and Risk Tolerance in an Effective ERM Program



Similar documents
Improving Financial Performance, Governance and Compliance

Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Enterprise Risk Management in a Highly Uncertain World. A Presentation to the Government-University- Industry Research Roundtable June 20, 2012

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Developing an Effective Enterprise Risk Management Program

A Risk-Based Audit Strategy November 2006 Internal Audit Department

The Role of the Board in Enterprise Risk Management

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Enterprise risk management: A pragmatic, four-phase implementation plan

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Managing Risk at Bank of America Corporation. Overview

Risk Assessment & Enterprise Risk Management

Board oversight of risk: Defining risk appetite in plain English

How To Understand The Role Of An Internal Audit

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

ERM Program. Enterprise Risk Management Guideline

INSURANCE RATING METHODOLOGY

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Placing a Value on Enterprise Risk Management ADVISORY

Understanding and articulating risk appetite

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Transforming risk management into a competitive advantage kpmg.com

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

Principles for An. Effective Risk Appetite Framework

In accordance with risk management best practices, below describes the standard process for enterprise risk management (ERM), including:

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Sample Financial institution Risk Management Policy 2011

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

The Business Continuity Maturity Continuum

Matthew E. Breecher Breecher & Company PC November 12, 2008

Insurance Enterprise Risk Management Practices

Risk Management Policy Adopted by:

Clarius Group Risk Management Policy and Framework

IFAD Policy on Enterprise Risk Management

Moving Forward with IT Governance and COBIT

Risks and uncertainties

Integrated Risk Management:

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Enterprise Risk Management

SAI GLOBAL LIMITED Risk Management Policy

Hand IN Hand: Balanced Scorecards

Capital Projects and Construction: Building in Risk Management and Project Controls

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Fraud Prevention and Deterrence

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Enterprise Risk Management: COSO, New COSO, ISO Review of ERM

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

National Conference on Public Employee Retirement Systems

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Consumer Goods and Services

Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates

THE GOVERNANCE OF RISK MANAGEMENT. Session 5

San Francisco International Airport Enterprise Risk Management

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

Risk Management Policy and Framework

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

Risk Management Policy

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

The Essentials of Enterprise Risk Management. Steven C. Tourek, Senior Vice President, General Counsel & Secretary, The Marvin Companies

COSO Internal Control Integrated Framework (2013)

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202)

Risk committee performance evaluation

Risk Management Policy

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Analyzing Risks in Healthcare. February 12, 2014

Establish Collaborative Strategies to Better Manage a Global Vendor Network Devise a Proper Float Plan

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Successfully identifying, assessing and managing risks for stakeholders

Scenario Analysis Principles and Practices in the Insurance Industry

Enterprise Risk Management in Colleges and Universities

ENTERPRISE RISK MANAGEMENT FOR BANKS

Excerpt from the ACGR on Enterprise Risk Management

EBA-GL July Guidelines. on the minimum list of qualitative and quantitative recovery plan indicators

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

Deriving Value from ORSA. Board Perspective

An Effective Approach to Transition from Risk Assessment to Enterprise Risk Management

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting

University of Edinburgh Risk Policy and Risk Appetite

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

A Primer for Investment Trustees (a summary)

Sample risk committee charter

Key Components of Enterprise Risk Management (ERM) Framework

Table of Contents Chapter 1 Introduction Goals & Objectives Required Review Applicability...

Tapping the benefits of business analytics and optimization

How to successfully manage your mega-project

How to Develop Successful Enterprise Risk and Vendor Management Programs

Transcription:

The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes (polling questions) Rate (before you leave) Attachments (you can download today s presentation) Experis Tuesday, July 10, 2012 2 1

Earning CPE Credit To receive 1 CPE credit for this Webinar, participants must: Attend the Webinar for at least 50 minutes on individual computers (one person per computer) Answer polling questions asked throughout the Webinar Experis Tuesday, July 10, 2012 3 Meet our Presenter Eric Gerner, Director of Risk Advisory Services Eric.Gerner@experis.com com (703) 336-8189 Experis Tuesday, July 10, 2012 4 2

Agenda ERM Overview Overview of Risk Appetite and Tolerance Examples and Communication Alignment with Governance Experis Tuesday, July 10, 2012 5 What is Enterprise Risk Management (ERM)? A structured and disciplined approach that supports the alignment of strategy, processes, people, technology and knowledge as an organization evaluates and manages the uncertainties it faces in order to attain its goals Aligns corporate goals with associated risks Reduce potential loss and increase potential gain Transparency for Board of Directors and Management Integrate into the operations of the business Experis Tuesday, July 10, 2012 6 3

