1 INSURANCE Enterprise Risk Management: From Theory to Practice KPMG LLP
3 Executive Summary Enterprise Risk Management (ERM) is a structured and disciplined business tool aligning strategy, processes, people, technology, and knowledge with the purpose of evaluating and managing the uncertainties that enterprises face. It is a holistic, integrated, future-focused, and process-oriented approach that helps an organization manage key business risks and opportunities with the intent of enhancing shareholder value for the enterprise as a whole. This is accomplished by taking an enterprise-wide view of risk through the removal of traditional business unit, segment/division, functional, departmental or cultural barriers to open and honest risk communication. Still, as with any important business tool, a large gap exists between inception, adoption, and implementation. KPMG has assisted many organizations with adopting ERM and has conducted a series of surveys related to the current state of ERM. This survey Enterprise Risk Management: From Theory to Practice targeted an array of companies from different industries in the U.S. and asked a range of questions designed to see what current practices they are using and just how far they had progressed with the practical implementation of ERM.
4 2 E N T E R P R I S E R I S K M A N A G E M E N T Key Findings Our survey explored current risk management practices and five themes emerged: Governance Structure and Reporting Lines Leading practice is cited for risk oversight to reside with a Risk Committee of the Board and for the CRO to report directly to the CEO. Interestingly, current practices appear to differ: A significant majority (70 percent) of respondents provide ERM updates to their Audit Committees, while less than half (40 percent) report that updates are provided directly to the Board of Directors or a separate Board-level Risk Committee on a quarterly basis. Three quarters of respondents say they have a CRO who reports to the CFO. Emerging Risk Identification In response to the financial crisis and increased rating agency focus, there is increased emphasis on the identification of emerging risks: More than a third (37 percent) of the companies surveyed reviewed emerging risk as part of their periodic risk identification/assessment process, while a similar percentage of companies reported having a defined emerging risk identification process in place.
5 F R O M T H E O R Y T O P R A C T I C E 3 Risk Appetite As a company s risk maturity evolves, developing a risk appetite is becoming an increasing area of focus. Many companies are working on defining their risk appetite at both corporate and business unit level specifically, and cascading the corporate-wide risk appetite down into regions, business units, and products lines in a meaningful way. Nearly thirty percent of companies surveyed do not yet have a corporate risk appetite statement articulated. Forty seven percent of the respondents noted that their corporate risk appetite statement is expressed in both descriptive and quantitative terms. Use of Scenario Analysis and Economic Capital models Although the financial crisis brought the use of scenario analysis and models front and center, the key is sufficient management review and thought as outputs are used to make business decisions: More than two-fifths (42 percent) of the respondents perform scenario analysis for enterprise level risks. A solid majority (85 percent) of respondents are using an economic capital model (ECM) in a variety of ways in their business. At least half use it for strategic decisionmaking or capital management. Approximately 40 percent use it for capital planning and determining risk appetite/risk tolerances.
6 4 E N T E R P R I S E R I S K M A N A G E M E N T Risk Aware Culture One of the areas companies are focusing on is increasing their employees awareness of risk management and making better risk-based decisions. One of the key elements to successfully doing this is to educate or train the appropriate levels in the organization. Not all companies have currently implemented such awareness or education yet. Respondents were evenly split on whether there is a formal risk training/education process in their companies. Conclusion This paper highlights similar risk management practices across 21 companies in financial services and other regulated industries that we surveyed in 2009 (see the survey methodology on page 20). Specifically, it highlights the fact that what may be considered leading practices are not necessarily common or current practice for the majority of respondents. It appears that some of the practices in place may be used as they are practical and work effectively for that particular company s culture, and that leading practices would not be effective or efficient. Despite the apparent progress with regard to the application of ERM, the following key questions remain: Is ERM embraced and understood throughout the organization and at the board level? Is ERM positioned or structured in a way to promote value throughout the organization as opposed to being a compliance exercise? Are risk management and performance management integrated in order to promote an overall return in accordance with an organization s established risk appetite? Risk management practices must be tailored to meet a company s maturity, culture, and risk profile. In addition, in order to derive real value from ERM, risk management must be integrated into a company s business decision processes as well. Ultimately, ERM practices must be integral to how a company operates instead of simply being viewed as a compliance exercise. The companies in KPMG s survey acknowledge the need for ERM and have created the governance structure to implement it throughout the organization. In order to evaluate the effectiveness of ERM, however, a key next step is determining the appropriate metrics to measure both how well ERM mitigates an organization s risk and emphasizes opportunities to increase rewards.
