Adjunct Professor, Babson College Lectured at Harvard Business School as the subject of a HBS case study MBA, UCLA School of Business BBA, Baruch College Client Solutions Consulting – ERM, strategic risk, financial risk, and operational risk Software – Operational risk (with OpenPages) and ERM Dashboard (CXO Systems) Training – board and management workshops

3 2 We are singularly focused on risk management Areas of Expertise Enterprise risk management Market risk management Credit risk management Operational risk management KRIs and risk reporting Client Solutions Consulting services Software products CXO Systems OpenPages Training programs

4 3 As discussed in James recent book, we define ERM as a value added function An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value. Definition of ERM:

5 4 Key trends and requirements Best practices and practical applications ERM in the future Discussion outline

6 5 ERM is useful because the risks faced by companies are highly interdependent Business Risk Operational Risk Financial Risk IT and business process outsourcing Derivatives documentation and counterparty risk FX risk in a new foreign market Enterprise-Wide Risks Financial Risks Market Risk Liquidity Risk Credit Risk Credit Risk Associated with Investments Credit Risk Associated with Borrowers and Counterparties Funding Liquidity Asset Liquidity

7 6 Traditionally, risks were managed within organizational silos Strategic Risk Business Risk Financial Risk Operational Risk Who How Board of Directors CEO CFO Treasurer Business Managers Project Managers Internal Audit Compliance IT Strategic planning EVA Balanced scorecard Country and credit limits Trading and ALM Limits Financial derivatives Controls Audits Contingency planning Insurance Product plans Business reviews Project management

8 7 Benefits ERM provides an integrated value-added approach Financial Institutions Barclays GE Capital JP Morgan Chase Fidelity Investments Non-Financial Corporations Microsoft Boeing Duke Energy Ford Enterprise Risk Management Chief Executive Officer/Chief Fisk Officer Strategic Risk Board CEO Business Risk Line managers Project Managers Financial Risk CFO Treasurer Operational Risk Internal Audit Compliance IT Broadens risk awareness Aligns risk profile and strategy Minimizes surprises and losses Rationalizes capital requirements Assures regulatory compliance Improves ROE and shareholder value

9 8 American software giant initiated its ERM program in 1994 Mike Brown, CFO: The web is an incredible opportunity to take costs out of your model, to provide higher quality services and to be much more informed about company issues. Background ERM Program Initiated ERM with a comprehensive inventory of risks Recognized that its insurance strategies only covered 30% of risks Applied advanced technologies to support risk analysis and communication Incorporated into product pricing of the expected litigation costs of repetitive stress injuries associated with a new keyboard Case study: Microsofts risk intranet is central to their ERM program

10 9 The growing acceptance of ERM is driven by four key forces Corporate Disasters Enron WorldCom Adelphia Mutual Funds Industry Initiatives Treadway Report, US Turnbull Report, UK Dey Report, Canada Best Practices Banks Asset Managers Energy Firms Corporations Regulatory Actions S.E.C. Sarbanes-Oxley Basel II Enterprise Risk Management

11 10 Companies are faced with an influx of new requirements New accord consists of three pillars: – Minimum capital requirements – Supervisory review – Public disclosure Explicit treatment of operational risk More granular analyses of credit risk Section 404: Management assessment of internal controls for financial reporting attestation by auditor Section 302: CEO/CFO certification of financial statements Establish criminal penalties for executives and independence requirements of auditors SEC/NYSE/NASDAQ corporate governance rules State attorney general probes Patriot Act; anti-money laundering and bank secrecy act Basel II Sarbanes-Oxley Act of 2002 Other Requirements

12 11 A proactive approach to ERM is driven by best practices, not regulations Reactive Approach Proactive Approach Current state New industry standards Sarbanes- Oxley Basel II Governance Requirements Desired state (best practices or best-in-class practices) Benchmarking Gap analysis Recommendations Common themes Unique standards Sarbanes- Oxley Basel II New industry standards Governance Requirements ? ? ? ? ? CEO

