Enterprise Risk Management, Steven Sumners
description
Transcript of Enterprise Risk Management, Steven Sumners
![Page 1: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/1.jpg)
Enterprise Risk Management
P w C
![Page 2: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/2.jpg)
ERM Steven SumnerSteven SumnerDirector, PricewaterhouseCoopers
P w C
![Page 3: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/3.jpg)
Does ERM matter?Does ERM matter?
“Ri k t dd l t l t i di id l i“Risk management adds value not only to individual companies, but also supports overall economic growth by lowering the cost of capital and reducing the uncertainty of commercial activities ”capital and reducing the uncertainty of commercial activities.
James LamJames Lam“Enterprise Risk Management – From Incentives to Controls”
PricewaterhouseCoopersFiscal Year 2009
Slide 3
I
![Page 4: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/4.jpg)
Risk management: lessons learnedRisk management: lessons learned
“Given the central role of effective, firmwide risk management in maintaining strong financial institutions, it is clear that supervisors must redouble their efforts to help organizations improve their risk-management practices…We are also considering the need for additional or revised supervisory guidance regarding various aspects of risk
t i l di f th h i th d f t i idmanagement, including further emphasis on the need for an enterprise-wide perspective when assessing risk.
Ben BernankeSpeech given May 2008: “Risk Management in Financial Institutions”Speech given May 2008: Risk Management in Financial Institutions
“These institutions…, comforted in the belief that the rating agencies had carefully examined and modeled the risks in arriving at their rating of these securitiesexamined and modeled the risks in arriving at their rating of these securities, apparently saw little need to conduct their own due diligence, risk management, modeling and valuation processes.”
Bob Herz FASBBob Herz, FASBSpeech given September 2008: “Lessons Learned, Relearned,
and Relearned Again from the Credit Crisis – Accounting and Beyond”
PricewaterhouseCoopersFiscal Year 2009
Slide 4
I
![Page 5: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/5.jpg)
“ Many risks are preventable”
PricewaterhouseCoopersFiscal Year 2009
Slide 5
I
![Page 6: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/6.jpg)
AgendaAgenda
R t l l d• Recent lessons learned • PwC survey highlights
ERM• ERM governance• Role of the CRO• Board reporting• ERM Survey Results• Closing the gaps
![Page 7: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/7.jpg)
Section agendaSection agenda
R t l l dRecent lessons learned
![Page 8: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/8.jpg)
Risk management: lessons learnedRisk management: lessons learned
SSG Report: “Observations on Risk Management Practices p gduring Recent Market Turbulence”• Senior management oversight• Risk identification and measurement• Valuation practicesp• Liquidity risk management
PricewaterhouseCoopersFiscal Year 2009
Slide 8
I
![Page 9: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/9.jpg)
Senior Supervisory Group (“SSG”) Financial Services Organizations – Risk Management Practices
• Portfolio view of exposures and risks
g gSuccessful Companies Unsuccessful Companies
• Concentration of exposures/aggregationand risks
• Balance between risk appetite & controls
exposures/aggregation
• Pricing of liquidity and contingent liquidity
• Scenario modeling capabilities and risk quantification
• Certain risk management practices
• Controls over risk management • Sharing of qualitative and
quantitative information
• Enforcement of controls
gand valuation practices
• Liquidity risk management Enforcement of controls
• Wide range of risk measures and tools for credit and market risk
• Lack of a forward looking view of risk
• Standards for what constitutes market risk
• Timely reporting of risk to board and sr. mgmt
risk transfer
• Sr. mgmt’s role in understanding and acting on
PricewaterhouseCoopersFiscal Year 2009
Slide 9
I
understanding and acting on emerging risks
![Page 10: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/10.jpg)
Section agendaSection agenda
P C ltPwC survey results
![Page 11: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/11.jpg)
PwC survey results
PwC’s Global ERM Survey 2008PwC s Global ERM Survey 2008
S ti i ti S t tSurvey participation:
• Over 100 pages of detailed ti
Survey output:
• Published report – June 2008questions
• 53 Global Life and P&C • Customized self-assessment
reports for each participantInsurers and Reinsurers (44 in 2004)
• Detailed individual survey questions & responses
• 20 US Insurers (9 in 2004)
• 9 Bermuda Insurers
benchmarked against all participants, peers and similar organizationsorganizations
PricewaterhouseCoopersFiscal Year 2009
Slide 11
I
![Page 12: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/12.jpg)
PwC’s Insurance ERM Global Survey - 2008 … www.pwc.com
PwC survey results
PwC s Insurance ERM Global Survey 2008 … www.pwc.com
PricewaterhouseCoopersFiscal Year 2009
Slide 12
I
![Page 13: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/13.jpg)
Key themes: how far have insurers come?
