Enterprise Risk Management (ERM) ‘Integrated Framework’ IMPLEMENTATION Risk Management Vision and Objectives FUNDAMENTALS & ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions RM Vision and Objectives How does management develop a shared vision for the role of risk management in the organization? What is the practical use of a shared vision? senior management working group “risk management vision” develops a shared view of the role of risk management in the organization and the capabilities desired to manage its key risks (“big picture view”) RM Vision and Objectives Risk management vision “call for action” to drive the organization to identify, design and build the risk management capabilities needed to close significant gaps and make management’s selected risk responses happen RM Vision and Objectives Specific capabilities managing priority risks selecting the priority risks and determining the current state of risk management capability desired future state is assessed with the objective of advancing the maturity of the capabilities around managing those risks close significant gaps and deliver management’s desired outcomes RM Vision and Objectives ERM infrastructure overall risk management policy enterprise wide risk assessment process integration of risk responses with business plans presence on the board and CEO agenda chartered risk committee clarity of risk management roles and responsibilities dashboard and other risk reporting proprietary tools to portray a portfolio view of risk RM Vision and Objectives How does management define the entity’s risk management goals and objectives? Develop a common understanding of risk across multiple functions and business units to manage risk cost-effectively Achieve a better understanding of risk for competitive advantage Build safeguards against earnings-related surprises Build and improve capabilities to respond effectively to low probability, critical, catastrophic risks Achieve cost savings through better management of internal resources Allocate capital more efficiently RM Vision and Objectives RM Goals and Objectives should be consistent /supportive of the enterprise’s business objectives and strategies targets the markets and geographies in which the firm does business specifies the products and services it provides to those markets, the channels it uses to access those markets and the characteristics by which it differentiates its products and services in the eyes of the customer built on the processes through which the entity converts materials and labor into products and services; employees, training/retention; suppliers/customers; shareholders and lenders RM Vision and Objectives “Tough questions” What are our business objectives and strategies? What are our financial targets, e.g., profitability, size and revenue growth? What values we want to build and reinforce? What markets we choose? What relative market position we seek? What is our business model for winning in our chosen markets? 10 RM Vision and Objectives “Tough questions” What specific possible future events we face? Are they related? How sensitive are our strategies, markets, earnings and cash flow to the occurrence of future events? How risky are our tangible and intangible assets for creating value? What are the loss drivers affecting those assets? 11 RM Vision and Objectives “Tough questions” Which specific future events could, if they occurred, affect our organization’s ability to achieve its: objectives relating to quality, innovation, timeliness, safety, compliance, etc to execute its strategies successfully? Which events would affect our market share? 12 RM Vision and Objectives “Tough questions” How capable are we of responding to events beyond our control that may happen in the future? Do we know what our expected returns are, as adjusted for risk? Do risk-adjusted returns vary by business unit? By major product? By geography? If accept the exposures inherent in our business model that give rise to our existing risks, we have sufficient capital to absorb significant unforeseen losses should they occur? 13 RM Vision and Objectives ERM Vision Statement: Contribute to the creation, optimization and protection of enterprise value by managing our business risks as we create value in the marketplace 14 RM Vision and Objectives ERM Mission Statement: Create a comprehensive approach to anticipate, identify, prioritize, manage and monitor the portfolio of business risks impacting our organization Put in place the policies, common processes, competencies, accountabilities, reporting and enabling technology to execute that approach successfully 15 RM Vision and Objectives ERM Goals and Objectives: Design and execute a global business risk management process integrated with our strategic management process: • Integrate business risk management with our strategy formulation and business planning processes • Articulate our strategies so that they are understood throughout our organization • Establish KPIs designed to drive behaviors consistent with our strategy • Reward effective articulation and management of key risks Ensure that process ownership questions are addressed with clarity so that roles, responsibilities and authorities are properly understood 16 RM Vision and Objectives ERM Goals and Objectives: Design and execute a global process to monitor and reassess the top quartile risk profile and identify gaps in the management of those risks, based upon changes in business objectives and in the external and internal operating environment Define risk management strategies and clear accountabilities and action steps for building and executing risk management capabilities and improving them continuously Continuously monitor the information provided to decisionmakers in order to assist them as they manage key risks and protect the interests of shareholders 17 RM Vision and Objectives What is “risk appetite”? amount of risk, on a broad level, an entity is willing to accept in pursuit of value reflects management philosophy, and in turn influences the entity’s culture and operating style qualitative risk appetite: high, medium or low quantitative approach: balancing goals for growth, return and risk higher risk appetite may be willing to allocate a large portion of its capital to such high risk areas as newly emerging markets low risk appetite only in mature, stable markets 18 RM Vision and Objectives What is “risk thresholds” = “tolerances” = “limits”? acceptable level of variation relative to achievement of a specific objective best measured in the same units as those used to measure the related objective 19 RM Vision and Objectives Observations: Risk appetite is strategic - relates primarily to the business model Risk tolerance is tactical - relates primarily to objectives Every organization has a risk appetite Risk tolerance reflected differently for different objectives: • relating to earnings variability • interest rate exposure • compliance with laws and regulations • acquisition, development and retention of people 20 RM Vision and Objectives Is there a defined methodology for calibrating performance with risk tolerances? (“the acceptable variation relative to the achievement of an objective.”) three types of risk tolerance: • Variability in achieving expected returns (materiality) • Susceptibility to extreme events = loss exposure or loss driver  exposure to catastrophic loss (probability) • Inconsistency with the desired risk appetite 21 RM Vision and Objectives How are the risk management vision and objectives translated into the appropriate ERM infrastructure? Develop “Capabilities”  policies, processes, competencies, reports, methodologies and technologies • phase sets the foundation • phase builds capabilities for critical risks • phase enhances existing risk management capabilities 22 RM Vision and Objectives 23 24 ... ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of... gaps and deliver management s desired outcomes RM Vision and Objectives ERM infrastructure overall risk management policy enterprise wide risk assessment process integration of risk responses with... How does management develop a shared vision for the role of risk management in the organization? What is the practical use of a shared vision? senior management working group risk management