7 F R O M T H E O R Y T O P R A C T I C E 5 Detailed Findings Board Oversight and Reporting To which committee(s) are Enterprise Risk Management updates provided? Audit Committee 70% Board of Directors 40% Risk Committee 35% Finance Committee 15% Other 10% 0% 20% 40% 60% 80% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. A significant majority (70 percent) of respondents provides ERM updates to the Audit Committee, while less than half (40 percent) report that updates are provided directly to the Board of Directors or a separate Board-level Risk Committee. It is currently considered a leading practice to send the risk management report to the Board-level Risk Committee, and the proposed Shareholder Bill of Rights Act of 2009 (see sidebar) recommends that each issuer be required to have a Board-level risk committee, comprised entirely of independent directors, responsible for the risk management practices of the issuer. But this is not currently common practice, as only 35 percent of companies surveyed actually reported to the Board-level Risk Committee. The Shareholder Bill of Rights Act of 2009 The Senate s Shareholder Bill of Rights Act was proposed in May of 2009 by Senator Charles Schumer (D-NY). Among other things, the Act calls for more board accountability for a public company s risk management process, including the establishment of an independent board-level risk committee. Currently risk management is typically the responsibility of a public company s Audit Committee, which can comprise both outside and inside directors. But the Act calls specifically for public companies being required to have a risk committee of independent directors responsible for the establishment and evaluation of risk management practices. By creating separate risk committees, boards will not be able to claim they did not understand the risks that the firms they oversee were taking. Upon passage of the Act, a substantial challenge for many organizations may be finding enough independent directors with the necessary technical risk management skills required to qualify them for their positions.
8 6 E N T E R P R I S E R I S K M A N A G E M E N T How often are Enterprise Risk Management updates provided to the Audit Committee/BoD? Quarterly 72% Annually 22% Ad Hoc 0% 0% 20% 40% 60% 80% Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. A significant majority (72 percent) of respondents provide ERM updates to the Audit Committee and/or Board of Directors on a quarterly basis as opposed to 22 percent reporting that updates occur annually. Both become important if the proposed SEC Rules on Proxy Disclosure and Solicitation Enhancements are enforced (see sidebar). Companies may need to revisit structure reporting lines, composition, and oversight of risk management activity. Potential Impact on Risk Management: SEC Rules on Proxy Disclosure and Enhancements Organizations should be aware of how the recently approved SEC Rules on Proxy Disclosure Enhancements 1 may impact future public disclosure regarding the risks associated with compensation, director qualifications, and governance. The following excerpts are from the recently approved SEC proxy rule change: Compensation Policies: If the risks arising from a company s compensation policies or practices could have a material effect on the company s overall risk exposure, adequate disclosure around overall compensation policies, compensation incentives that affect risk-taking, adjustment of compensation in light of risk issues, and the company s assessment of such risks will need to be included. Director Qualifications: Additional detail regarding disclosure relative to directors and nominee qualifications, including skills (e.g., risk assessment skills) that qualify the person to be a director and participate in related committees served will need to be included. Governance Structure: Adequate disclosure of a company s leadership structure (e.g., separation of Chairman of the Board and CEO) and why such structure is the best arrangement for the company needs to be included. The board s role in risk management would also need to be addressed (e.g., how risk oversight is allocated amongst the full board vs. board committees and which committees are responsible for risk oversight). 1 SEC Rules on Proxy Disclosure Enhancements,
9 F R O M T H E O R Y T O P R A C T I C E 7 Committees get a lot of information but is it focused and insightful? What level of report detail is provided? Additional Detail Provided 67% Summary Dashboard 61% Detailed Risk Profile 17% 0% 20% 40% 60% 80% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. More than 60 percent of the survey respondents offer a summary dashboard and 67 percent offer additional detail, compared to only 17 percent that provide a detailed risk profile. This means that the survey respondents are speaking to the Audit Committee, but there needs to be a balance between relevant and focused information and striking the right balance on additional details provided. The key is focused and insightful information. However, the Board of Directors role in overseeing risk will change in 2010 as a result of the recently approved SEC proxy rule.