PwC survey results
Key themes: how far have insurers come?
• Embedding of ERMg
• ERM governance
Risk data and modeling• Risk data and modeling
• Aligning risk and finance
• Risk assessment
PricewaterhouseCoopersFiscal Year 2009
Slide 13
I
![Page 14: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/14.jpg)
PwC’s Global ERM Survey 2008
PwC survey results
ERM progress since 2004Strong Progress Some Progress Limited Progress
PwC s Global ERM Survey 2008
• Firm-wide understanding of ERM
• Setting of overall risk appetite
Strong Progress Some Progress Limited Progress
• Data quality and data availability
• Linkage of risk appetite with objectives
• Linkage between risk d l d t t i
• Modeling capabilities• CRO role• Board & Management
• ERM roles, responsibilities & accountabilities
models and strategic planning
• Consistent & well d t d li i &
gpriorities/oversight
• Trend toward Board level ERM committee structure
• Business Unit alignment with risk appetite & toleranceRi k di lunderstood policies &
procedures• Timely reporting of risk to
Board & Sr management
• Portfolio view of risk • Risk disclosures • Risk data or systems
strategies Li i i iBoard & Sr. management
• Risk mitigation & learning• Risk technology
• Limits monitoring, enforcement & exception approval
PricewaterhouseCoopersFiscal Year 2009
Slide 14
I
![Page 15: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/15.jpg)
Section agendaSection agenda
ERMERM governance
![Page 16: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/16.jpg)
ERM governance
Current credit crisis is another eye-opener to policymakers,
• Highlights the importance and necessity for the role of
Current credit crisis is another eye opener to policymakers, regulators, rating agencies, boards and management.
• Highlights the importance and necessity for the role of effective ERM governance, involving the board and senior management: g- Effective governance structures are required and in place to
enable:- Monitoring- Multiple levelsp- Elements of an ERM Framework
PricewaterhouseCoopersFiscal Year 2009
Slide 16
I
![Page 17: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/17.jpg)
Effective governance structures and organizational design can help ERM governance
meet stakeholder expectations in a more effective and efficient manner
Setting and monitoring objectives, tone, policies,risk appetite, accountability and performance.
Governance
Identifying and assessing risks that may affect the ability to achieve objectives and determining risk response strategies and control activities.
Risk Management
Operating in accordance with objectives and ensuring adherence with laws and regulations, internal policies and procedures, and stakeholder commitments.
Compliance
Extended Enterprise & Value Chain
PricewaterhouseCoopersFiscal Year 2009
Slide 17
I
![Page 18: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/18.jpg)
When evaluating governance structures and processes, consider
ERM governance
When evaluating governance structures and processes, consider the expectations of various stakeholders…
• RegulatorsRegulators- NAIC, SEC
• New York Stock Exchange Listing Standards- Audit committee risk oversight- Internal audit department
• Institutional ShareholdersInstitutional Shareholders
• Rating Agencies- S&P, AM Best, Moody’s, Fitch
• People
PricewaterhouseCoopersFiscal Year 2009
Slide 18
I
People
![Page 19: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/19.jpg)
…As well as emerging frameworks enabling effective ERMERM governance
Environment
StrategyProcess
Infrastructure
Validation/re-assessment
Business mission and strategy Risk strategy Value proposition Risk appetite
re assessment
ReportingMeasurement and ControlOperationsRisk assessment/
ResponseRisk awareness/
Identification
Organisation Limits and MethodologiesOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
Culture Training Communication Performance RewardCulture Training Communication measures Reward
PricewaterhouseCoopersFiscal Year 2009
Slide 19
I
![Page 20: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/20.jpg)
Effective governance and organization are critical to embedding ERM ERM governance
into the business
• Business objectives• Integrated and scalable• Risk appetite and tolerance• Portfolio view of risk
Internal environment• Portfolio view of risk• Role clarity• Common risk and control languageRisk assessment
Event identification
Objective setting
ss U
nit
sidi
ary
g g• Process, risk, control libraries• Risk and Control Self
A t (RCSA)Control activities
Risk response
Risk assessmentnt
ity-le
vel
Div
isio
nB
usin
esS
ub
Assessment (RCSA)• Risk adjusted performance
managementMonitoring
Information and communication En
g• Economic capital• Benchmarking
