Enterprise Risk Management (ERM)
Download
1 / 40

Enterprise Risk Management (ERM) - PowerPoint PPT Presentation


  • 188 Views
  • Updated On :

Enterprise Risk Management (ERM). James Rose and Jennifer Cutsinger 11/8/05. Agenda. Introduction What is ERM? How to be successful implementing ERM. Risk Appetite Origins of ERM Examples Regulatory Requirements for risk management. Resources Conclusion. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Enterprise Risk Management (ERM)' - quasar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Enterprise Risk Management (ERM)

James Rose and Jennifer Cutsinger

11/8/05


Agenda l.jpg
Agenda

  • Introduction

  • What is ERM?

  • How to be successful implementing ERM.

  • Risk Appetite

  • Origins of ERM

  • Examples

  • Regulatory Requirements for risk management.

  • Resources

  • Conclusion



Where are you in the erm process l.jpg
Where are you in the ERM process?

  • Just Getting Started

    • Still thinking about it, Initial Research

  • Beginning

    • Creating a process, seeking approval/buy-in, piloting

  • Intermediate

    • Refining/revising, implementing across all departments, common risk language

  • Advanced

    • Weaving ERM into the business, tying risk reviews to strategy, demonstrating high value



What is erm l.jpg
What is ERM?

  • COSO ERM Definition

    • A process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

      Source: Enterprise Risk Management – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004.


What is erm7 l.jpg
What is ERM?

  • Conference Board ERM Definition

    • ERM is a framework, instituted by a firm’s board of directors and management, applied strategically and across the enterprise, designed to identify potential events that may impact the firm, manage risks within defined parameters and provide reasonable assurance regarding the achievement of the firm’s business objectives.

      Source: The Conference Board. More Companies Using Enterprise Risk Management to Handle Risks, 2005.


What is erm8 l.jpg
What is ERM?

  • Key components of ERM

    • A process carried out by all levels of associates.

    • A process that is applied across the organization.

    • Applied strategically.

    • Designed to identify potential events that may impact the entity.

    • Manage risks to the entity’s risk appetite.

    • Achievement of the entity’s objectives.


Coso erm framework l.jpg
COSO ERM Framework

Source: Enterprise Risk Management – Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004.


Why do you need to implement erm l.jpg
Why do you need to implement ERM?

  • Most companies do not have a common risk language

  • Most companies lack a systematic approach to roll up risks

  • Most companies operate in silos

  • Regulatory Pressures


Why do you need to implement erm11 l.jpg
Why do you need to implement ERM?

  • Assess key risks – likelihood and impact

    Source: The IIA’s 2005 Risk and Control Conference. Enterprise Risk Management in a Changing Environment., 2005


Who is implementing erm l.jpg
Who is implementing ERM?

  • ERM is still in the infancy stage. Many companies see it as a need, but are still in the planning stages.

    • The Conference Board’s ERM Survey shows that over 90% of companies surveyed see the need to implement ERM in their company.

Rejected

Preparing/

Developing/

Implementing

Positively

Disposed

  • Source: The Conference Board.Beyond Compliance: The Future of Risk Management, 2005.


Who is implementing erm13 l.jpg
Who is implementing ERM?

…and ERM is seen as an increasingly important responsibility

Source: The Conference Board. Beyond Compliance: The Future of Risk Management, 2005.


Why are companies implementing erm l.jpg
Why are companies implementing ERM?

  • Primary Drivers of ERM

    • Corporate governance requirements 66%

    • Greater understanding of strategic and

      operating risks 60%

    • Regulatory pressures 53%

    • Board requests 51%

    • Competitive advantage 41%

      ** Multiple answers allowed in the survey

      Source: The Conference Board ERM Survey, 2005


Why are companies implementing erm15 l.jpg
Why are companies implementing ERM?

  • Highest Priority Objective of ERM

    • Ensure risk issues are considered in

      decision making 44%

    • Avoid surprises and predictable failures 40%

    • Align risk exposures and mitigation programs 24%

    • Institute more rigorous risk measurement 19%

    • Integrate ERM into other corporate practices

      like strategic planning 17%

      ** Multiple answers allowed in the survey

      Source: The Conference Board ERM Survey, 2005



How to be successful implementing erm l.jpg
How to be successful implementing ERM

  • Develop a common risk language

    • Capture complex topics and definitions; i.e. what is risk, impact of risk, likelihood of risk, inherent and residual risk, objectives, controls, etc.

  • Training for key associates

    • Creates understanding and alleviates cultural resistance

  • Incorporate risk management as a core competency within your Human Resources Model

    • Job Roles

  • Leverage your performance management system.

    • Determine at what level this should be incorporated.


How to be successful implementing erm18 l.jpg
How to be successful implementing ERM

  • Support from a Senior Executive, preferably the CEO.

  • Establish accountability

  • Determine risk categories

  • Determine how you will store and report the information you obtain?

  • Start small – tackle one business unit at a time.

  • Develop an assessment process


Other tips for success l.jpg
Other tips for success

  • Research

    • Case Studies

    • Surveys

    • Industry Publications

  • Visit companies that have implemented ERM

  • Attend ERM conferences/network

  • Determine what will work best for your company – there is no one right way to implement ERM



Risk appetite l.jpg
Risk Appetite

  • What is it?