10 8 E N T E R P R I S E R I S K M A N A G E M E N T Internal Governance Structure: Use of the ERM Steering Committee What is the role of the Enterprise Risk Committee? Understand Key Risk and Mitigation 89% Make Risk Decisions 63% Identification of emerging risks 42% Other 11% 0% 25% 50% 75% 100% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. According to 89 percent of respondents, understanding risk and mitigation is the role of the Enterprise Risk Committee. Almost two-thirds (63 percent) include making risk decisions as part of their role, while less than half of the respondents indicate that identifying emerging risks is part of their responsibility. Composition of the ERM Committee Who chairs ERM committee/council? CRO 55% CFO 20% CEO 10% Internal Audit 5% Other 5% Do not have committee 5% About half (55 percent) of respondents indicate that the CRO chairs the ERM Committee. The next largest group responded that the CFO (20 percent) chairs the committee, followed by the CEO (10 percent). This may say something about the increased level of responsibilities for the CRO as ERM issues are elevated and discussed at companies.
11 F R O M T H E O R Y T O P R A C T I C E 9 Are there representatives from Legal, HR, IT or Compliance as members of the Risk Committee? Legal 100% Compliance 82% IT 76% Other 71% HR 65% 0% 30% 60% 90% 120% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. Not surprisingly, 100 percent of respondents say that Legal is represented on the Risk Committee. There is also strong representation from Compliance (82 percent), Information Technology (76 percent), and Human Resource (65 percent). A majority of companies have a centralized ERM department, with the CRO reporting to CFO. Who does the CRO report to? CFO 61% CEO 22% Other 17% Nearly two-thirds of the survey respondents say that the CRO reports to CFO, while about a quarter say the CRO reports directly to the CEO. Although the former is a more common practice, the leading practice, especially in European companies, is the CRO reporting directly to the CEO. Having the CRO report directly to the CEO may also raise the corporate appreciation of the importance of risk management, moving it from balance sheet risk to corporate risk.
12 10 E N T E R P R I S E R I S K M A N A G E M E N T Does your organization have a CRO and Central ERM department? Yes 75% No 25% Three quarters of the respondents say they have a CRO and centralized ERM department. In another survey question, there is nearly a 50/50 split on whether Business Units have risk management resources. Since KPMG surveyed larger companies, it appears the trend is to have a centralized ERM department, while smaller companies may not have the dedicated resources to follow a similar plan. Identification and Assessment of Emerging Risks How formalized is emerging risk management? Defined process in place 37% Part of Risk identification/assessment on a regular basis 37% Informal process 26% Ad hoc monitoring of events/trigger 21% Not considered 0% 0% 10% 20% 30% 40% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. Less than half (37 percent) have a defined emerging risk process in place while another 37 percent include it as part of the periodic risk identification/assessment process. Companies are also using informal processes and ad hoc monitoring of events. This is a focus area that ratings agencies such as Standard & Poors are looking at as part of their ratings reviews for all public companies.
13 F R O M T H E O R Y T O P R A C T I C E 11 Companies appear to be taking steps to identify emerging risks and trying to determine whether to create a new process or add it into current risk identification methods. Emerging risks are being identified in two buckets internal and external. Internal risks are being monitored through customer touch points, surveys, discussions with business unit leadership, and assessing near-miss events. The other is external emerging risks being driven by events over which the company does not have full control and may need to react to and comply with. We have noticed that many defined processes are external facing, such as media scanning or tracking proposed legislation. Quantification What level of scenario analysis/stress testing is being performed? Designed and implemented for entity-wide risks 42% Ad Hoc 32% Designed at corporate level and implemented at BU level 21% Designed and implemented at BU level 16% Not used 5% 0% 15% 30% 45% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. Scenario analysis/stressing testing is being performed most often (42 percent of respondents) for entity-wide risks. In addition, one-third of respondents indicate that it is performed on an ad hoc basis, while more than a third (37 percent) indicate that scenario analysis/stressing testing is implemented at the business unit level.
