CAACM 5th Annual Meeting & Conference in Collaboration with ICATT The Changing Face of Enterprise Risk Management July 13-15, 2011 Hyatt Regency - Trinidad and Tobago 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Overview • Risk has always been managed, somehow, or the other. • As a concept RM evolved from the insurance industry where risk financing was the main RM activity. • Financial services crisis in 2008 demonstrated the extent to which uncontrolled risk taking has damaged economies. • RM for years was done by buying insurance. • More recently companies managed risk through the capital markets with “derivative” instruments. • Risks that defy easy measurements like reputation, legal, human resources have led to the emergence of ERM. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Risk Definition Through The Years Definition "Combination of the probability of occurrence of harm and the severity of that harm." "Combination of the probability of an event and its consequence ." "Chance of something happening that will have an impact on objectives ." "Events with a negative impact represents risks , which can prevent value creation or erode existing value. Events with positive impact may offset negative impacts or represent opportunities ." "The concept of risk refers in general to the magnitude and likelihood of unanticipated changes that have an impact on a firm's cash flows, value or profitability…Risk has a negative connotation , but uncertainity can be a source of opportunities as well as costs." "Effect of uncertainty on objectives ." 1.347.891.9252 [email protected] Rawle Mitchell Source ISO/IEC Guide 51:1999 ISO/IEC Guide 73:2002 AS/NZS 4360:2004 COSO (2004) ERM Integrated Framework Lars Oxelheim & Clas Wihlborg (2008) Corporate Decision-Making with Macroeconomic Uncertainity ISO 31000:2009 July 2011 Risk Management Standards Some of the popular standards: • Australia/New Zealand (AS/NZS) Standard 4360 2004. • COSO 2004 ERM - Integrated Framework Defines and prescribes a process for implementing ERM. • The ISO 31000 (2009) -1st global risk management standard. ISO 31000 definition has shifted the emphasis from the “event” (something happening) to the “effect” – really the effect on OBJECTIVES! 1.347.891.9252 [email protected] Rawle Mitchell July 2011 What is ISO? • International Organization for Standardization (ISO) is the world's largest developer and publisher of International Standards. • ISO is a specialized international organization founded in Geneva in 1947 and concerned with standardization in all technical and non-technical fields except electrical and electronic engineering. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Why an ISO Standard in RM? • Organizations around the world [be they public, private, for profit, not-for-profit, multinational, etc.] were facing increasing and greater risks and risk management was not being consistently defined and applied across sectors and countries. • The challenges of inconsistent practices and definitions thus give rise to the need for a universal standard. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Why did ERM evolve? • Risk managers today need to manage known risks AND they must also be prepared to cope with unknown risks that may manifest themselves at any time. • • Risk managers can only meet these demands if they operate at a strategic level. Calls for strengthening risk oversight have been occurring on an increasing basis over the last several years. • • NYSE (2004) adopted governance rules that require audit committees of listed firms to oversee management’s risk oversight processes. More recently rating agencies, such as S & P, have begun to explicitly evaluate an entity’s ERM processes as an input into their credit ratings analysis. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Barriers to ERM Oversight 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Marsh & RIMS 3 Levels of RM 1. Strategic RM incorporates all of the characteristics of traditional and progressive approaches, but adds in measures with more of a “C-suite view” of risk. 2. Companies that practice strategic RM tend to view risk as something to optimize, not just to mitigate or avoid. 3. There is a concerted effort to index risk against competitors and against the organization itself. 4. There is a stronger effort to weave risk issues into the overall conversation about the firm’s business decisions. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Antecedents of ERM Implementation • The idea that ERM is a key component of effective governance has gained widespread acceptance. • Literature review suggests five broad groups of factors that determine extent of ERM implementation: • Regulatory influences • Internal influences • Ownership • Auditor influence • Firm and industry-related characteristics 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Why the Continuing RM evolution? In light of so many financial failures, Robert P. Hartwig lashed out at then current ERM frameworks. Hartwig: Financial crisis was the result of a failure of RM [in the banking and securities markets] on a colossal scale. We may literally have to tear up the manual of ERM and start over. How did so many major financial players miss or overlook such huge, systemic exposures? But there is no “manual of enterprise risk management” to tear up. Risk management is a general term referring to the overall process of addressing risk, not any one particular method for mitigating risk. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Why the Continuing RM evolution? But, RIMS contends that the financial crisis resulted from: 1. System-wide failure to embrace appropriate ERM behaviors - or attributes - within these distressed organizations. 2. Failure to develop and reward internal RM competencies. 3. Failure to use ERM to inform management’s decision making for both risk-taking and risk-avoiding decisions. 