13 12 Early adopters of ERM have reported significant and tangible benefits BenefitCompanyActual Results Market value improvementTop money center bankOutperformed S&P 500 banks by 58% Early warning of risksLarge investment bankGlobal risk limits cut by 1/3 prior to Russian crisis Loss reductionTop asset management company Loss-to-revenue ratio declined by 30% Regulatory capital reliefLarge commercial bank $1 billion regulatory capital relief Insurance cost reduction Large manufacturing company 20-25% reduction in insurance premium

14 13 Annualized total shareholder returns (1998- 2003) for differing degrees of risk model sophistication and risk tool usage Source: PA Consulting Survey of Global Banks

15 14 Key trends and requirements Best practices and practical applications ERM in the future Discussion outline

16 15 An ERM framework should encompass seven key building blocks 2. Line Management Business strategy alignment 3. Portfolio Management Think and act like a fund manager 4. Risk Transfer Transfer out concentrated or inefficient risks 5. Risk Analytics Develop advanced analytical tools 6. Data and Technology Resources Integrate data and system capabilities 7. Stakeholders Management Improve risk transparency for key stakeholders 1. Corporate Governance Establish top-down risk management

17 16 The enterprise risk management process ERM Foundations Risk Identification and Assessment Risk Measurement and Reporting Risk Mitigation and Management Senior management and board participation (tone from the top) Governance structure Resource allocation Culture, principles, and values ERM framework and policies Linkage to strategy, performance measurement and incentives Organizational learning Top-down assessments –Barriers to strategic and financial goals –Executive team CSAs Bottom-up assessments –Barriers to business, customer, and product goals –Business unit CSAs –Functional unit CSAs Independent assessments –Internal audit –External audit –Regulators –Customers –Other stakeholders ERM dashboard –Earnings volatility –Key risk metrics –Policy compliance –Real-time event escalation –Drill-down capabilities Scenario analysis –Historical –Managerial –Simulation-based Disclosure –Board reporting –External reporting Policy enforcement Value-based growth and restructuring strategies Risk transfer strategies Contingency planning and testing Event and crisis management

18 17 Data Mining CREDIT RISK MARKET RISK BUSINESS RISK OPERA- TIONAL RISK ERM Dashboard RISK PILLARS Internal and External Data Basic ERM applications: Executive reporting Key risk indicators Loss/incident tracking Control self assessments Early warning indicators Risk mitigation projects tracking ERM content management Advanced ERM applications: Risk transfer Economic capital Scenario analysis Shareholder value management An ERM system should address all risk types, qualitative and quantitative data, and risk monitoring and management applications

19 18 1 Characteristics and sources of effective key risk indicators Key Risk Indicators Strategies/ Objectives Regulations & Policies Losses & Incidents Stakeholder Requirements Business plans Management goals Performance metrics Legal requirements Regulatory standards Policy limits Actual losses Incidents Industry data Customers Vendors Other Reflect objective measurement 2 Incorporate risk drivers: Exposure Probability Severity Correlation 3 Be quantifiable – $, %, # 4 Track in time series against standards or limits 5 Tie to objectives, risk owners, and risk categories 6 Balance of leading and lagging indicators 7 Be useful – support business decisions and actions 8 Can be benchmarked internally or externally 9 Timely and cost effective 10 Simplify risk without being simplistic

20 19 An ERM dashboard should address five key questions for senior management 1.Are any of our strategic, business, and financial objectives at risk? 2.Are we in compliance with policies, limits, laws, and regulations? 3.What risk incidents have been escalated by our risk functions and business units? 4.What key risk indicators and trends that require immediate attention? 5.What are the risk assessments that we should review?