14 12 E N T E R P R I S E R I S K M A N A G E M E N T The Economic Capital Model is used in many different ways What is the Economic Capital model used for? Strategic decision-making 55% Capital allocation 50% Determining risk appetite/risk tolerances 40% Capital planning 40% Other (please specify) 20% Not used 15% 0% 10% 20% 30% 40% 50% 60% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. A solid majority of respondents (85 percent) are using an economic capital model (ECM) in a variety of ways as a tool to aid in risk management. At least half use it for strategic decision-making and/or capital management. Some 40 percent use it for capital planning and determining risk appetite/risk tolerances. In addition, nearly two-thirds of the survey s respondents indicate that the outputs of ECM are used for medium- to longterm risk-based planning as well as short-term decision making. The survey results suggest that ECM is being used in a variety of instances to support risk management, but financial services companies are using it more than non-financial services companies (such as utilities). As ERM matures and becomes a more strategic tool, the linkage of ECM and ERM becomes more intertwined. ECM then becomes one of the techniques used to provide more quantitative insight in areas shown in the chart above.
15 F R O M T H E O R Y T O P R A C T I C E 13 Risk Appetite and Strategy Taking ERM to the next level and managing a company s risk requires setting and articulating the company s risk appetite/risk tolerance and establishing risk limits. Without this approach, there are no guidelines linked to the company s strategy for how much or how little risk to take. As companies evolve, developing a risk appetite/ risk tolerance is becoming an increasing area of focus (see sidebar). What is Risk Appetite? Risk appetite is the total impact of risk an organization is prepared to accept to achieve its strategic objectives. Considerations in defining risk appetite may include how an organization wishes to be perceived by key stakeholders shareholders, employees, regulators, rating agencies and customers. The amount of risk an organization accepts will vary from organization to organization. Factors, such as the external environment, people, business systems and policies can influence an organization s risk appetite. Organizations can exercise different methods to measure risk appetite, ranging from simple qualitative measures to complex quantitative models of economic capital and earnings volatility. What Does Risk Appetite Look Like? Characteristics of a well-defined risk appetite are: Reflective of strategy, including all key aspects of the business organizational objectives, business plans and stakeholder expectations An acknowledgement, willingness and capacity to take on risk Documented as a formal risk appetite statement Considerate of the skills, resources and technology requirements to manage and monitor risk exposures in the context of risk appetite Inclusive of a tolerance for loss or negative events that can be reasonably quantified Periodically reviewed and reconsidered with reference to evolving industry and market conditions Reviewed by the Board Of the companies we surveyed, many have taken the first step and articulated a risk appetite at the entity level, and then only half of those have articulated this to the business unit level. The key trend here is that most companies are working on developing a risk appetite, and the first step is to develop a corporate-wide risk appetite.
16 14 E N T E R P R I S E R I S K M A N A G E M E N T Almost a third (29 percent) of companies surveyed do not yet have a corporate risk appetite statement. The second step is tougher; specifically, how companies enhance cascading the corporate-wide risk appetite down into regions, business units, and products lines in a meaningful way. Indeed, there is nearly a 50/50 split on whether risk appetites have been defined for different business units or product types. How is your risk appetite statement expressed? Descriptive and Quantitative 47% Don t have risk appetite statement 29% Quantitative 24% Descriptive 0% What considerations influence the setting of risk appetite? Business objectives 65% Rating 65% Stakeholder groups 59% Other 18% 0% 10% 20% 30% 40% 50% 60% 70% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. There are multiple considerations in setting risk appetite. As seen in the chart above, in over half of respondents, considerations include business objectives, rating agency evaluations, and stakeholder groups.