    • The amount of risk a company is willing to accept

    • Tolerance for risk – how much risk can I afford to take without excessively exposing the business to potential financial distress?

    • Risk/Return trade-off

  • Who should own the company’s risk appetite?

    • Board of Directors/CEO

    • CFO/CRO



Origins of erm l.jpg
Origins of ERM

  • Treasury

  • Operations

  • Strategic Planning

  • Risk Management Departments or Chief Risk Officers

  • Compliance

  • Financial Reporting – CFO

  • Internal Audit



Examples l.jpg
Examples

  • MasterCard International – Steps to Implement ERM

    • Determine primary driver for implementing ERM

      • Governance

      • Greater understanding of risk

      • etc.

    • Benchmark

      • Research

      • Network

      • etc.

        Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.


Examples26 l.jpg
Examples

  • MasterCard International, continued

    • Create the ERM process

      • Develop a plan

      • Identify top risks

      • Develop an ERM policy

      • Establish risk governance

      • Develop preliminary reporting process

        Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.


Examples27 l.jpg
Examples

  • MasterCard International, continued

    • Seek Approval

      • Gain buy-in from:

        • Executive Management

        • Board of Directors/Audit Committee

    • Pilot

      • Assess risks

        • Start with one group at a time

      • Preliminary Reporting

      • Initial quantification

      • Employee communications

        Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.


Examples28 l.jpg
Examples

  • MasterCard International, continued

    • Refine/Revise the process

      • Solicit feedback

        • ERM process

        • Quantification

        • Reporting

          • Format

          • Contents

          • Process

      • Incorporate the feedback in your process

        Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.


Examples29 l.jpg
Examples

  • MasterCard International, continued

    • Implement

      • Communications

      • Reporting

      • Management practices

      • Integrate ERM into strategic planning

        Source: The Conference Board’s 2005 Enterprise Risk Management Conference. Tools, Techniques and Approaches for Building a Sustainable ERM Program. MasterCard International, 2005.


Examples30 l.jpg
Examples

  • Bristol-Myers Squibb Company

    • ERM system in progress since 2003

    • Linked at outset to strategy and planning

    • Initiated with pilot programs

    • Gradual expansion to businesses and functions

    • Communication

      Source: The Conference Board’s 2005 Enterprise Risk Management Conference. ERM Sustainability. Bristol-Myers Squibb Company, 2005.


Examples31 l.jpg
Examples

  • Bombardier

    • Develop an integrated risk management approach

      • Benchmarking, analyzing similar companies, etc.

    • Develop a model (6 months)

      • ERM as a sustainable process, not a project

      • Ensure simplicity and ease of use and quick results

    • ERM Pilot

      • Support of ERM from Executive Management

      • Solicitation of successes both strategic and operational.

        Source: The IIA’s 2005 Risk and Control Conference. Enterprise Risk Management at Bombardier., 2005



Rating agency regulatory requirements l.jpg
Rating Agency/Regulatory Requirements

  • Standard & Poor’s – “ERM will be one new category of analysis along with the existing categories of Competitive Position, Management and Corporate Strategy, Operating Performance, Capitalization, Liquidity, Investments, and Financial Flexibility. For each company, the importance of each of the rating factors to the overall financial strength of the company is the driver for the weightings among the factors. ERM will not be the sole determining factor, nor is it likely to be completely unimportant for any insurance company.”

    Source: Standard & Poor’s, Insurance Criteria: Evaluating The Enterprise Risk Management Practices of Insurance Companies, 2005.


Rating agency regulatory requirements34 l.jpg
Rating Agency/Regulatory Requirements

  • NYSE – “Discuss policies with respect to risk assessment and risk management;

    While it is the job of the CEO and senior management to assess and manage the listed company's exposure to risk, the audit committee must discuss guidelines and policies to govern the process by which this is handled. The audit committee should discuss the listed company's major financial risk exposures and the steps management has taken to monitor and control such exposures. The audit committee is not required to be the sole body responsible for risk assessment and management, but, as stated above, the committee must discuss guidelines and policies to govern the process by which risk assessment and management is undertaken. Many companies, particularly financial companies, manage and assess their risk through mechanisms other than the audit committee. The processes these companies have in place should be reviewed in a general manner by the audit committee, but they need not be replaced by the audit committee.”

    Source: NYSE, 303A.07 Audit Committee Additional Requirements, 2004.



Resources l.jpg
Resources

  • IIA www.theiia.org

  • The Conference Board www.conference-board.org

  • The Committee of Sponsoring Organizations of the Treadway Commission www.coso.org



Conclusion l.jpg
Conclusion

  • No one right model

  • Many companies are just in the beginning stages and experimenting with the right process for their company.

  • The Conference Board ERM Survey indicates over 90% of responding companies see the need to implement ERM.

  • ERM takes time to implement.

  • Difficulty of selling the value add of aggregating risks across the company.

  • “ERM must be completely tailored to the culture, markets, and businesses that the company operates in if it is to be effective.” Source: Standard & Poor’s, Insurance Criteria: Evaluating The Enterprise Risk Management Practices of Insurance Companies, 2005.


Questions l.jpg
Questions

Questions?


Contact information l.jpg
Contact Information

  • James Rose, Director of Internal Audit jrose1@humana.com

  • Jennifer Cutsinger, Director of Audit Consulting jcutsinger@humana.com