PricewaterhouseCoopersFiscal Year 2009
Slide 20
I• KRIs and reporting
![Page 21: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/21.jpg)
Organizational effectiveness is grounded in risk-adjusted performance t
ERM governance
management
Key ElementsPerformance Management F k • Leadership, organizational
Alignment and accountabilities• Defined performance goals
Framework
• Defined performance goals and risk tolerance
• Assign• Operate
C t l
• Strategize• Define
D l • Work processes and controls• Monitoring of key risk
indicators• Re-evaluate • Monitor & Review
• Control• Report
• Develop• Deploy
indicators • Management information • Rewards and incentives
• Examine• Innovate• Act
• Analyze• Plan & Prioritize• Change
PricewaterhouseCoopersFiscal Year 2009
Slide 21
I
![Page 22: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/22.jpg)
Section agendaSection agenda
R l f th CRORole of the CRO
![Page 23: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/23.jpg)
Even good CROs occasionally miss a Key Risk Indicator
Role of CRO
Even good CROs occasionally miss a Key Risk Indicator
PricewaterhouseCoopersFiscal Year 2009
Slide 23
I
![Page 24: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/24.jpg)
Increased significance of the CRORole of the CRO
g
The CRO is a position that has grown in both significance and p g gstature in most organizations. • Yet current credit crisis has many investors and other external
stakeholders asking “where was the oversight?” • CROs help to:
- Bring business and risk management together- Enable a portfolio view of risk- Link planning, performance management, risk and capital
management
PricewaterhouseCoopersFiscal Year 2009
Slide 24
I
![Page 25: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/25.jpg)
Why is a CRO neededRole of the CRO
Key reasons for a CRO• CROs are enablers and facilitators that bring the organization together• Need for executive thinking and authority and the ability to balance roles of
oversight and challenge. • Provide a portfolio view of risk while understanding the business and be• Provide a portfolio view of risk while understanding the business and be
able to communicate effectively with all arms of the organization. . • Encourages and rewards scrutiny and challenge, even if it appears to go
against the strategic change. • The CRO is a key responsible partner in all areas of risk and risk
managementmanagement• The CRO should serve as the catalyst for enterprise risk & return
opportunities – Particularly emerging risk • The CRO must develop effective enterprise risk communication with
consistent measurement criteria for the both the BOD and senior management
PricewaterhouseCoopersFiscal Year 2009
Slide 25
I
g
![Page 26: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/26.jpg)
Attributes of a good CRO
Role of the CRO
g
• Holistic understanding of the firm’s strategies and core competencies• Must be able to add clarity around the setting of risk tolerance, appetite and y g , pp
risk limits• Maintains an appropriate level of broad-based technical capabilities
(actuarial finance economics underwriting capital markets etc ) and(actuarial, finance, economics, underwriting, capital markets, etc.) and market knowledge
• Owns economic capital development and provides a level of independence over the risk management process including how and when capital should be deployed to the business units
• Able to provide clear and accountable focus for the management of riskAble to provide clear and accountable focus for the management of risk • Provides a monitoring and validation role that spans across the enterprise
and is not limited to traditional internal controls • Must maintain a direct reporting line (or at least direct access) to the CEO
and access to the BOD
PricewaterhouseCoopersFiscal Year 2009
Slide 26
I
![Page 27: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/27.jpg)
Attributes of a good CRO (cont’d)
Role of the CRO
g ( )
• Must maintain a direct reporting line (or at least direct access) to the CEO and access to the BODand access to the BOD
• Effective at communicating and interacting with the Board/senior management and external stakeholders including the ability to explain risk issues in practical understandable business terminology and language rather than technical concepts
• Ability to provide coaching and advising the business in how to monitor andAbility to provide coaching and advising the business in how to monitor and manage risk within a standardized-wide approach
• Ability to stretch the imagination on what could be possible in dealing with b t t t d th t l ith littlabstract concepts and the courage to explore new areas with little or no
direction or precedence.
