ERM 57 Review - RIMS - The Risk Management Society - … Handouts/RI… · PPT file · Web...

Recording of this session via any media type is strictly prohibited.

ERM 57 Review

Mike Elliott, CPCU, AIAF, MBARich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe,

MBARIMS – April 2014


Overview

• Exam Basics – What to Expect• Test-Taking Tips• Review of Sections Students Find the

Most Challenging


What to Expect on the Exam

• Educational Objectives• Balanced Exam• Pretest Items


Test-Taking Tips

• Get the easy ones• Don’t get bogged down early• Use the “mark for later review” feature• Eliminate the obviously wrong answers• Use your scratch paper to keep track


Assignment 1

Introduction to Enterprise Risk Management


ERM Definition

RIMSA strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.


Traditional Risk Management Department


ERM Governance Model


Classifications of Risk


Risk Quadrants


Risk quadrants differ from risk classifications. While risk classifications focus on specific characteristics of the risk itself, risk quadrants focus onA: pure and subjective risks.B: subjective and objective risks.C: risk diversification.D: sources of risk.


Assignment 2

Enterprise Risk Managementin an Organization


Purpose and Types of Maturity Models

The purpose of a maturity model is to evaluate or improve a business process.Two types of particular interest are:• Capability Maturity Model• RIMS Risk Maturity Model


Capability Maturity Model (CMM) and Capability Maturity Model Integration

Has five levels:• Ad hoc• Initial• Defined• Managed• Optimizing


Based on the Capability Maturity Model (CMM) developed by Carnegie Mellon, an organization that has basic risk management processes with no attempt at enterprise-wide risk management is at which one of the maturity levels? A: ManagedB: InitialC: Ad hoc D: Defined


RIMS Risk Maturity Model

Uses 5 maturity levels based on CMM applied to 7 attributes:• Adoption of ERM-based approach• ERM process management• Risk appetite management • Root cause discipline• Uncovering risks• Performance management• Business resiliency and sustainability


A risk maturity model that uses five maturity levels based on the Capability Maturity Model, determining the maturity level for each of seven attributes by evaluating the degree to which key drivers are present, is known as the A: Capability Maturity ModelB: Standard and Poor’s (S&P) Risk Maturity ModelC: RIMS Risk Maturity ModelD: Aon Risk Maturity Index


Organizational Functions Related to ERM


Assignment 3

Enterprise Risk Management Framework and Process


Framework and Process


ISO 31000 Framework and Process

Source: ISO 31000:2009


COSO ERM

Source: COSO – Enterprise Risk Management – Integrated Framework


Applying Risk Management Framework

The main purpose of the framework is to integrate risk management throughout the organization. The framework has 4 components1. Lead and establish creditability2. Align and integrate3. Allocate resources4. Communicate and report


Assignment 4

Risk Oversight


The European Corporate Law Directive on Auditing has produced a recommended framework that defines the corporate governance roles. Under this framework, which one of the following is responsible for converting strategy into operational objectives?A: Board of directorsB: Chief executive officerC: Operational managementD: Senior management


Which statement describes one of the responsibilities of an executive-level risk committee? A: Assist the board in establishing risk appetite and

risk tolerance levelsB: Monitor the organization’s compliance with

established risk limitsC: Approve the organization’s risk management

strategies, including their design and implementationD: Oversee exposures of the organization’s critical

risks and advise the board on risk strategy


Assignment 5

Strategic Planning and EnterpriseRisk Management


Strategy Implementation

Some organizations apply a balanced scorecard approach to implement strategy and to provide a foundation for strategy evaluation. The balanced scorecard approach translates an organization’s strategy into specific goals and actions assigned to each department within the organization.


SWOT Analysis Table


Organizational Levels


Which one of the following types of strategy determines how individual departments within an organization direct their activities? A: Functional strategyB: Business strategyC: Corporate strategyD: Operational strategy


Assignment 6

Risk-Based Performance and Process Management


Key Performance Indicators

A key performance indicator (KPI) measures progress toward an organization’s goals, provides an attainable standard for a specific activity, and gives the focus or direction the activity is to take.


Successful organizations have goals and objectives. A financial or nonfinancial measurement that defines how successfully an organization is progressing toward its long-term goals is referred to asA: an operating standard (OS).B: a critical success factor (CSF).C: a key performance indicator (KPI).D: an objective gauge (OG).


Purpose of Key Risk Indicators (KRIs)

Effective KRIs provide objective, quantifiable information about emerging risks and trends in existing risks that can affect an organization’s success. A KRI can reveal an upward trend in the level of a risk that, if it continues, will exceed the designated risk threshold for that risk.