Standard & Poor s view of ERM An approach to assure the firm is attending to all risks A set of expectations among management, shareholders and the board about which risks the firm will and will not take A set of methods for avoiding situations that might result in losses that would be outside the firm s tolerance A method to shift focus from cost / benefit to risk / reward A way to help fulfill a fundamental responsibility of a company s board and senior management A toolkit for trimming excess risks and a system for intelligently selecting which risks need trimming A language for communicating the firm s effort to maintain a manageable risk profile Experis Tuesday, July 10, 2012 7 Components of ERM Goals and Objectives Enterprise Risk Management Language Governance Process Experis Tuesday, July 10, 2012 8 4

Risk Universe Structure at a Glance RISK Categories Compliance Financial Strategic Operational Corporate Level Compliance Financial Strategic Operational Operating Units Compliance Strategic Financial Operational Experis Tuesday, July 10, 2012 9 Alignment of Appetite and Tolerance Based on the organization s risk appetite specific tolerances are applied to achieve objective as risk, threat and potential negative result are managed Goals and objectives Risk Appetite Risk Tolerance Risk Tolerance Risk Tolerance Risk Tolerance Experis Tuesday, July 10, 2012 10 5

Polling Question #1 Which of the following is NOT a component of ERM: A. Aligns corporate goals with associated risks B. Reduce potential loss and increase potential gain C. Transparency for Board of Directors and Management D. A substitute for management s judgment E. Integrate into the operations of the business Experis Tuesday, July 10, 2012 11 The ERM Maturity Model Develop internal buy-in and benefits awareness Perform Diagnostic of existing Risk Mngt program Develop Governance structure Develop Risk Universe and language Execute a Risk Assessment Develop priorities from Assessment Assign responsibility for respective risks Define Appetite and Tolerance Integrate into strategic initiatives Align with senior leadership on the key risks Initiate risk reporting and monitoring Leverage Risk Committee to review risks and the effectiveness of risk mitigation Evaluate risk tolerances and policies / authorities Expand risk reporting Integrate risk based decisions into mgmt s daily operations Integrate Internal Audit with ERM assessment and monitoring Adjust from cost/benefit to risk/reward decision process Leverage risk management to competitive advantages in the market Integrate continuous monitoring of key risk indicators into risk reporting Timeline Experis Tuesday, July 10, 2012 12 6

COSO Definition of Risk Appetite The amount of risk on a broad level an organization is willing to accept in pursuit of value. It reflects the entity s risk management philosophy, and in turn influences the entity s culture and operating style Experis Tuesday, July 10, 2012 13 Risk Appetite Tone at the top risk perspective, set by the Board of Directors Is strategic and is related to the pursuit of organizational objectives Boundaries within which the company is willing to operate Define the willingness to engage in business activities with the associated types of risks The nature of the control structure associated with the management of the associated risks With this guidance, managers should have an enhanced perspective to interpret various high level and critical factors of risk to apply key business decisions Basis to apply judgment for the aggressiveness with which to pursue activities and objectives Experis Tuesday, July 10, 2012 14 7

COSO Definition of Risk Tolerance The acceptable level of variation relative to achievement of a specific objective, and often is best measured in the same units as those used to measure the related objective Experis Tuesday, July 10, 2012 15 Risk Tolerance The means to operationalize the risk appetite throughout the organization Provide clarity on management s evaluation of its business activities and objectives towards its goals Tactical link of individual risks to the strategic goals Create the measureable components for monitoring the alignment of progress with the goals and objectives How do you determine them what are the assumptions for the range of acceptable performance built into the corporate goals Leading/lagging indicators Leverage from existing performance metrics Creates transparency for Board/Management monitoring Experis Tuesday, July 10, 2012 16 8

Three Steps to Risk Appetite and Tolerance A. Develop B. Communicate C. Monitor and Update Experis Tuesday, July 10, 2012 17 A. Develop Provide effective communication of risk throughout the organization Applied to cover all categories of risk Must be preceded by discussions of strategy and objectives Develop through Facilitated discussions Discussions related to objectives and strategies Development of performance models Experis Tuesday, July 10, 2012 18 9