21 20 Current YTD Operational Losses Credit Losses Market Losses Other Losses Sub-Total: Loss/Revenue Ratio: Risk Incidents Reporting of risk incidents, exposures, and near misses 1.____________________ ____________________ ____________________ _________ 2. 3. 4. Management discussion of major risk issues (what keeps me up at night) Gross Losses Management Assessment 1993199419951996 Losses 1992Q1 97 Incident Exposure Response 1. 2. 3. 4. Example: monthly risk report Accounting for actual losses incurred Current YTD Operational Losses Credit Losses Market Losses Other Losses Sub-Total: Loss/Revenue Ratio:

22 21 Example: monthly risk report (contd)

23 22 Case study: $1 trillion of assets under management Private company Decentralized business culture Background3-Year ERM Program Organized Global Risk Forum Implemented annual Global Risk Review Automated loss accounting Developed ERM framework Implemented intranet-based Global Risk MIS Experienced significant reduction in loss ratio

24 23 Risk Metrics Risk Event Log Event Loss Root Causes Controls Needed Education New associates Management Business/Operational processes Best practices Lessons learned Goal MAP Actual Loss Experience 85% Decline Basic risk management processes can lead to significant improvements

25 24 ERM requires balancing the hard and soft side of risk management Hard Side Measures and reporting Risk oversight committees Policies & procedures Risk assessments Risk limits Audit processes Systems Soft Side Risk awareness People Skills Integrity Incentives Culture & values Trust & communication

26 25 Definitions of risk culture –In a typical risk culture, people will do the right things when risk policies and controls are in place –In a good risk culture, people will do the right things even when risk policies and controls are not in place –In a bad risk culture, people will not do the right things regardless of risk policies and controls An companys risk culture provides the foundation of its ERM program

27 26 Case study: New capital markets business Traders hired from foreign bank Aggressive business and growth targets Background2-Year ERM Program Established risk policies and systems Instilled risk culture Survived Kidder disaster Captured 25% market share with zero policy violations Recognized as best practice

28 27 Engaged senior management and board of directors Established policies, systems, and processes, supported by a strong risk culture Clearly defined risk appetite with respect to risk limits and business boundaries Robust risk analytics for intra- and inter-risk measurement, summarized in an ERM dashboard Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation Hallmarks of success in ERM

29 28 Key trends and requirements Best practices and practical applications ERM in the future Discussion outline

30 29 1. ERM will become the industry standard 2. CROs prevalent in risk-intensive companies 3. Audit committees will evolve into risk committees 4. Economic capital in; VaR out 5. Risk transfer executed at enterprise level 6. Advanced technologies key to advancement 7. A measurement standard will emerge for operational risk 8. Risk-based or economic reporting becomes standard 9. Risk becomes part of corporate and college programs 10. Salary gap among risk professionals continues to widen Ten predictions on the future of enterprise risk management

31 30 The role of a Chief Risk Officer Evangelist Motivate Leader Change Steward Control Consultant Help Technician Teach Must have! Nice to have

32 31 Organizational and leadership skills to effect change Communication skills – to simplify without being simplistic Technical skills in credit, market, and operational risk Judgment to balance business and risk requirements Courage to push back and say no High EQ (emotional quotient) in addition to high IQ Ultimate CRO test: ability to integrate risk management into strategic planning and day-to-day business processes What makes a good CRO?

33 32 Anticipate, identify and evaluate hazardous conditions and practices Develop hazard control methods, procedures and programs Implement, administer and advise others on hazard controls and hazard control programs Measure, audit and evaluate the effectiveness of hazard controls and hazard control programs ASSE defined functions for safety professionals

34 33 Promote awareness of hazard risks, as well as the interdependencies with other key risks Integrate hazard risks into control self assessments and audit findings Develop key risk indicators and management dashboards for hazard risk Participate in ERM initiatives to mitigate and manage enterprise-wide risks Role for safety professionals in enterprise risk management

Download ppt "Enterprise Risk Management James Lam President phone: 781.772.1961 Website: ASSE Using Risk Principles March."

Similar presentations

Ads by Google