Subido por Carlos Obando

implementing erm

Anuncio
Presentation Title
1
Guiding Principles for Implementing
Enterprise Risk Management (ERM)
SEAC Conference
New Orleans
November 15-17, 2006
Hubert Mueller
(860) 843-7079
©Towers
Perrin
© Towers
Perrin
0
IMPLEMENTING ERM
ERM raises many implementation challenges for senior executives
„ Stakeholders have challenged senior executives to ask questions with regard to
integrated, enterprise-level risk analysis and their decision-making:
„ How can we identify the key and emerging risks that deserve senior
management attention?
„ How do we measure and manage operational risks to the same degree as
financial risks?
„ How much capital do we need and what return should we get on it?
„ How should we deploy capital to business segments and evaluate their
performance?
„ How do we select our growth strategies, given our risk environment?
„ How can we maximize our return on capital, given our risk appetite?
„ How do we best invest our assets, given the structure of our exposures?
„ How much, and on what terms, should we insure and hedge?
„ How should we report our risk management results and communicate with
external audiences about our risk management programs?
„ How do we build a risk culture within the organization?
„ How do we coordinate all of this? And how do we get started?
© 2006 Towers Perrin
1
Friday, October 20, 2006
Presentation Title
2
IMPLEMENTING ERM
Enterprise Risk Management should address key management issues
at each stage of the journey from compliance to value creation
Internal/External Dimension
Companies Need to Manage Risks from Many Interrelated Areas
„
„
„
„
„
„
„
„
„
„
Marketing
Economy
Legal/social
Regulatory/political
Competition
Insurance
People
Processes
Hazards
Other
Financial/Operational Dimension
ERM Stages
Management Issues
Compliance and Governance
What are my risks?
Diagnostics and Analytics
What is their impact?
Solution Options
What can we do about them?
Execution
How do I take action?
© 2006 Towers Perrin
2
IMPLEMENTING ERM
Guiding Principles: ERM as a means to add value to an organization
1. ERM serves strategic purpose — not for audit
„ ERM is more than an audit. Risk management optimizes the risk/return
relationship not only the avoidance of risk
2. ERM generates economic value
„ Create value by reducing the cost of capital and by increasing profits through
better risk-based decision making
3. ERM is focused on managing risks in an integrated manner, as a portfolio
of risks
„ Analyze risks in combination to reveal systemic risks and interactions, and
explicitly considers the interrelationships and correlations between risks
4. ERM considers both “downside” risks and “upside” opportunities
„ Optimize the risk/return profile of the enterprise
5. ERM is best operationalized by making it part of the normal business
process
„ Coordinate with corporate planning and the allocation of capital and resources to
fully integrate into the mainstream of business decision-making
© 2006 Towers Perrin
3
Friday, October 20, 2006
Presentation Title
3
IMPLEMENTING ERM
1. ERM serves strategic purpose — not for audit
„ All businesses must take risks to earn returns. Risk management should therefore
be the optimization of the risk/return relationship and not only the avoidance of risk
„ Audit examines whether specified procedures and processes are being followed.
It reduces risk, but does not consider the risk/return tradeoff
„ Audit strategically mitigates risk, however, what to audit and how much time and
effort to invest in audit is determined through a risk management process
Audit Approach
ERM Approach
Starts with a checklist of risks
Articulates strategy and identifies risks to
achieving strategic objectives
Defensive: Focuses only on downside risks
Considers unexpected upside scenarios;
identifies opportunities for risk taking based
on relative ability to manage risks vs.
competition
Analyzes risks in silos
Considers interaction of risks to expose
areas of concentration and diversification
Supports monitoring and reporting
Supports decision making
4
© 2006 Towers Perrin
IMPLEMENTING ERM
“Risk Triage” process filters strategic risks from tactical risks
Strategic Risks
Corporate
Risk
Filters
Business Unit
Organizational
Unit
Organizational
Unit
Business Unit
Organizational
Unit
Organizational
Unit
Tactical Risks
© 2006 Towers Perrin
5
Friday, October 20, 2006
Presentation Title
4
IMPLEMENTING ERM
2. ERM generates value: Risk-Capital-Value Framework
Value
Creation
Maximize value by
relating a firm’s decisions
on the risks it takes to
the decisions on the
capital it uses to finance
its business
Return
on Risk
Portfolio of
Enterprise
Risks
Risk
Structure
Capital
Costs
Value
Management
Capital Adequacy
Portfolio of
Capital
Resources
Risk and
Capital
Management
How much
capital do I
need?
What type
of capital do
I need?