PricewaterhouseCoopersFiscal Year 2009
Slide 27
I
![Page 28: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/28.jpg)
“ We all know what can happen to the CRO”
PricewaterhouseCoopersFiscal Year 2009
Slide 28
I
![Page 29: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/29.jpg)
Section TwoSection Two
ERM O iERM Overview
![Page 30: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/30.jpg)
ERM Overview – Organization and peopleERM Overview Organization and peopleOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Centralized risk management function• Independent CRO or senior executive with risk roleIndependent CRO or senior executive with risk role• Oversight committees at the Board / senior management levels• Risk awareness culture and valuesRisk awareness, culture and values• Risk training• Talent management• Talent management• Linkages between risk and compensation
PricewaterhouseCoopersFiscal Year 2009
Slide 30
I
![Page 31: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/31.jpg)
Overall Responsibility for Corporate Risk ManagementOverall Responsibility for Corporate Risk Management
PricewaterhouseCoopersFiscal Year 2009
Slide 31
I
![Page 32: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/32.jpg)
Industry’s Ability to Attract TalentIndustry s Ability to Attract Talent
PricewaterhouseCoopersFiscal Year 2009
Slide 32
I
![Page 33: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/33.jpg)
Interaction Between Business and Risk ManagementInteraction Between Business and Risk Management
PricewaterhouseCoopersFiscal Year 2009
Slide 33
I
![Page 34: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/34.jpg)
ERM Overview – Limits and ControlsERM Overview Limits and ControlsOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Define overall and individual risk appetite• Risk assessments & inventoriesRisk assessments & inventories• Individual risk, product, exposure limits and triggers• Risk controlsRisk controls• Risk escalation
PricewaterhouseCoopersFiscal Year 2009
Slide 34
I
![Page 35: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/35.jpg)
Defining Risk Appetite and LimitsDefining Risk Appetite and Limits
InsurerOverall Risk Appetite
BU 1 BU 2 BU 3 BU 1Appetite
BU 2Appetite
BU 3Appetite
Prod. 1 Prod. 2 Prod. 3 Prod. 4 Prod. 5
Risk Appetite by Product
Product Limits
PricewaterhouseCoopersFiscal Year 2009
Slide 35
I
![Page 36: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/36.jpg)
Risk Appetite
• Turns the story into some numbers
Risk Appetite
• To effectively drive risk management need to specify both:- Severity- Probability
• ERM programs may have multiple defined risk appetites- Capital (Ruin focus)- Earnings (Volatility focus)- Rating (May be driver of probability choice)
PricewaterhouseCoopersFiscal Year 2009
Slide 36
I
36.Permission to reprint or distribute any content from this presentation requires the prior written approval of Standard & Poor’s.
![Page 37: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/37.jpg)
Risk Limits
• Hard Limits or Soft Limits?
Risk Limits
- Are they really limits if nothing happens when they are exceeded?
R l ti Ab l t Li it• Relative or Absolute Limits- Is business growth impacted by limit systems?Add O ll Ri k A i l ll l ?• Add up to Overall Risk Appetite or larger or smaller value?- Take into account diversification?- Provide for tactical opportunities
• Allocation process• Enforcement
PricewaterhouseCoopersFiscal Year 2009
Slide 37
I
37.
![Page 38: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/38.jpg)
Other Risk Terms
Risk Tolerance – The upper bound of Bad Events that the t t id
Other Risk Terms….
company wants to avoid, e.g.:• Loss of capital
E i h tf ll• Earnings shortfall• Damage to reputation
D t bilit t ll b i i k k t• Damage to ability to sell business in key markets• Loss of rating
PricewaterhouseCoopersFiscal Year 2009
Slide 38
I
38.
![Page 39: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/39.jpg)
Other Risk Terms (cont’d)
Risk Preferences
Other Risk Terms (cont d)….
• Uncertainty • Complexity• Location• Risk transfer• Time frame• Concentrations • Frequency/Severity threshold minimum• Class• Experience/Expertise
PricewaterhouseCoopersFiscal Year 2009
Slide 39
I
39.