Sample Risk Universe INTERNAL RISKS Operational Resource Strategic Client/Partner Change Order Client Expectations Client Indecision Client Interferences Client Management Turnover Client Response Time Errors in Client Information New Client Selection Process Schedule Available Bidding Time Completion Deadlines and Milestones Force Majeure Logic and Update Resource Management Control Warranty Quality Testing Design Constructability Plan Coordination Process/Technology Scope Completeness Execution Business Interruption Change Order Management Environment Logistics Site Safety Procurement Bondability Timeliness of Buy-Out Commodity Coordination Performance Sub Profile Workload Estimating Adjustments Price Quantity Trade Coverage Legal Contract Types Dispute Management Employment Contractual Misinterpretations Non-Performance Terms and Conditions Third Party Integrity Fraud Illegal Acts Program Development Feasibility Needs Analysis Financial Capital Availability Collectibility Interest Rate Investment Evaluation Liquidity Surety Tax People Adaptability Competencies Availability Critical Person Turnover Information Accuracy Measurement Alignment Security/Control Technology Availability Timeliness Usefulness Brand Erosion Business Model Communication Incentive Alignment Market Diversification Market Penetration Organization Structure Succession EXTERNAL RISKS Regulatory Environment Competitor Market Changes in Law Compliance Catastrophic Community Political Trade Labor Availability Key Relationships Core Competencies Demand ERM Strategies for Internal Audit 15 Experis Goals: Tuesday, 1. Financial July 10, Targets 2012 2. Market Mix/Penetration 3. Progress Towards Establishing Future Goals 4. Employee/Customer19 B. Communicate Risk Appetite Statement Means to communicate the company s willingness to engage in risk: Overall risk appetite with broad statements Risk appetite for each major class of organizational goals Risk appetite for different categories of risk Provide a lens through which all levels of management may obtain guidance on the willingness to accept the risks associated with business activities in which the company may engage to achieve our corporate goals and objectives A strategic statement and directly related to organizational objectives An integral part of corporate governance A guidance document regarding the allocation of resources A general directive on infrastructure/supporting activities in pursuit of organizational objectives Experis Tuesday, July 10, 2012 20 10

Risk Appetite Qualitative view Universal Risk Universe - Key Categories Risk Threshold Control Structure Earnings volatility 4 5 Liquidity 3 4 Capital Requirements 1 2 Changing economic conditions 3 4 Customer satisfaction 1 2 Reputation 2 3 Information Security and accuracy 2 3 Regulatory Standing 1 2 Fraudulent/unethical activity 1 1 Employee turnover 3 4 Experis Tuesday, July 10, 2012 21 Risk Appetite example Experis Tuesday, July 10, 2012 22 11

Risk Appetite example Quantitative view Capital Levels The Company will accept risks to the extent that it can maintain a capital level el of $ less than each of the three well capitalized regulatory capital requirements for financial institutions. Earnings Performance The Company will accept risks to the extent that it can maintain a Return on Equity within the top quartile of its peers. Liquidity The Company takes a conservative position with respect to liquidity, idit avoiding risks that t may reduce its secured liquidity to less than $ million. Asset Quality The Company will actively mitigate risks potentially leading to a net charge-off/total loans ratio exceeding %. Experis Tuesday, July 10, 2012 23 Risk Appetite example Quantitative view (continued) Growth The Company is open to investments and/or new products having a potential rate of return rn of greater than %, as long as there is low to moderate risk of loss during the first year of operation. Compliance The Company is committed to fulfilling all of its regulatory obligations, and will take all actions necessary to avoid any risk of non-compliance (zero tolerance). Reputation The Company does not accept any risks with even a moderate likelihood lih of creating loss of public, customer, stakeholder or employee confidence and/or adverse media coverage. Experis Tuesday, July 10, 2012 24 12

C. Monitor and Update Means to review the application of risk appetite Accomplished through specifics identified with risk tolerances / performance metrics Incorporated into ERM reporting and dashboards Internal Audit can provide independent insight on the accuracy and alignment of tolerances Experis Tuesday, July 10, 2012 25 Polling Question #2 Which of the following is NOT a key component or Risk Appetite A. Established by the Board of Directors B. Can be communicated through a Risk Appetite Statement C. Can be either Qualitative or Quantitative D. Should be similar between all companies within a given industry Experis Tuesday, July 10, 2012 26 13