Which one of the following is an example of an external key risk indicator (KRI) that a manufacturer might monitor?A: Number of employee injuriesB: Age of accounts payableC: Amount of budget variancesD: Cost of raw materials


Assignment 7

Internal Audit and Control


Internal Control and Risk Management

Internal control – a system or process that an organization uses to achieve its operational goals, internal and external financial reporting goals, or legal and regulatory compliance goals.


COSO Internal Control Framework

Source: COSO Internal Control – Integrated Framework


Three Lines of Defense Model

Source: FERMA/ECIIA


According to the Three Lines of Defense Model, internal audit’s role in risk assessment techniques is toA: design them.B: implement them.C: provide assurance on their effectiveness.D: perform a control risk self-assessment (CRSA).


Evolution of Internal Audit

Transaction Approvals

Assurance of Internal Controls

Risk-based Approach


Risk-Based Auditing

Aligns audit resources with the areas that pose the greatest organizational risk.


The modern approach to internal auditing differs from the traditional approach by focusing onA: the effectiveness of internal controls.B: the relative riskiness of various activities.C: transaction approvals.D: systems-based compliance.


Assignment 8

Regulation and Compliance


RegulationRules-Based

• More certainty and predictability

• Less responsive to change• Inflexible• Often circumvented

Principles-Based• More flexible and focuses

on outcomes• Responds more quickly in a

changing environment• Requires more

communication between the regulator and the regulated


NAIC ORSA

Risk Management Framework

Assessment of Risk Exposure

Prospective Solvency

Assessment

• Principles-based (guidelines)• Applies ERM to insurance companies


The NAIC Own Risk and Solvency Assessment (ORSA) model law represents a change from past NAIC directives because it isA: specific in terms of reporting.B: retrospective.C: voluntary.D: principles-based.


Assignment 9

Risk Assessment and Treatment


Risk Identification Tools

• Facilitated workshops• Delphi technique• Scenario analysis• HAZOP• SWOT


Which one of the following team approaches to risk identification involves a select group of experts in question-and-response cycles until a consensus is achieved?A: HAZOPB: Scenario analysisC: Delphi techniqueD: SWOT


Risk Treatment Techniques


Assignment 10

Risk Modeling


Influence Diagrams and Probabilities

GEV Industries hires inexperienced and experienced workers to operate simple and complex machines. Accident rates vary by worker experience and complexity of machine.

GEV would like to estimate accident rates if it (a) assigns workers randomly to machines or (b) assigns workers to machines based on experience.


Influence Diagram

Worker Experience

AccidentRate

? Machine Complexity

Cost ofRisk

Worker assignment to machines


Simple machines

Complexmachines

Inexperienced workers

Experienced workers

40 160 60 140

Machine and Worker Data

Inexp. worker (30%) Exp. Worker (70%)

Simple machine (20%) 6% 14%

Complex machine (80%) 24% 56%

Random Worker Assignments Probabilities

Accident Conditional ProbabilityInexperienced Experienced

Simple Machine 5% 0%

Complex Machine 40% 10%


Inexp. worker Exp. worker

Simple machine .3% 0.0%

Complex machine 9.6% 5.6%

Accident Conditional Probability

Accident Probability

Inexperienced Experienced






Random Worker Assignments Probabilities

Total accident probability = 15.5%


Inexp. worker Exp. worker

Simple machine 1% 0%

Complex machine 4% 7%

Accident Conditional Probability

Accident Probability

Inexperienced Experienced






Worker Assignments by Experience

Total accident probability = 12%


Twenty percent of PDQ Transport’s trucks have advanced safety equipment and 80% do not. Thirty of PDQ’s drivers are inexperienced and 90 are experienced. Assuming drivers are assigned randomly to trucks, what is the probability that an inexperienced driver is assigned to a truck without advanced safety equipment?A: 18%B: 20%C: 24%D: 60%


Correlation

• Relationship between two variables• Number between +1 and -1• 0 means no correlation


Two variables are perfectly positively correlated. If one of the variables increases, the other willA: increase in direct proportion.B: decrease in direct proportion.C: increase at half the rate.D: decrease at half the rate.


Value at Risk (VaR)


A $500,000, 2 percent VaR means losses are expected to beA: $10,000.B: less than $500,000 2 percent of the time.C: $490,000.D: greater than $500,000 2 percent of the time.