![Page 40: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/40.jpg)
Process in Place to Define Risk AppetiteProcess in Place to Define Risk Appetite
PricewaterhouseCoopersFiscal Year 2009
Slide 40
I
![Page 41: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/41.jpg)
Process in Place to Deal with Breaches of LimitsProcess in Place to Deal with Breaches of Limits
PricewaterhouseCoopersFiscal Year 2009
Slide 41
I
![Page 42: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/42.jpg)
ERM Overview – Methodologies & ModelsERM Overview Methodologies & ModelsOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Insurance, market, credit risk management
• Operational risk managementp g
• Economic capital models & capital allocation
• Risk analytics, including scenario analysis, risk indicators, risk-adjusted y , g y , , jreturns
• Risk transfer strategies
• Linkage of planning and risk strategy
• Linkages to product pricing
• Performance management
• Capital management
PricewaterhouseCoopersFiscal Year 2009
Slide 42
I
![Page 43: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/43.jpg)
Economic capital modelsEconomic capital models
Key areas where survey
Assets available
“Excess” Capital
y yrespondents identified benefits of implementing an economic capital model:
Economic Capitalfor required capital• Better allocation of capital
than under a regulatory capital model
LiabilitiesAssets covering
liabilities
model• Definition of risk appetite• Freeing up of capital for use in
the business Liabilitiesliabilitiesthe business• Changes in the pricing of
products to better reflect riskCh i t t i di ti• Changes in strategic direction after assessing risk-adjusted performance
PricewaterhouseCoopersFiscal Year 2009
Slide 43
I
![Page 44: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/44.jpg)
C i Ri kCapturing Risk
PricewaterhouseCoopersFiscal Year 2009
Slide 44
I
![Page 45: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/45.jpg)
Guide Timing for Model DevelopmentGuide Timing for Model Development
PricewaterhouseCoopersFiscal Year 2009
Slide 45
I
![Page 46: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/46.jpg)
Model and Control Environment
PricewaterhouseCoopersFiscal Year 2009
Slide 46
I
![Page 47: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/47.jpg)
Operational Risk
Traditional Operational Risk Management - Separate Silo Ri k M t f
Operational Risk
Risk Management for:• IT Risks
HR Ri k• HR Risks• Regulatory & Compliance Risks
F d Ri k• Fraud Risk• Internal Controls• Reputation Risk• Business Continuity• Distribution Risks• Outsourcing/Vendor Risk
PricewaterhouseCoopersFiscal Year 2009
Slide 47
I
47.
![Page 48: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/48.jpg)
Operational Risk Management
Enterprise ORM – leading to Strong ORM assessment by S&P usually i t d ith
Operational Risk Management
associated with:• Comprehensive assessment of risks & control capabilities• Identification of risks not adequately controlled by existing programsIdentification of risks not adequately controlled by existing programs• Prioritization• Development of key kisk indicators, Tracking process & problem
resolution system
Excellent ORM assessment usually associated with Strong programExcellent ORM assessment usually associated with Strong program • In place for several years• Repeated applicationp pp• Refinements of controls & KRI & response programs
PricewaterhouseCoopersFiscal Year 2009
Slide 48
I
48.
![Page 49: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/49.jpg)
Operational RiskOperational Risk
Survey Results: Key Trends• <10% recognize operational risk management as a
competitive advantage • Integration of Operational risk into the broader ERM policies
and assessments and monitoring are at a limited stage- < 1/3 have formalized monitoring and reporting processes
to support ERM functions15% bl t bt i O ti l i k t d t- <15% capable to obtain Operational risk management data
- low level of comfort on data integrity
PricewaterhouseCoopersFiscal Year 2009
Slide 49
I
![Page 50: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/50.jpg)
Length of Time Corporate Operational Risk ManagementLength of Time Corporate Operational Risk Management Function in Place
PricewaterhouseCoopersFiscal Year 2009
Slide 50
I
![Page 51: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/51.jpg)
S ti f ti With O ti l Ri k M tSatisfaction With Operational Risk Management
PricewaterhouseCoopersFiscal Year 2009
Slide 51
I
![Page 52: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/52.jpg)
Use of Operational Risk ManagementUse of Operational Risk Management
PricewaterhouseCoopersFiscal Year 2009
Slide 52
I
![Page 53: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/53.jpg)
ERM Overview - SystemsERM Overview SystemsOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• ERM supporting technology
• System interface mapping tools middleware• System interface, mapping tools, middleware
• Risk registers
• Risk reporting tools
PricewaterhouseCoopersFiscal Year 2009
Slide 53
I
![Page 54: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/54.jpg)
Systems Strategy RatingSystems Strategy Rating
PricewaterhouseCoopersFiscal Year 2009
Slide 54
I
![Page 55: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/55.jpg)