Capital
Structure
Economic
Capital
© 2006 Towers Perrin
6
IMPLEMENTING ERM
3. ERM is focused on managing risks
in an integrated manner, as a portfolio of risks
„ Why manage risks in an integrated manner?
„ Systemic risks
− Risks which in isolation are small within each organization, but because of
common causes can in the aggregate across the enterprise pose a significant
risk
„ Concentration of risk
− Separate risk events that have common consequences
„ Correlation of risks
− When companies fail, often it is because several related risks occur
simultaneously. Important to understand the interactions among risks
− The lack of perfect correlation of risks means that the aggregate financial risk
is less than the sum of each individual risk — may be overspending on risk
management if managing risks independently
„ Exposure of risk
− Understand relative exposure across all risks to optimally allocate resources
(financial and human) to mitigate risks
„ Use risk analysis to develop risk-adjusted performance of business units — a best
practice in the financial services sector
© 2006 Towers Perrin
7
Friday, October 20, 2006
Presentation Title
5
IMPLEMENTING ERM
Risk identification should capture the “Anatomy of Risk”
„ Benefits of recognizing the anatomy of risk:
„ Illustrates interactions among causal factors and consequences across risks to
identify systemic risks and risk concentration
Consequence 1
Cause 1
Risk Event 1
Consequence 2
Systemic
Risk
Cause 2
Consequence 3
Risk Event 2
Consequence 4
Concentration
of Risk
Cause 3
Consequence 5
Cause 4
Risk Event 3
Consequence 6
© 2006 Towers Perrin
8
IMPLEMENTING ERM
4. ERM considers both downside risks and “upside” opportunities
„ A fundamental objective of ERM is to optimize the risk/return trade-offs
„ The “downside” of each business activity is the risk of financial loss, the
“upside” is higher profitability
„ When evaluating options to mitigate the “downside” of risks, need to also
consider whether it reduces the “upside”
„ Identify and embrace risks that the company can manage better than
competitors
„ An insurance company that believes it can better price auto risk pursues
riskier (and more profitable) drivers and even identifies competitors who are
offering lower prices
„ Better management of political, foreign exchange and supply chain risks
creates a competitive advantage in considering strategy to enter developing
countries
„ These are generally core business risks, such as risks directly related to the
manufacturing and distribution of core products
© 2006 Towers Perrin
9
Friday, October 20, 2006
Presentation Title
6
IMPLEMENTING ERM
5. ERM is best operationalized by making it part of the normal
business process, fully integrated into the decision-making activities
ERM Analysis
Business Plan
„ Insurable risks
Assets
Assets
Liabilities
„ Mortality
Current Assets
Current Liabilities
„ Property/Casualty
Long-Term
Liabilities
Fixed
Assets
„ Human Resources
Equity
„ Market risks
Impact of
RiskManagement
Decisions
„ Interest rate
„ Equity markets
„ Foreign exchange
Expenses
Revenues
Costs
Operating
Income
Taxes
„ Other
Net Income
Other Income
„ Credit risks
„ Operational Risks
Begin
„ Business Risks
„ Business interruption
„ Corporate image, brands
„ Economic cycles
Cash Flow
End
Operation
Operation
Investment
Investment
Financing
Financing
10
© 2006 Towers Perrin
IMPLEMENTING ERM
Use assessment method that reflects true nature of risks
Probability
This is what risks look like..
…but the traditional method of
assessing risks distorts the picture
Likelihood
Expected
loss
High
>y%
$
Risks
Med
x% - y%
Probability
Low
< x%
Low
< $x
Expected
loss
Med
$x - $y
High
>$y
Impact
$
„ Simplifies distribution of loss scenarios into a
single scenario — which scenario?
Probability
„ Underemphasizes real risks: low likelihood of
large losses
Expected
loss
© 2006 Towers Perrin
$
„ Likelihood x Impact represents expected loss —
not risk
11
Friday, October 20, 2006
Presentation Title
7
IMPLEMENTING ERM
Implementing ERM:
A 4-stage process at any level of the firm
Identify
Execute
Solve
Quantify
What are my risks?
Who is watching them?
How much do they weigh?
What is their impact
What can we do about them?
How do we decide?
How do I take action?
What value does it create?
12
© 2006 Towers Perrin
IMPLEMENTING ERM
The ERM Framework links strategy to the organization and processes
that drive risk-based decision-making
ERM Framework
Organization
„ Governance
„ Accountability: Roles and
Responsibilities
„ Risk definition
„ Goals and objectives
„ Risk tolerance levels and
guidelines
Tools
Strategy
Process
„ Identify
„ Quantify
„ Solve
„ Execute
Monitoring and Reporting
© 2006 Towers Perrin
13
Friday, October 20, 2006
Descargar