17 F R O M T H E O R Y T O P R A C T I C E 15 Risk Culture: Embedding Risk Management into the Daily Process Which type of strategic objectives incorporate risk-adjusted return measures? Investments 92% Product Changes 77% Growth 62% Reduce Risks 62% Market Changes 54% Acquisitions 54% Improve Return 46% Operational Efficiencies 23% 0% 20% 40% 60% 80% 100% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. Our survey respondents said that risk-adjusted return measures are incorporated into many strategic objectives. These included investment objectives (92 percent), product changes (77 percent), and growth and risk mitigation strategies (62 percent). Slightly more than half of respondents indicated that market changes and acquisitions are also reflected in risk-adjusted measurements.
18 16 E N T E R P R I S E R I S K M A N A G E M E N T The more risk identification and management is integrated as part of the daily processes and procedures, the better chances the organization has of improving the risk culture since risk management will then be considered as part of corporate processes instead of an additional step. Are ERM results/risk considerations incorporated into the following processes? Investments 88% Strategic Planning 81% Budgeting 69% 0% 20% 40% 60% 80% 100% Multiple selections allowed. Note on the charts: Since survey respondents were able to select multiple responses, percentages do not add up to 100 percent. Survey respondents said that ERM results and risk considerations are incorporated by strong majorities in the investment (88 percent), strategic planning (81 percent), and budgeting processes (69 percent). Risk Aware Culture Respondents were evenly split on whether there is a formal risk training/education process in their companies (See chart on next page). The evidence from the survey shows that companies are making progress at integration. But what the survey does not show, and what the financial crisis highlighted, was whether risk management was effective enough in helping companies avoid the types of risks that would have greatly impacted their financial results. The other key component of building risk awareness and risk management is the level of awareness and training provided to all levels of the organization. The trend is that more organizations are formally providing risk training and education to various levels of these organizations.
19 F R O M T H E O R Y T O P R A C T I C E 17 Do you have a formal Risk training/education or awareness program for various levels in organization? Yes 50% No 50% One of the most challenging aspects of driving and embedding risk management into companies is educating all levels of the organization on what risk management is, how it should be approached, and what that means for daily decision-making. The key success factor is training and education, but interestingly enough, of those surveyed only 50 percent have a formal risk training program. So the question is for those companies that don t have a formal risk training program: Do they really consider and evaluate risk consistently across the organization?
20 18 E N T E R P R I S E R I S K M A N A G E M E N T Appendix ERM Survey Questions Board and Senior Management Involvement and Oversight 1. To which committee(s) are Enterprise Risk Management updates provided? 2. How often are Enterprise Risk Management updates provided to the Audit Committee/Board of Directors? 3. What level of report detail is provided? Internal Governance Structure 4. Who chairs ERM committee/council? 5. Are there representatives from Legal, HR, IT or Compliance as members of the Risk Committee? 6. What is the role of the Enterprise Risk Committee? 7. Does your organization have a CRO and Central ERM department? 8. Do Business Units (BUs) have a BU CRO or Risk Manager? 9. Who does the CRO report to? Risk Identification and Assessment 10. How formalized is emerging risk management? 11. Is operational risk focused on and evaluated as other main risk categories (e.g. insurance, credit, market)?
21 F R O M T H E O R Y T O P R A C T I C E 19 Quantification 12. Is capital or resources allocated accordingly based on risk exposure? 13. What is the Economic Capital model used for? 14. What are the outputs of the model used for? 15. What level of scenario analysis/stress testing is being performed? Risk Appetite and Strategy 16. What considerations influence the setting of risk appetite? 17. How is your risk appetite statement expressed? 18. Have different levels of risk appetites been defined for different product types or business lines? 19. Which type of strategic objectives incorporate risk-adjusted return measures? 20. How is risk-adjusted capital determined as part of the defined corporate risk appetite? 21. Do executive management and the board use risk-adjusted return metrics in strategic planning? 22. Are ERM results/risk considerations incorporated into the following processes? Risk Aware Culture 23. Do you have a formal Risk training/education or awareness program for various levels in organization?