Assignment 11

Risk-Based Capital Allocation


Cost of Equity

KE = rf + ß (rm – rf )

Where:ß = Beta of securityrm = Expected return on the marketrf = Risk-free rate


Cost of Debt Equation

Cost of debt KD = (risk free rate of return rf + risk premium) × (1 – tax rate)


Polytech Company

69

Tax rate 40%Risk-free rate 4%

Current Debt $10 millionPolytech credit spread 2.10%

Curent Equity $100 millionExpected market return 10%Market risk premium 6%Polytech Beta 1.20


Polytech Company

• Estimate the cost of debt• Estimate the cost of equity• Optimal capital structure = weighted average of the

cost of debt and the cost of equity

70


Polytech Company – Cost of Debt

71

(Risk-free rate of return + credit spread) X (1 – tax rate)

(4% + 2.10%) X (1-.40)

3.66%


Polytech Company – Cost of Equity

72

Risk-free rate of return + Beta X (Market rate of return – risk-free rate of return)

4% + 1.20 (10% - 4%)

11.20%


Polytech Company – Weighted Average Cost of Capital

$10 mil. debt divided by $110 mil. (debt + equity) = .091.091 weight of debt; .909 weight of equity

(3.66% X .091) + (11.20% X .909).333% + 10.181%

10.514%

73


Market Value Surplus (MVS)


Economic Capital


Market Value Surplus ExampleAutumn Assurance Group has assets at fair value of $100 million. The present value of Autumn’s liabilities is $85 million. The market value margin is $5 million. Using probability models, Autumn determines that its VaR is $8 million because it expects to incur an $8 million or greater loss of capital at a .5 percent probability over a one-year period.1. What is Autumn’s MVS?2. What is Autumn’s economic capital?3. Does Autumn have excess capital or a deficiency in

capital?


Questions?


Evolution of Risk Management

Insurance Management

Risk Management

Enterprise Risk Management


ERM Value Proposition

• Identify key risks• Employ risk-based decision making• Improve internal control• Improve risk governance• Comply with legal and regulatory

requirements


Solvency I and II (Insurance Cos)

Solvency I

• Early 1970s• Focused on capital

adequacy

Solvency II

• 3 pillars• 1 – Risk-based capital• 2 – Risk management and

governance• 3 – Transparent reporting• Includes an own risk and

solvency assessment (ORSA)


Basel II and III (Banks)

Basel II

• Issued in 2004• Minimum capital

requirements using weights for different types of credit risk

Basel III

• Response to the Great Recession

• Operational risk added• Risk management

framework• Board of directors role

(approve framework, risk appetite, governance)


ERM Process Model


Risk Identification Tools – Risk Register

Event ID

Risk Scenario Likelihood Impact Risk Level Risk Treatment (present)

Proposed improvement action

Next Review Date

Loss of personal computer

3 1 None None Remove from list

Damage to reputation

2 4 Review policy Implement … 2 months

Loss of state funding

3 5 None •Increase lobbying•Step up giving campaign

1 month

….

1

2

3

Public University


Risk IdenficationTools - Risk Map

2

1

3 1

2

3

Loss of a personal computer

Damage to reputation

Loss of state funding

Public University


Inherent and Residual Risk

Inherent

Treat

ResidualTreat

Optimum


A risk map showing a large difference between inherent and residual risk indicates that theA: current risk treatment is ineffective.B: risk does not need to be treated.C: current risk treatment is effective.D: risk exceeds the organization’s risk tolerance.


Decision Tree


ERM Tools - Modern Portfolio Theory

Expe

cted

Val

ue o

f the

Ret

urn

Risk – standard deviation (variability)

X

Risk

App

etite

X

X

X


The efficient frontier consists of portfolios thatA: are riskless.B: provide the average market return.C: provide the highest return at different risk levels.D: return the risk-free rate of return.


Earnings at Risk


Earnings at risk of $200,000 with 90 percent confidence are projected to be A: $180,000.B: less than $200,000 10 percent of the time.C: $200,000 90 percent of the time.D: greater than $200,000 10 percent of the time.


Assignment 12

Risk Management Environment and Culture


Risk Centers and Owners

Risk center – unit within an organization at which level a risk (or risks) is most effectively managed

Risk owner – individual accountable for identification, assessment, treatment, and monitoring of risks in a specific environment


Advantages of Risk Centers

Reduces the scope of risk analysisAllows for the involvement of operational

managersHelps focus on the organization’s strategic goals

and operational objectivesEnsures that risks are managed at the most

appropriate level in the organization


Risk Attitude

Risk Avoiding Risk SeekingRisk Optimizing

ERM 57 Review - RIMS - The Risk Management Society - … Handouts/RI… · PPT file · Web...

Documents

Transcript of ERM 57 Review - RIMS - The Risk Management Society - … Handouts/RI… · PPT file · Web...