Enterprise Risk Management (ERM) ‘Integrated Framework’ IMPLEMENTATION Enhancing Capabilities Taking It To The Next Level FUNDAMENTALS & ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of Internal Audit IMPLEMENTATION • • • • • • • • Risk Management Vision and Objectives Conducting Risk Assessments Getting Started – Set the Foundation Building & Enhancing Capabilities Building a Compelling Business Case Making it Happen Relevance to Sarbanes-Oxley Compliance Other Questions Enhancing Capabilities Taking It To The Next Level What steps does management take to enhance risk management capabilities? apply to those priority risks for which management has decided to attain a “managed” or an “optimized” state of capability - three steps: quantify risk enterprise wide improve enterprise performance establish sustainable competitive advantage Enhancing Capabilities Taking It To The Next Level How does management decide on the appropriate enhancement capabilities? Market/investment community expectations: institutional investors rating agencies regulatory authorities industry standards Enhancing Capabilities Taking It To The Next Level What is a “portfolio view” of risks and how is it practically applied? Risks in different units may be within the risk tolerances of the individual units taken together, the risks might exceed the enterprise wide risk appetite risks may naturally offset across the entity Enhancing Capabilities Taking It To The Next Level Portfolio view makes sense for activities directed at achieving a common enterprise wide purpose • Risks add up whether evaluated piecemeal or in total • Increased efficiency and better decisions • Improved reporting and capital allocation • Simplicity Enhancing Capabilities Taking It To The Next Level How does management quantify risks enterprise wide? At what level are risks aggregated for quantification purposes? Centralized vs decentralized • aligning enterprise wide goals and operating unit incentives • delineating risk management tasks that must be executed centrally from tasks that must be executed locally Enhancing Capabilities Taking It To The Next Level Ways to aggregate multiple risk measures Risk-pooling approaches (hedging) Enterprise wide risk appetite/specific risk tolerances Hurdle rates (industry risk adjusted) At risk frameworks (VaR, EaR, GMaR & CFaR) Risk-adjusted performance measurement 10 Enhancing Capabilities Taking It To The Next Level Enhanced capabilities achieve four things More robust risk reporting – aggregated at multiple levels by specific investments and projects Greater investment confidence Greater integration and alignment of risk responses Higher valuation - higher price/earnings multiples in share valuations 11 Enhancing Capabilities Taking It To The Next Level How does management use ERM to improve business performance? helps managers make better choices in protecting and enhancing enterprise value Evaluate the key underlying variables in the business plan that are exposed to performance variability and that require specific risk responses Understand the loss exposures or drivers inherent in the enterprise’s business model that require specific risk responses Identify incongruities inherent in the business model where management has, either knowingly or unknowingly, accepted risks that should be avoided, given the entity’s risk appetite 12 Enhancing Capabilities Taking It To The Next Level Critical risk management tasks • identify events • assess risk • formulate risk response • implement control activities • inform/communicate and monitor provides a flexible framework for addressing these three strategically important issues 13 Enhancing Capabilities Taking It To The Next Level Identify value drivers value drivers are linked to the variables that influence the achievement of the business plan they may be defined in terms of the key underlying variables that cause revenues and expenses to go up and down (increase and decrease cash flow) 14 Enhancing Capabilities Taking It To The Next Level Key performance indicators are developed metrics by which performance against plan is evaluated and ultimately rewarded converted into reports and are used to monitor performance over time managing and monitoring the business will surface opportunities to improve processes, products and services to enhance enterprise value (EVA) 15 Enhancing Capabilities Taking It To The Next Level EVA = NOPAT less WACC (NPV>0) Create new opportunities - new business activities Improve performance - policies, processes, competencies, reporting, technology and/or knowledge Harvest existing value - withdraws from existing business Adjust and align cost of capital - reduce WACC and/or ensure risks are consistent with risk appetite 16 Enhancing Capabilities Taking It To The Next Level EVA Create new opportunities – change core business risk? Improve performance – insights into soft spots in the enterprise’s or unit’s business strategy as well as opportunities to improve performance Harvest existing value - understand “relative riskiness” of different units, geographies, products or markets Adjust and align cost of capital - specific WACC for specific core businesses 17 Enhancing Capabilities Taking It To The Next Level Linkage of ERM to improved enterprise performance altering risk by increasing/decreasing: enterprise’s net exposure (materiality) variability of the enterprise’s expected returns caused by specific sources of uncertainty (such as exposure to fluctuating currency rates) probability of financial distress in the event of realized changes in key variables (such as changes in interest rates for a highly leveraged company) 18 Enhancing Capabilities Taking It To The Next Level How should we integrate our ERM approach with our strategic planning process? integrate specific ERM capabilities with the various phases of the strategy-setting process Strategic assessment  Internal environment, event identification and risk assessment Strategy development  Risk response Formulate plan  Control activities, information/ communication and monitoring 19 Enhancing Capabilities Taking It To The Next Level 20 Enhancing Capabilities Taking It To The Next Level Determine critical value drivers and define the sources of uncertainty associated with each of those drivers Shareholder Value  cash flow  earnings e.g revenue drivers: predictable volume, price competitiveness, customer liquidity, customer diversification, entry barriers and growth industry predictable volume sub drivers: segmented market, scalable productive capacity and effectively functioning distribution channel prioritize value drivers based upon their contribution select the priority drivers for purposes of event identification and risk assessment 21 Enhancing Capabilities Taking It To The Next Level Should we complete our strategic planning process prior to conducting our first enterprise wide risk assessment, or vice versa? NO incorporate risk appetite and risk management into strategy-setting 22 Enhancing Capabilities Taking It To The Next Level Is it possible to successfully merge together the risk assessments that companies perform as a result of ERM, Sarbanes-Oxley compliance, business continuity planning, internal audit and various compliance activities related to workplace, environmental and other regulations? YES Must develop common language and uniform process 23 Enhancing Capabilities Taking It To The Next Level How does management use ERM to establish a sustainable competitive advantage? Integrate risk management with business & strategic planning Implement more rigorous risk assessment process Improve management of common risks across the enterprise Improve capital deployment and resource allocation Configure the enterprise’s risk taking with its core competencies Seize opportunities through rational assumption of risk 24 ... ROLES • • • • • • • The Fundamentals COSO Enterprise Risk Management Role of Executive Management Role of the Director Role of the Chief Risk Officer Risk Management Oversight Structure Role of... view” of risks and how is it practically applied? Risks in different units may be within the risk tolerances of the individual units taken together, the risks might exceed the enterprise wide risk. .. Risk- pooling approaches (hedging) Enterprise wide risk appetite/specific risk tolerances Hurdle rates (industry risk adjusted) At risk frameworks (VaR, EaR, GMaR & CFaR) Risk- adjusted performance measurement