22 20 E N T E R P R I S E R I S K M A N A G E M E N T Survey Methodology During the summer of 2009, KPMG surveyed 21 companies in regulated industries such as insurance, banking, and utilities regarding their current ERM practices. As advisors, we are frequently asked about the common practical ERM procedures that other companies are using. As a result, we asked questions in this survey about the practical applications of ERM, such as Board and management governance, reporting, risk appetite, and the extent and use of quantification techniques. For a full list of the questions, please see the Appendix. All responses were submitted anonymously, with the understanding that results would be published in the aggregate groups of ten or greater. Acknowledgements We would like to thank the following contributors from KPMG LLP: Bruce Hager, Heather Ingram, Leslie Marlo, John Farrell, and Kreg Weigand.
23 The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. with KPMG International Cooperative ( KPMG International ), a Swiss entity. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved KPMG LLP, the audit, tax and advisory firm ( is the U.S. member firm of KPMG International Cooperative ( KPMG International ). KPMG International s member firms have 140,000 professionals, including more than 7,900 partners, in 146 countries.
24 us.kpmg.com Contact For more information about this survey or to discuss the challenges associated with ERM, please contact one of the following KPMG professionals: Angela Hoon Principal Advisory Services Matt Smyth Principal Leader Insurance Advisory Advisory Services Scott Weinstein Principal Advisory Services
Managing risk in a transforming healthcare organization How to stay competitive in a converging healthcare system kpmg.com 2 Healthcare Risk Management Managing the risk of healthcare transformation Healthcare
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
Placing a Value on Enterprise Risk Management ADVISORY Placing a Value on Enterprise Risk Management 1 In turbulent economic times, the case for investing in an enterprise risk management (ERM) program
Understanding and articulating risk appetite advisory Understanding and articulating risk appetite Understanding and articulating risk appetite When risk appetite is properly understood and clearly defined,
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
Public in a Survey report August 014 kpmg.co.uk 0 PUBLIC REPORTING IN A SOLVENCY ENVIRONMENT Contents Page 1 4 5 Introduction Executive Summary Public Disclosures 4 Changes to Financial Framework 11 KPMG
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
How to achieve excellent enterprise risk management Why risk assessments fail Overview Risk assessments are a common tool for understanding business issues and potential consequences from uncertainties.
RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a
Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization? Background Everyone within an organization has some responsibility for managing risk. In the
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
www.pwc.com 2012 US Insurance ERM & ORSA Survey Key results and findings June 2013 Henry Jupe Director, Insurance Risk and Capital Practice email@example.com Antitrust notice The Casualty Actuarial
Sample risk committee charter 1 Next This sample risk committee charter is based on leading practices observed by Deloitte in the analysis of a variety of materials. It is important to note that the Risk
THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
2015 Report on the Current State of Enterprise Risk Oversight: Update on Trends and Opportunities 6 th Edition February 2015 Mark Beasley Deloitte Professor of ERM Director, ERM Initiative Bruce Branson
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
COSO Internal Control Integrated Framework (2013) The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its updated Internal Control Integrated Framework (2013 Framework)
Introduction This module applies to Fannie Mae and Freddie Mac (collectively, the Enterprises), the Federal Home Loan Banks (FHLBanks), and the Office of Finance, (which for purposes of this module are
Framing the future of corporate governance Deloitte Governance Framework For those interested in the topic of corporate governance, these are dynamic times. The events of the past decade have led to the
From ICAAP/ORSA to ERM: Board and Senior Management Oversight Leon Bloom, Partner, Deloitte & Touche LLP firstname.lastname@example.org Agenda Basel II ICAAP Solvency II ORSA ERM From ICAAP/ORSA to ERM: Governance
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
Basel Committee on Banking Supervision Review of the Principles for the Sound Management of Operational Risk 6 October 2014 This publication is available on the BIS website (www.bis.org). Bank for International
