1 / 33

Enterprise Risk Management in the Board Room

Enterprise Risk Management in the Board Room. Georgia Credit Union Association Annual Convention May 15, 2015. Your Speaker. Diane Pape Reed Diane.cudoc@gmail.com (571) 265-1165 CU Doctor , LLC Fairfax, VA. NCUA §701.4 Duties of a Director.

conwaya
Download Presentation

Enterprise Risk Management in the Board Room

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Risk Managementin the Board Room Georgia Credit Union Association Annual Convention May 15, 2015

  2. Your Speaker Diane Pape Reed Diane.cudoc@gmail.com (571) 265-1165 CUDoctor, LLC Fairfax, VA

  3. NCUA §701.4 Duties of a Director (1) Carry out his or her duties as a director in good faith, in a manner such director reasonably believes to be in the best interests of the membership of the Federal credit union as a whole, and with the care, including reasonable inquiry, as an ordinarily prudent person in a like position would use under similar circumstances; (2) Administer the affairs of the Federal credit union fairly and impartially and without discrimination in favor of or against any particular member;

  4. Duties of a Director (3) At the time of election or appointment, or within a reasonable time thereafter, not to exceed six months, have at least a working familiarity with basic finance and accounting practices, including the ability to read and understand the Federal credit union's balance sheet and income statement and to ask, as appropriate, substantive questions of management and the internal and external auditors; and (4) Direct management's operations of the Federal credit union in conformity with the requirements set forth in the Federal Credit Union Act, this chapter, other applicable law, and sound business practices.

  5. The All Seeing Eye

  6. Board Responsibilities - The Buck Stops With You! Being a Board member is NOT a spectator sport! Directors are the ultimate decision makers Directors must understand the risks facing their credit union They can delegate the task, not the associated responsibility

  7. What the Examiner Wants to See • An effective risk management system is commonly comprised of three interdependent elements: • Board and management oversight • Risk management program • Audit • When all elements are strong and working together, an institution will be successful at managing its risks now and in the future.

  8. Risk Management Process

  9. Are We There Yet? CUNA’s Strategic Partner in the ERM area, The Rochdale Group, Inc., recommends you ask yourself these important questions about your current risk management program: • Can you articulate your organization’s top 10 to 15 risks using a common scale as measured against earnings and capital? • Can the organization articulate the risks (type/amount) being leveraged as well as the limits for which it can support? • Does your program measure risk in real dollar terms against capital and earnings? • Does your program measure risk prospectively? • Does your program show the risk interdependencies and proactive risk influencers (KRI/KPI)? • Does it facilitate setting and understanding risk-tolerance levels? • Does it provide clarity for risk discussions and decisions between operations, management and the board of directors? • Does it facilitate open communication organization-wide regarding risk and decision makingfrom strategy inception to operational execution? • Does the process provide targeted and actionable intelligence for business leaders? • What is your confidence level that processes are in place to effectively manage the vast array of risks across the organization?

  10. The 7 Major Risk Categories • Credit • Interest Rate • Liquidity • Transaction • Compliance • Strategic • Reputation

  11. Measuring Risk

  12. What is Enterprise Risk Management? Enterprise risk management is a process implemented by an entity’s board of directors, management and other personnel applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and to manage risk to be within the entity’s risk appetite to provide reasonable assurance regarding the achievement of entity objectives. (ERM Integrated Framework, COSO, September 2004)

  13. Simple Terms • ERM is simply a process that will allow you to see risks across your entire operation and compare them using a standard risk rating system. • Do you have that process now or do you have a set of seemingly unrelated Risk Assessments?

  14. NCUA Takes a Look at ERM • Supervisory Letter 13-12 • Sets forth the agency’s expectations of a Credit Union’s risk management programs • ERM is one such framework. • The NCUA does not require a formal ERM program for natural person Credit Unions

  15. The Bottom Line • A Credit Union is expected to have sound processes sufficient to manage the risk associated with their business model and strategies. • Hasn’t this always been the deal? • Most of our operations are designed to mitigate risk in order to maximize benefits.