Sample Risk Universe INTERNAL RISKS Operational Resource Strategic Client/Partner Change Order Client Expectations Client Indecision Client Interferences Client Management Turnover Client Response Time Errors in Client Information New Client Selection Process Schedule Available Bidding Time Completion Deadlines and Milestones Force Majeure Logic and Update Resource Management Control Warranty Quality Testing Design Constructability Plan Coordination Process/Technology Scope Completeness Execution Business Interruption Change Order Management Environment Logistics Site Safety Procurement Bondability Timeliness of Buy-Out Commodity Coordination Performance Sub Profile Workload Estimating Adjustments Price Quantity Trade Coverage Legal Contract Types Dispute Management Employment Contractual Misinterpretations Non-Performance Terms and Conditions Third Party Integrity Fraud Illegal Acts Program Development Feasibility Needs Analysis Financial Capital Availability Collectibility Interest Rate Investment Evaluation Liquidity Surety Tax People Adaptability Competencies Availability Critical Person Turnover Information Accuracy Measurement Alignment Security/Control Technology Availability Timeliness Usefulness Brand Erosion Business Model Communication Incentive Alignment Market Diversification Market Penetration Organization Structure Succession EXTERNAL RISKS Regulatory Environment Competitor Market Changes in Law Compliance Catastrophic Community Political Trade Labor Availability Key Relationships Core Competencies Demand ERM Strategies for Internal Audit 15 Experis Goals: Tuesday, 1. Financial July 10, Targets 2012 2. Market Mix/Penetration 3. Progress Towards Establishing Future Goals 4. Employee/Customer27 Inherent Risk - Top 10 by Group Risk Ranking Risk Classification Risk Category Risk Senior & Other Senior Other Resource Capital / Liquidity Capital access / availability / allocation 1 1 1 Resource Capital / Liquidity Liquidity 2 6 3 Resource People Morale / productivity 3 3 6 Resource Capital / Liquidity Secondary marketing 4 50 2 Operational Integrity Credit Policy Adherence 5 10 10 Strategic Strategic New business evaluation 6 7 13 Operational Integrity Tone at the Top 7 35 4 Strategic Strategic Cost control / budget discipline 8 5 18 Operational Deposit Base Management Attracting deposit accounts 9 34 5 Strategic Strategic Brand reputation / recognition 10 8 21 Strategic Strategic Media attention 24 13 29 External Regulatory Compliance Cooperation with regulators 41 31` 47 Experis Tuesday, July 10, 2012 28 14

8.0 7.0 6.0 5.0 4.0 3.0 2.0 1.0 0.0 - Jan-01 Feb-01 Mar-01 Apr-01 May-01 Jun-01 Front Office Middle Office Ope rations Accounting IT 7/10/2012 Tolerances example: Executive Risk Report We would expect the audience would include executives such as: Board CEO COO CFO Senior managers Senior finance managers Risk management Bonding Staff Turnover % 30 25 20 15 10 5 0 Bonding Utilization Versus Margin At Risk project profits 500 400 300 200 10 0 1 2 3 4 5 6 Business Unit 8% 6% 4% 2% 0% M arg in o n Bonded Work Jan- 01 Feb- 01 Mar- 01 Apr- 01 May- 01 Staff turnover by Project/Dept Key Risk Indicators On Target Fundamental Value Trend Change orders 12 Schedule delays 90 Customer mix 76 Unbonded subs 60 Labor productivity 55 Risks by Business Area Business Unit Overall Customer Satisfaction 0% 20% 40% 60% 80% 100% 1 91% 2 42% 3 87% 4 82% 5 63% Safety Events By Geographical Region 11% 16% 5% Sample Commentary Staff turnover continues to require new untested staff on key projects ABC project has change orders that exceed owner s loan balance Employees say they don t know how to use existing systems 30% of projects have negative float on critical path Financial reports from Division don t tie to detail records 47% 21% 1 2 3 4 5 Experis Tuesday, July 10, 2012 29 Governance Key Risk Questions Is there a process for reporting risk and performance? Does the organization structure support risk reporting? Reporting Strategy Is there a process for assessing risk and capabilities? Is Board advised of mission-critical risks? Are key uncertainties being managed? Are there assurances that our capabilities are effective? Is a risk-sensitive culture in place? Execution Tolerance and Policy Is opportunityseeking behavior balanced with risktaking? Are boundaries and limits adequately defined? Experis Tuesday, July 10, 2012 30 15

Applying the Governance Board of Directors Review risk policy, risk management structure, establish risk appetite and tolerances Understand and oversee overall risk profile and risk management structure Approve risk strategies Oversight /Assessment of risk monitoring Risk Committee (Or existing Management Committee) Approve/oversee risk tolerances, initiatives, strategies Delegate and oversee authority & accountability for specific risk management Coordinate overall risk reporting and monitoring Risk Owners/Process Owners Manage risks in accordance with tolerances and priorities Assist Risk Committee with risk reporting Primary responsibility for identifying, managing and monitoring risks within their delegated authority Experis Tuesday, July 10, 2012 31 Polling Question #3 Responsibility for Monitoring and the performance of the company against the respective risk tolerances belongs to: A. The Board of Directors B. Senior Management C. Process Owners D. Risk Owners E. All of the above Experis Tuesday, July 10, 2012 32 16

Questions Eric Gerner, Director of Risk Advisory Services Ei Eric.Gerner@experis.com i (703) 336-8189 www.experis.com Experis Tuesday, July 10, 2012 33 About Experis Finance Experis Finance delivers innovative project solutions and professional resourcing services in the areas of risk advisory, tax and finance & accounting Visit experis.us/finance to download the latest white papers and compliance updates Experis Tuesday, July 10, 2012 34 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information