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
Deriving Value from ORSA Board Perspective April 2015 1 This paper has been produced by the Joint Own Risk Solvency Assessment (ORSA) Subcommittee of the Insurance Regulation Committee and the Enterprise
University of St. Gallen Law School Law and Economics Research Paper Series Working Paper No. 2008-19 June 2007 Enterprise Risk Management A View from the Insurance Industry Wolfgang Errath and Andreas
www.pwc.com/us/insurance PwC s 2012 U.S. Insurance ERM & ORSA Readiness Survey PwC s 2012 U.S. Insurance ERM & ORSA Readiness Survey In September 2011, the National Association of Insurance Commissioners
Public Sector Pension Investment Board Office of the Auditor General of Canada Bureau du vérificateur général du Canada Ce document est également publié en français. Her Majesty the Queen in Right of Canada,
CRO Forum Paper on the Own Risk and Solvency Assessment (ORSA): Leveraging regulatory requirements to generate value May 2012 May 2012 1 1. Introduction 1.1. Purpose of the paper In this discussion paper
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
C o m m i t t e e o f S p o n s o r i n g O r g a n i z a t i o n s o f t h e T r e a d w a y C o m m i s s i o n T h o u g h t L e a d e r s h i p i n E R M E m b r a c i n g E n t e r p r i s e R i s
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
Assessing Banks: Delivering a Triple Bottom Line in the Real Economy Overview Global Alliance for Banking on Values The Global Alliance for Banking on Values, established in 2009, is an independent network
Enterprise Risk Management: Concepts & Issues Jacques Lapointe Internal Audit, Management Board Secretariat November 2003 1 The Basic Concept of Risk Management The active process of identifying risks,
The Rubicon Project, Inc. Corporate Governance Guidelines These Corporate Governance Guidelines reflect the corporate governance practices established by the Board of Directors (the Board ) of The Rubicon
THE GOVERNANCE OF RISK MANAGEMENT Session 5 Polling Question: Who is primarily responsible for risk governance in any organization? 0% A. The board or board risk committee (if applicable) B. The CRO 0%
HR Function Optimization People & Change Advisory Services kpmg.com/in Unlocking the value of human capital Human Resources function is now recognized as a strategic enabler, aimed at delivering sustainable
SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT Bank of Guyana July 1, 2009 TABLE OF CONTENTS 1.0 Introduction 2.0 Management
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
ADVISORY SERVICES Transforming Internal Audit: A Model from Data Analytics to Assurance kpmg.com Contents Executive summary 1 Making the journey 2 The value of identifying maturity levels 4 Internal audit
GET YOUR INTERNAL AUDIT RISK ASSESSMENT RIGHT THIS YEAR NOAH GOTTESMAN ABOUT THE AUTHOR Leveraging his background in internal audit and internal controls, Noah Gottesman provides industry thought leadership
BOARD OF DIRECTORS HUMAN RESOURCES AND COMPENSATION COMMITTEE MANDATE The Human Resources and Compensation Committee The by-laws of Suncor Energy Inc. (Suncor) provide that the Board of Directors (Board)
Audit Committee Institute Sponsored by KPMG The audit committee and risk management Is the board of directors adequately overseeing management's process for identifying and monitoring key business risks?
Compensation Risk Disclosure What Are Companies Doing? A Study of S&P 500 Companies Introduction The topic of risk has taken center stage this year - executives are more aware of it, directors are more
An update from Business Intelligence April 2009 Risk Profile, Appetite, and Tolerance: Fundamental Concepts in Risk Management and Reinsurance Effectiveness Prior to the recent turbulence in the financial
March 2014 ENTERPRISE RISK MANAGEMENT BENCHMARK REVIEW: 2013 UPDATE In April and October 2009, Guy Carpenter published two briefings titled Risk Profile, Appetite and Tolerance: Fundamental Concepts in
Solvency II Own Risk and Solvency Assessment (ORSA) Guidance notes September 2011 Contents Introduction Purpose of this Document 3 Lloyd s ORSA framework 3 Guidance for Syndicate ORSAs Overview 7 December
Internal Audit Quality Assessment Presented To: World Intellectual Property Organization April 2014 Table of Contents List of Acronyms 3 Page Executive Summary Opinion as to Conformance to the Standards,
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
IMMUNOGEN, INC. CORPORATE GOVERNANCE GUIDELINES OF THE BOARD OF DIRECTORS Introduction As part of the corporate governance policies, processes and procedures of ImmunoGen, Inc. ( ImmunoGen or the Company