  16. Potential Benefits A well designed ERM process can help a Credit Union by providing a framework within which the Board of Directors and senior management can: • Align risk appetite and strategy • Enhance risk response decisions • Reduce operational losses and surprises • Identify and manage multiple, cross-enterprise risks • Identify and seize opportunities • Improve deployment of capital

  17. Which Are You?

  18. Primary Exam Program Guidelines • Identify and mitigate current and emerging risks to the NCUSIF; • Ensure credit unions are in compliance with applicable laws, regulations and directives; • Initiate appropriate corrective actions support by sufficiently detailed administrative record; and • Facilitate timely resolution of supervisory concerns.

  19. According to the NCUA, the # 1 cause of Credit Union failures is ineffective risk management! How do you highlight your risk management program?

  20. NCUA View • LCU 13-2 and attached Supervisory Letter • Outlines NCUA view • Establishes expectations for sound and scaled risk management • Clarifies examiner approach • Identifies how findings should be addressed • Key Takeaways • NCUA embraces properly implemented ERM as an effective RM approach for all CUs • Properly implemented approaches/schools of thought are complex and resource intensive • ERM should add greater value than consumed resources • In some institutions, the value proposition may not work • A properly scaled broad/comprehensive risk management approach is appropriate.

  21. NCUA View • Comprehensive properly scaled risk management is a necessity. • Risk appetite and level of sophistication defines proper approach. • Avoidance is inefficient but a potential alternative for some institutions. • Not all risks arise from financial assets. • Cyber, product offerings, regulatory/criminal.

  22. NCUA View • Some Key Takeaways • Organizational commitment from top down – defines a well developed RM process • Independence in review, reporting, and decision process is key to objective RM • Defining key risks, outcomes and action plans are essential • Mitigation can take many forms • Insurance • Offset • Eliminate • CUs can achieve ERM like results but ERM requires organizational and system structures that may be too expensive for many smaller Institutions.

  23. Supervisory Focus on Risk Management • Management commitment and oversight. • Well defined and integrated policies and procedures. • Clearly defined risk appetite. • Clear understanding of the key risks and risk dynamics. • Effective mitigation triggers and options. • Effective risk reporting and monitoring. • Appropriate information and decision support systems. • Effective Internal Controls.

  24. Institutional Risk Field of Membership Competition Regulation Economy Markets Leadership and Talent Total Analysis Process (TAP) Capital/Risk Exposure of the Combined Institutional Activities Source:NCUA

  25. Total Analysis Process (excerpt from NCUAs Examiner Guide) • Step back from examination details and individual ratios; • Think about the big picture, how the various aspects of the examination interact and the individual ratios relate to each other; and • Assess management’s ability to identify, measure and control current and future risk.

  26. A Matter of Perspective • Conflict between risk and profit • Risk is NOT a dirty word. It is a known element of our operations. • We are not required to eliminate risk. We need to recognize it and manage it. • Finding and defending your risk appetite • How do you tell your story

  27. The Hard Facts • Most credit unions promote a centralized risk management and response system. • Lots of “silos”, “not your areas”, “need to knows” and “do not enters” around risk issues. • Most of your staff does not understand the risk management process.

  28. Getting Started • Traditionally, credit unions have approached risk management in a fragmented and inconsistent manner. • An enterprise view of risk management is more likely to bring consistency in identification and control of risk across the enterprise. • Risk management itself is not a new discipline, but the concept of measuring and controlling risk across the organization is. This broad and coordinated view of risk management is what ERM is all about.

  29. Risk Management Team • Comprised of your operational area experts, stakeholders, managers. • Work to identify key areas on which the examiners are likely to focus, and make sure you are properly addressing every potential “issue.” • Preparation for an exam can help reveal unnecessary risks and operational weakness. • This process will help you effectively and efficiently manage your credit union.

  30. It All Starts Here 30 The risk assessment should be considered the foundation of a compliance program. Without a comprehensive risk analysis of its business, it is highly unlikely that a credit union can design an effective program well suited to manage the risks of that particular institution.

  31. Flexibility Is Key 31 • There is no “one-size fits all” approach to developing this assessment • Beware of “cookie cutter” solutions

  32. Wash, Rinse, Repeat … 32 Risk assessments are a dynamic process and should be a regular component of a broader risk management strategy. Needs to be reviewed and revised (if necessary) regularly.

  33. Questions?

More Related