P i it IT C bilitiPriority IT Capabilities
PricewaterhouseCoopersFiscal Year 2009
Slide 55
I
![Page 56: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/56.jpg)
Integration of Risks and Controls Across the OrganizationIntegration of Risks and Controls Across the OrganizationThrough Technology
PricewaterhouseCoopersFiscal Year 2009
Slide 56
I
![Page 57: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/57.jpg)
ERM Overview – DataERM Overview DataOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Data quality assessments
• Risk and portfolio data requirements data definitions data• Risk and portfolio data requirements – data definitions, data cleansing, data access
• Data warehouses• Data warehouses
• Industry data and benchmarking
PricewaterhouseCoopersFiscal Year 2009
Slide 57
I
![Page 58: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/58.jpg)
Level of Confidence in the Quality of Data Supplying SpecificLevel of Confidence in the Quality of Data Supplying Specific Areas
PricewaterhouseCoopersFiscal Year 2009
Slide 58
I
![Page 59: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/59.jpg)
Data Management ProblemsData Management Problems
PricewaterhouseCoopersFiscal Year 2009
Slide 59
I
![Page 60: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/60.jpg)
D t St t R tiData Strategy Rating
PricewaterhouseCoopersFiscal Year 2009
Slide 60
I
![Page 61: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/61.jpg)
R ti D t M t E ditRating Data Management Expenditures
PricewaterhouseCoopersFiscal Year 2009
Slide 61
I
![Page 62: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/62.jpg)
ERM Overview – PoliciesERM Overview PoliciesOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Market, credit, insurance, operational risk policies and procedures, including:p , g
• Risk rating policies;• Exposure measurement policies;
Ri k li it li i• Risk limit policies;• Monitoring and review policies;• Risk transfer policies;• Risk transfer policies;• Management and board reporting policies.
• Overall risk policiesp
PricewaterhouseCoopersFiscal Year 2009
Slide 62
I
![Page 63: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/63.jpg)
ERM Overview – ReportingERM Overview ReportingOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
• Key risk indicators that quantify major trends and risk exposures
• Limit exception reporting• Risk dashboards• Board reporting, including enterprise view on aggregate losses,
risk incidents, policy exceptions, key exposures, KRIs• ERM disclosures• Finance effectiveness – exploiting synergies betweenFinance effectiveness exploiting synergies between
requirements for financial reporting, ERM, Solvency II, and IFRS
PricewaterhouseCoopersFiscal Year 2009
Slide 63
I
![Page 64: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/64.jpg)
ERM O i A Ill t ti F k
ERM
Environment
ERM Overview – An Illustrative Framework
StrategyProcess
Infrastructure
Validation/re-assessment
Business mission and strategy Risk strategy Value proposition Risk appetite
re assessment
ReportingMeasurement and ControlOperationsRisk assessment/
ResponseRisk awareness/
Identification
Organisation Limits and MethodologiesOrganisation and people
Limits and controls
Methodologies & Models Systems Data Policies Reporting
Culture Training Communication Performance RewardCulture Training Communication measures Reward
PricewaterhouseCoopersFiscal Year 2009
Slide 64
I
![Page 65: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/65.jpg)
Section agendaSection agenda
Cl i thClosing the gaps
![Page 66: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/66.jpg)
Current ERM practices vs. targeted practices
Closing the gaps
Current ERM practices vs. targeted practices
ERM practice Current Targetedp g
Risk culture
• Program structured solely to respond to demands of external stakeholders
• Silo-based risk management
• Tone at the top• Management encouraged to act• ERM training and talent managementSilo based risk management ERM training and talent management• Risk-adjusted incentives
Risk assessment
• Lack of internal challenge• Acceptance of dated views
• Frequent, open dialogue• Exchange of risk information• Encourage internal challengeEncourage internal challenge
Risk measurement• Blind reliance upon unchallenged or
third party models• Models and tools that are “fit for
purpose”• Frequent validationq
Risk aggregation• Reliance upon judgment alone • ERM enabled systems, data
• Active assessment of aggregation and correlation
Alignment of risk and strategy
• Reactive risk management • Set and communicate enterprise-wide risk appetite
• Capital allocationEstablish targets and limits
PricewaterhouseCoopersFiscal Year 2009
Slide 66
I
gy• Establish targets and limits• Monitor limit breaches
![Page 67: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/67.jpg)
PwC’s ERM Service Offerings
Insurance risk managementInsurance risk management has always been about risk.
When it comes to ERM, nothing should get in the way of opportunities
PricewaterhouseCoopersFiscal Year 2009
Slide 67
I
![Page 68: Enterprise Risk Management, Steven Sumners](https://reader037.fdocuments.us/reader037/viewer/2022102912/5695d28e1a28ab9b029adf6a/html5/thumbnails/68.jpg)
QuestionsQuestions
PricewaterhouseCoopersFiscal Year 2009
Slide 68
I