Optimizing Rewards and Employee Engagement Improving employee motivation and engagement, and identifying the right total rewards strategy to influence workforce effectiveness. Kevin Aselstine, Towers Perrin
How to achieve excellent Enterprise Risk Management series www.pwc.com/us/ermexcellenceseries Article 3: June 2015 How ERM programs evolve Overview An organization s enterprise risk management (ERM) program
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
Adding Value Through Risk and Capital Management An ERM Update on the Global Insurance Industry An ERM Update on the Global Insurance Industry I 1 TABLE OF CONTENTS Foreword 2 Introduction and Executive
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
Enterprise Risk The Role of the Board in Enterprise Risk Management The board of directors plays an essential role in ensuring that an effective ERM program is in place. Governance, policy, and assurance
1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside)
R E S E A R C H 2nd Edition Board Effectiveness What Works Best Executive Summary x Board Effectiveness What Works Best The economic crisis that began in 2008 increased the focus on both the role of the
MOFAS Community Grants Program Grantee Interview Report #1 (Phase 1) Reflections on Regional Community Networks September 20, 2006 By Professional Data Analysts, Inc. Traci Capesius, M.P.H. Anne Betzner,
Director Notes Strategic Risk Management: A Primer for Directors by Mark L. Frigo and Richard J. Anderson Recent significant risk events, including catastrophic weather events, cybercrime, macroeconomic
Performance Management Date: November 2012 SSBA Background Document Background 3 4 Governance in Saskatchewan Education System 5 Role of School Boards 6 Performance Management Performance Management Overview
Organizing a Financial Institution to Deliver Enterprise-Wide Risk Management By Kaan H. Aksel PricewaterhouseCoopers Everyone seems to be talking about enterprise-wide risk management (ERM): boards of
Guidance on Supervisory Interaction with Financial Institutions on Risk Culture A Framework for Assessing Risk Culture 7 April 2014 Table of Contents Page Background... i Introduction... 1 1. Foundational
Risk appetite How hungry are you? 8 by Richard Barfield Richard Barfield Director, Valuation & Strategy, UK Tel: 44 20 7804 6658 Email: email@example.com 9 Regulatory pressures, such as Basel
FINDING THE RISK IN RISK ASSESSMENTS NYSICA JULY 26, 2012 Presented by: Ken Shulman Internal Audit Director, New York State Insurance Fund There are different risk assessments prepared: Annual risk assessment
Drive to the top The journey, lessons, and standards of global business services kpmg.com The new normal for global enterprises is about doing more with less while at the same time driving the top line
Effectively Creating and Leveraging a Board of Directors for Privately Held Companies Background The board of directors is a term that strikes fear into the hearts of most management teams. It is the group
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
Risk Committee Resource Guide For related information and guidance, visit the Deloitte Centre for Corporate Governance website at: www.deloitte.co.za Contents Introduction: Risk committees become reality...
2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or
IIA POSITION PAPER: THE ROLE OF INTERNAL AUDITING IN ENTERPRISE-WIDE RISK MANAGEMENT Revised: Page 1 of 8 Introduction The importance to strong corporate governance of managing risk has been increasingly
Risk Management Committee (Committee) Terms of Reference 1. Objective of Committee 1.1 The Risk Management Committee ( the Committee ) is a formal sub-committee of the Board of the JSE ( the Board ). 1.2
AASB Exposure Draft ED 270 August 2015 Reporting Service Performance Information Comments to the AASB by 12 February 2016 PLEASE NOTE THIS DATE HAS BEEN EXTENDED TO 29 APRIL 2016 How to comment on this
Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's
diversified industrials Supply and Demand Risk Management in Turbulent Times KPMG LLP With consumer confidence shaken and spending curtailed, businesses are facing some of the most challenging operating
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
Page 1 of 10 Investment manager research Due diligence and selection process Table of contents 2 Introduction 2 Disciplined search criteria 3 Comprehensive evaluation process 4 Firm and product 5 Investment
Enterprise Risk Management in a Highly Uncertain World A Presentation to the Government-University- Industry Research Roundtable June 20, 2012 CRO Council Introduction Mission The North American CRO Council
Game Changer The Impact of Cognitive Technology on Business and Financial Reporting May 23, 2016 Today s presenter Marc Macaulay, Cognitive Technology Audit Leader, KPMG LLP Marc Macaulay is KPMG s Cognitive