4. Over-reliance on the use of financial models, with the mistaken assumption that the “risk quantifications” (used as predictions) based solely on financial modeling were both reliable and sufficient tools to justify decisions to take risk in the pursuit of profit. 5. Failure to embed ERM best practices from the top all the way down. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Regulatory Impact on ERM ERM must be part of the culture - accepted, expected and practiced at the highest levels and down through the organization - if it is to help the organization make better risk-adjusted decisions. There’s an increased focus on the effectiveness of BOD risk oversight practices: 1. NYSE’s corporate governance rules already require audit committees of listed corporations to discuss risk assessment and RM policies. 2. Credit rating agencies, such as S&P, are assessing ERM processes as part of their corporate credit ratings analysis. 3. More importantly, while business leaders know organizations must regularly take risks to enhance stakeholder value, effective organizations recognize strategic advantages in managing risks. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Regulatory Impact on ERM 4. Signals from some regulatory bodies now suggest that there may be new regulatory requirements or new interpretations of existing requirements placed on boards regarding their risk oversight responsibilities. 5. Legislation has also been introduced in US Congress that would mandate the creation of board risk committees. 6. The U.S. Treasury Department is considering regulatory reforms that would require compensation committees of public financial institutions to review and disclose strategies for aligning compensation with sound risk-management. 7. July 2009, the SEC issued its first set of proposed rules that would expand proxy disclosures about the impact of compensation policies on risk taking and the role of the BOD in the company’s risk management practices. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Barriers to Adopting more Strategic Approaches to RM 1. Ability to feasibly/definitively demonstrate value and ERM ROI metrics 2. Senior management concerns that ERM processes are too difficult and/or costly 3. Personnel and financial resources dedicated to RM 4. Personnel skills, expertise and capabilities 5. Products that would enhance RM strategy and capabilities 6. RM technology issues 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Barriers, What Barriers? Changes that must be made to help firms adopt more strategic approaches to RM: 1. 2. 3. 4. Reorganize and reengineer the RM function Increase internal education Increase investment and resources in RM capabilities Implement RM supporting software/technology 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Can ERM Evolve Further? Some ERM truisms: 1. Firms are using RM more in developing their strategic goals and objectives. 2. Senior management at many firms are now more aware than ever of the need to incorporate risk into the decision making process. 3. Firms are increasing their investment in RM 4. Today RM must deal with the known risks as well as the unknown and the unknowable. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Steps to ERM Improvement 1. Integrate strategic planning processes and risk assessment activities to take advantage of risk opportunities and consider risk variations across strategic goals. 2. Reward risk ownership and effective RMAPs, so in this way ERM is being aligned with the firm’s balanced scorecard and merit payouts. Going forward – companies must focus not only on the downside of risk but the upside as well. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 What Role Should RMIS Play? 1. RMIS and other technologies today have a large role in managing risk. 2. Demand for on line, real time risk related calculations with quick response times means that a new generation of risk systems architecture is required to cope with such demands. 3. These RMIS have to be event-driven systems with service-oriented frameworks. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 BOD ERM Role & What Prevents That? BOD must: 1. Take responsibility for ensuring that the institution has a framework in place to embed ERM and its constituent parts including risk appetite, risk roles and responsibilities, etc. 2. Verify that risk and other key personnel are appropriately trained to fulfill their ERM roles and responsibilities. 3. Insist on receiving regular risk reports and RMAPs. 4. Ensure that corporate objectives are developed in conjunction with ERM insights. 5. Ensure that executive management conduct table top risk exercises and submit reports on same to BOD. 6. Ensure that business continuity and disaster recovery plans are developed, tested and improved regularly. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 Changing Skills Set for the CRO 1. Most progressive institutions have a dedicated senior executive charged with the responsibility of being the “Risk Champion” at their organisation. 2. CRO is largely charged with the Risk Champion role. 3. However, the CEO or MD is really the “chief-risk-officer” just as he/she is the “chief-revenue-officer”. 4. CRO by designation must possess a 360 degree view of the firm. 5. CRO must be multi-faceted in terms of skills set, but in particular, must be a great communicator and facilitator, very good with finance, and must thoroughly understand the core nature of the business. 1.347.891.9252 [email protected] Rawle Mitchell July 2011 There is no time like the present to rethink your company’s approach to enterprise risk management. ERM is a process that must be ongoing and flowing throughout your institution! Thank You Email: [email protected] Skype: rawle.mitchell64 Cell: 347-891-9252 1.347.891.9252 [email protected] Rawle Mitchell July 2011
© Copyright 2026 Paperzz