Enterprise Risk Management Overview of ERM –Introduced in lecture 9 What’s Driving ERM?...

35
Enterprise Risk Management • Overview of ERM – Introduced in lecture 9 • What’s Driving ERM? • Conference Board Report on ERM • Basic Approach • Examples of ERM Adopters • ERM Metrics • Conclusion

Transcript of Enterprise Risk Management Overview of ERM –Introduced in lecture 9 What’s Driving ERM?...

Enterprise Risk Management

• Overview of ERM– Introduced in lecture 9

• What’s Driving ERM?• Conference Board Report on ERM• Basic Approach• Examples of ERM Adopters• ERM Metrics• Conclusion

Overview of ERM• ERM is a journey, not a one time event• ERM is not just compliance, it needs to be

embedded in the culture to be successful• ERM starts at the top• ERM takes the commitment of the

management team• ERM takes time to develop

The growing acceptance of ERM is driven by four key forces

Corporate Disasters

• Enron• WorldCom• Adelphia• Mutual Funds

IndustryInitiatives

• Treadway Report, US• Turnbull Report, UK• Dey Report, Canada

Best Practices

• Banks• Asset Managers• Energy Firms• Corporations

RegulatoryActions

• S.E.C.• Sarbanes-Oxley• Basel II

EnterpriseRisk

Management

Conference Board Study• Analysis of Fortune 100 Companies- 11/05-2/06• Survey (4% response rate) and interview process• Sample by Revenue

– 13.5% < $1B– 41.2% $1B- $5B– 26.2% $5B- $15B– 19% > $15B

• Sample by Industry– 19% energy/ utility– 24.1% manufacturing– 26.7% financial services– 30.1% non financial services

Conference Board Key Findings• Evolving legal developments make it prudent for directors to

ensure there is a robust ERM process in place– Expanding scope of fiduciary duties– SEC endorsement of self regulatory frameworks– NYSE listing standards– Federal sentencing guidelines

• More directors acknowledge they must oversee business risks as a part of their strategy setting role

• Consider making improvements in ERM oversight• Sound ERM oversight and implementation practices are

recognized in leading companies• Opportunity to learn from best-in-class ERM industries

(financial, energy/ utility)

Conference Board Recommendations• Review committee structure and charters

– Clear who is responsible for risk management• Audit Committee for most companies, but they may be over-burdened• Dedicated risk committee for some companies

• Review board member competencies for managing risk– Strengthen the Board as needed– Training the Board on risk management

• Develop risk management process to ensure members are fulfilling their fiduciary duties

• Consider robust board level ERM reporting system– Provide information, not data (prioritized risk list, action plan, etc)

• Develop a process to assess and monitor risk management process– Review done at Board level at least once per year

• Spend time with management to understand risk issues– Interact with executives with best perspective on key risks

Rating Agency and Insurance Company Considerations

• Moody’s and Standard and Poors’ now incorporate risk management assessment into credit ratings

• S&P Commentary– banking and insurance sectors 2 years ago– Report on insurance industry coming out soon – Looking at trading risk for the energy sector– Considering other industries– “Companies who manage risk effectively should receive “credit”

in the rating process”• Insurance companies

– (D&O underwriters) consider rating agency opinions– Underwriters look favorably toward companies who are focused

on managing risk

One Framework for ERM• Committee of Sponsoring Organizations of the

Treadway Commission ( COSO )– Published Enterprise Risk Management-Integrated

Framework in 2004•COSO has defined ERM as …A process, effected by an entity’s board of directors, management and other personnel,applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives.

Traditional risk management• Six step process

– Risk identification– Risk analysis– Development of alternative techniques to treat

risks– Selection of best risk-treatment techniques– Implementation of selected techniques– Evaluation and monitor of effectiveness of risk

management

Ten key questions to consider1. What is our appetite for risk? (capacity and propensity)2. Do we know what our risks are?3. Do we know how those risks relate to one another?4. Who within our company “owns” those risks?5. Can we measure those risks?6. Have we evaluated non-traditional risks?7. Does everyone at our company understand their role in managing

risk?8. Is effective risk management linked to performance evaluations?9. Is risk considered in all facets of decision making? 10. Does our company continually look for ways to optimize risk

strategy?

ERM Expands Traditional Risk Management

• More fully integrates risk management into the organization’s structure

• ERM is an interactive process not a reactive process

• Establish an ERM framework – policies, processes, and systems

• Manage risk interdependencies and aggregations• Provide risk transparency to key stakeholders• Ensure company practices meet or exceed regulatory

requirements• Balance business and risk requirements, and avoid

“irrational exuberance”• Optimize risk/return by integrating ERM into strategic

planning and day-to-day business processes• Attract, retain, and develop talented risk professionals

The role of a chief risk officer (CRO)

An ERM framework should encompass seven key building blocks

2. Line Management

Business strategy alignment

3. Portfolio Management

Think and act like a “fund manager”

4. Risk TransferTransfer out

concentrated or inefficient risks

5. Risk Analytics

Develop advanced analytical tools

6. Data and Technology Resources

Integrate data and system capabilities

7. Stakeholders ManagementImprove risk transparency for key stakeholders

1. Corporate Governance

Establish top-down risk management

An ERM dashboard should address five key questions for senior management

1. Are any of our strategic, business, and financial objectives at risk?

2. Are we in compliance with policies, limits, laws, and regulations?

3. What risk incidents have been escalated by our risk functions and business units?

4. What key risk indicators and trends that require immediate attention?

5. What are the risk assessments that we should review?

Case study:

• $1 trillion of assets under management

• Private company

• Decentralized business culture

Background 3-Year ERM Program• Organized Global Risk Forum

• Implemented annual Global Risk Review

• Automated loss accounting

• Developed ERM framework

• Implemented intranet-based Global Risk MIS

• Experienced significant reduction in loss ratio

Risk Metrics

Risk Event Log

Event LossRoot

CausesControlsNeeded

Education

0%

20%

40%

60%

80%

100%

1995 1996 1997 1998

• New associates• Management• Business/Operational processes• Best practices• Lessons learned

Goal

MAP

Actual Loss Experience

85% Decline

Basic risk management processes can lead to significant improvements

Economic capital represents a common currency for risk

Credit RiskEarnings volatility due to variation in credit losses

Market RiskEarnings volatility due to market price movements

Operational RiskEarnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events

Credit Risk

MarketRisk

OperationalRisk

Probability

Change in Value

Enterprise-wide Risk

Case study:

New capital markets business

Traders hired from foreign bank

Aggressive business and growth targets

Background 2-Year ERM Program Established risk policies and

systems

Instilled risk culture

Survived “Kidder” disaster

Captured 25% market share with zero policy violations

Recognized as best practice

• Engaged senior management and board of directors• Established policies, systems, and processes,

supported by a strong risk culture• Clearly defined risk appetite with respect to risk

limits and business boundaries• Robust risk analytics for intra- and inter-risk

measurement, summarized in an “ERM dashboard”• Risk-return management via integration of ERM into

strategic planning, business processes, performance measurement, and incentive compensation

Hallmarks of success in ERM at GE

ERM Metrics

• You cannot manage what you cannot measure

• Goal is to measure risk on a common basis

Financial Performance Measures

• Return on Equity (ROE)

• Operating Earnings

• Earnings before interest, dividends, taxes, depreciation and amortization (EBITDA)

• Cash Flow Return on Investments (CFROI)

• Weighted Average Cost of Capital (WACC)

• Economic Value Added (EVA)

Financial Risk Metrics• Return on Capital (Financial Services Industry)

– Risk-adjusted return on capital (RAROC)– Return on risk-adjusted capital (RORAC)– Risk-adjusted return on risk-adjusted capital (RARORAC)

• Economic Income Created– Risk-adjusted return – (Hurdle rate x economic capital)

• Shareholder Value– Shareholder value (SHV)

• Discounted value of cash flows

– Shareholder value added (SVA)• Discounted value of EVA (Economic Value Added)

Financial Risk Management Metrics

• Interest Rate Sensitivity Measures– Duration and convexity

• Interest Rate Models• Value-at-Risk (VaR)

– Parametric– Monte Carlo simulation– Historical simulation

• Asset/Liability Management (ALM)

Value at Risk - A Definition

• Value at risk is a statistical measure of possible portfolio losses– A percentile of the distribution of outcomes

• Value at Risk (VaR) is the amount of loss that a portfolio will experience over a set period of time with a specified probability

• Thus, VaR depends on some time horizon and a desired level of confidence

Value at Risk - An Example

• Let’s use a 5% probability and a one-day holding period

• VaR is the one day loss that will be exceeded only 5% of the time

• It’s the tail of the return distribution

• In the example, the VaR is about $60,000

Return Distribution

Portfolio Gains/Losses

Prob

abili

ty

VaR

First - Identify the Market Factors• There are three methods to calculate VaR, but

the first step is to identify the “market factors”

• Market factors are the variables that impact the value of the portfolio– Stock prices, exchange rates, interest rates, etc.

• The different approaches to VaR are based on how the market factors are modeled

Methods of Calculating VaR

• Historical simulation– Apply recent experience to current portfolio

• Variance-covariance method– Assume a normal distribution and use the

statistical properties to find VaR

• Monte Carlo Simulation– Generate scenarios to determine changes in

portfolio value

Based on these 10 lowest returns out of 100 of a simulation of asset value, what is the 95% VaR?

A) 19,536,917

B) 13,558,569

C) 11,964,744

D) 9,975,605

E) None of the above

Change in Asset Value

(19,536,917)

(13,558,569)

(13,037,674)

(12,034,629)

(11,964,744)

(9,975,605)

(8,006,458)

(7,776,690)

(6,790,814)

(6,760,278)

Current State of Financial Risk Management

• Modeling is used extensively in measuring market risk

• Interest rate sensitivity measures depend on cash flow models and term structure models

• Value-at-Risk measures also depend on models• Don’t be fooled by indicated precision of

measures• Understand the models underlying the

calculations

Operational and Strategic Risk Analytics

• Analytic methods are primitive

• Top-Down Approaches– Analogs

• Remove identifiable risks first

• Remaining risk is classified as operational risk

– Historical loss data

• Bottom-Up Approaches– Self assessment– Cash flow model

Solvency Related Risk Measures

• Probability of Ruin

• Shortfall Risk

• Value-at-Risk (VaR)

• Expected Policyholder Deficit (EPD) or Economic Cost of Ruin (ECOR)

• Tail Value at Risk (Tail VaR) or Tail Conditional Expectation (TCE)

• Tail Events

Performance Related Risk Measures

• Variance

• Standard Deviation

• Semi-variance and Downside Standard Deviation

• Below-target-risk (BTW)

Conclusion• There is a standard approach for dealing with

each type of risk• Each area has its own terminology and techniques• The ERM challenge is to combine these different

approaches into a common method that can deal with risk in an integrated manner

• The first step is to understand the different approaches

Acknowledgements

• Frank Strenk, Lockton Companies

• James Lam

• Mark Vonnahme, Department of Finance, U of I

What’s Next?• Thursday, April 26

– Case 3• Tuesday, May 1

– Course summary and review for the final examFinal Exam

Both 8:30 am and 10 am sectionsFriday, May 4, 2007

8-11 am120 Architecture Building

Conflict exam 8-11 am Monday, May 7 – location TBA