enterprise risk management
Skip this Video
Download Presentation
Enterprise Risk Management

Loading in 2 Seconds...

play fullscreen
1 / 28

Enterprise Risk Management - PowerPoint PPT Presentation

  • Uploaded on

Enterprise Risk Management. Catalyst Corporate Credit Union 2012 Economic Forum October 23, 2012. 1. Your Speaker. David A. Reed Attorney at Law [email protected] (703) 675-9578 Reed & Jolly, PLLC Fairfax, VA.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Enterprise Risk Management' - justin

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
enterprise risk management

Enterprise Risk Management

Catalyst Corporate Credit Union

2012 Economic Forum

October 23, 2012


your speaker
Your Speaker

David A. Reed

Attorney at Law

[email protected]

(703) 675-9578

Reed & Jolly, PLLC

Fairfax, VA

The contents of this presentation are intended to provide you with a general understanding of the subject matter. However, it is not intended to provide legal, accounting, or other professional advice and should not be relied on as such.
what is enterprise risk management
What is Enterprise Risk Management?

Enterprise risk management is a process

implemented by an entity’s board of directors, management and other personnel

applied in strategy setting and across the enterprise,

designed to identify potential events that may affect the entity, and

to manage risk to be within the entity’s risk appetite to provide reasonable assurance regarding the achievement of entity objectives.

(ERM Integrated Framework, COSO, September 2004)

risk management process
Risk Management Process

Source: Federal Reserve Board

The NCUA has stated repeatedly that

the #1 cause of credit union failures

is ineffective risk management.

what s to worry about
“NCUA is committed to proactively addressing safety and soundness problems at credit unions,” concluded Chairman Matz. “NCUA will continue to build on its current enforcement efforts in requiring credit unions to promptly correct problems at the earliest possible time. Consistent with GAO’s findings, NCUA will also continue to take steps to strengthen the effectiveness of our enforcement program, striving to develop new predictive PCA measures that identify emerging problems earlier and better protect the Share Insurance Fund from losses.”

NCUA Press Release1/4/2012

What’s to Worry About?
different viewpoints
Different Viewpoints
  • What an examiner may view as unacceptable risk, the credit union executive will more than likely view as a sound business strategy.
  • The higher the risk the higher the reward.
what about risk
What About Risk?
  • Risk is NOT a dirty word. It is a known element of our operations.
  • Risk assessments are an essential management and regulatory tool
  • Risk is a simple game
    • Identify it
    • Categorize it
    • Deal with it!
what could possibly go wrong
What Could Possibly Go Wrong?
  • Loan demand
  • Litigation
  • Regulation
  • Competition
  • Natural disaster
  • Pandemics
  • Zombies
  • Taxation
  • Interest rates
  • EU collapse
  • Consumer fads
  • Fraud
  • UFO
  • Expenses
  • Staffing
  • Technology
7 major risk categories
7 Major Risk Categories
  • Credit
  • Interest Rate
  • Liquidity
  • Transaction
  • Compliance
  • Strategic
  • Reputation
the three r s
The Three R’s

Risk Recognition and Reaction

erm goals benefits
ERM Goals & Benefits
  • Measurement of risk at all levels
  • Assign accountability and responsibility
  • Understanding the interdependency of organizational risks
  • Managing business partner relationships
  • Managed risk brings lower costs
  • Improve confidence in operational and financial integrity
  • Keeps the credit union on course
getting started
Getting Started
  • Traditionally, credit unions have approached risk management in a fragmented and inconsistent manner.
  • An enterprise view of risk management is more likely to bring consistency in identification and control of risk across the enterprise.
  • Risk management itself is not a new discipline, but the concept of measuring and controlling risk across the organization is. This broad and coordinated view of risk management is what ERM is all about.
risk management team
Risk Management Team
  • Harness the expertise of your operational leaders to showcase your compliance, risk management and sound business strategies.
  • Experience reveals that the examiners are increasingly likely to engage more members of your staff during the process.
  • To keep the process organized, choose one person as the central point of access, but allow your inside experts to explain your individual operational strategies to the examiner.
it all starts here
It All Starts Here

The risk assessment should be considered the foundation of a risk management program.

Without a comprehensive risk analysis of its business, it is highly unlikely that a credit union can design an effective program well suited to manage the risks of that particular institution.

aires questionnaires
AIRES Questionnaires
  • Automated Integrated Regulatory Examination Software
  • They are the audit questions the examiner will use during the examination for each operational area
  • Great resource for planning and preparation
wash rinse repeat
Wash, Rinse, Repeat …
  • Risk assessments are a dynamic process and should be a regular component of a broader risk management strategy.
  • Needs to be reviewed and revised (if necessary) regularly.
developing an erm approach
Developing an ERM Approach

Develop process to identify, assess and manage significant risks to strategic objectives

Establish and define roles and responsibilities

Establish centralized risk management area to:

facilitate enterprise risk management

perform aggregate risk analysis

develop and provide reports and reporting tools

Engage all business areas

the next step
The Next Step
  • Once it is understood through our Enterprise-wide Risk Assessment process how the credit union’s business processes and compliance areas rank in terms of potential risk, management can begin the process of allocating/budgeting available resources (internal audit and co-sourcing) to the areas of greatest potential risk.
  • Such resources should be directed to conducting “focused risk assessments” of specific business processes and compliance areas with the objectives of:

1) Evaluating the controls design

2) Testing the effectiveness of controls

governance risk policy committee

Develop and implement risk management strategy, policies, methodologies and governance

Serve as a forum for risk related discussions


Periodically review the risk profile of the credit union’s most significant risks

Vet and address risk-related issues at committee meetings

Make risk-related recommendations

Evaluate effectiveness of risk infrastructure

Ensure risk owners are designated on a timely basis for all significant risks

Governance – Risk Policy Committee
frbc risk assessment map
FRBC Risk Assessment Map

Source: Federal Reserve Board

possible risk responses
Possible Risk Responses
  • Mitigate/reduce the risk. Through the implementation of controls, risks can be reduced to an acceptable level. (e.g., strong loan underwriting and dealer management controls for indirect lending)
  • Avoid the risk. This involves making the appropriate business decisions so that the risk is not taken. It means saying no to something, whether a new vendor, product, system, or relationship. (e.g., funding a large scale commercial development project)
  • Accept the risk. There is always an option to accept the risk – to view it as the cost of doing business. Further, some risks need to be taken and cannot be cost effectively mitigated or transferred. (e.g., risk-based lending)
  • Transfer/insure the risk. This means establishing an agreement, securitization or some sort of insurance that transfers the risk to a third party. (e.g., participation loans sold)
Risk Assessment & Response


(Reduce, Share, Accept, Avoid)

Identification of Significant Vulnerabilities

Assessment of Inherent Severity

(Impact/ Likelihood)

Control Assessment

(Effective/ Efficient)

Gap Analysis

(Current Degree of Mitigation)

Residual Risk Severity

(Impact/ Likelihood)

Action Plan Monitoring

Defined Risk Indicators and Thresholds

Source: Federal Reserve Board

basic rule
Basic Rule

It is NOT enough to just do it anymore, you must document it.

What does your risk management system look like?