ERM Theory and Practice
-
Upload
cairo-booker -
Category
Documents
-
view
93 -
download
4
description
Transcript of ERM Theory and Practice
ERM Theory and Practice
Stephen P. D’Arcy
University of Illinois
Concurrent Session ERM 2CAS Spring Meeting
May 2006
Current SituationERM Theory ERM Practice
ERM Theory
• ERM considers all risks an organization can or does face holistically
• Organizations have a well defined risk appetite• All participants have a common language for, and
understanding of, risk• Risk is fully quantified• Risk management is applied consistently within
the organization• ERM adds value to the organization
ERM Theory – Risk Aggregation
Aggregate Risk Management
Hazard Risk
- Hurricanes
- Lawsuits
- Injuries
Financial Risk
- Credit Risk
- Market Risk
- Interest Rates
Operational Risk
- Internal Fraud
- Recalls
Strategic Risk
- Regulation
- Reputation
- Competition
ERM Theory – Risk Appetite
• Limits for adverse event– Severity– Frequency
• Same values used for all risks• Examples
– 99.97% chance of remaining solvent– 95% chance of retaining AA rating or higher– 0.1% chance of losses exceeding $1 billion– Need 25% return (or $250 million) to increase 0.1% loss
probability from $1 billion to $1.1 billion
ERM Theory – Common Language
ERM Theory – Quantification
• Firm has a set aggregate risk tolerance
• Entire distribution of outcomes is known
• Correlations between risk factors specified– Constant– Tail
• Need for a CAPM approach to risk– 250 risk factors → 31,125 correlations– Covariance with market risk → 250 correlations
Effect of Correlationf(x)
0
0.01
0.02
0.03
0.04
0.05
0 10 20 30 40 50 60 70 80 90 100 110 120 130 140
$ Outcome
Prob
abili
ty
f(y)
0
0.01
0.02
0.03
0.04
0.05
0.06
1 11 21 31 41 51 61 71 81 91 101 111 121 131 141
$ Outcome
Prob
abili
ty
f(x+y), corr=0.5
0
0.01
0.02
0.03
0 10 20 30 40 50 60 70 80 90 100 110 120 130 140
$ Outcome
Prob
abili
tyf(x+y), corr=1
0
0.01
0 50 100 150 200 250 300 350
$ Outcome
Prob
abili
ty
ERM Theory – Consistent Application
• Concentration of homeowners policies accepted up to point the overall risk to firm reaches risk tolerance level
• Reinsurance retention selected based on risk tolerance level
• Investment portfolio asset allocation determined based on risk tolerance level
• Chance of IT system failure in line with risk tolerance level
ERM Theory – Value Added
• Policyholders pay risk premium on auto insurance
• Aggregate loss variation of auto insurer– Directly related to loss frequency
• Oil prices impact driving patterns– Inversely related to auto loss frequency
• Auto insurer can reduce aggregate risk by assuming oil price risk
• Insurer will be paid to accept oil price risk• Combining risk adds value to insurer
ERM Practice• ERM coordinates hazard and financial risk
• Organizations can verbalize risk appetite (remote chance of insolvency) but not quantify it
• Participants have different languages for risk, but might understand some of the other participants’ terminology
• Only hazard and financial risk is quantified
• ERM is used primarily to monitor risk exposure
ERM Practice – Coordination
• Asset-Liability Management (ALM)– Duration matching
• Combining hazard and financial risk– WC and foreign exchange risk– Longevity risk and interest rate risk
ERM Practice – Risk Appetite
• Common level of risk of insolvency: 0.03%– Based on old study of AA bond defaults– One year happened to be this level– Does not reflect chance of downgrade, then
defaulting
ERM Practice –Risk Languages
“amministrazione di rischio ”
“リスク管理”
“위험 관리”
“διαχείριση
Κινδύνου”
“управления при допущении риска”
“gerencia de riesgo ”
“风险管理”
“Risikomanagement”
“ gestion des risques”
“risk management”
ERM Practice –Risk Languages
• Hazard risk language has developed over last four centuries– Frequency, severity, retentions– Probable Maximum Loss (PML)– Maximum Possible Loss (MPL)
• Financial risk language developed over last four decades– Duration and convexity– Derivatives – forwards, futures, options, swaps– Value-at-Risk (VaR), Tail VaR
• New ERM language being created now
ERM Practice –Quantification
• Hazard risk can be quantified well– Loss distributions – empirical and theoretical– Cat risk modeling
• Financial risk is also quantified– VaR – historical or analytical– Term structure models– Option pricing models– Delta hedging– Volatility smiles
• Operational risk measurement minimal– “Still in its infancy” or “Pre-infancy stage”
ERM Practice – Risk Monitoring
• Sarbanes-Oxley Act of 2002
• COSO – checklist of risks
• Basil II – risk treatment
• Rating agencies– Organizational structure– Use of models
What’s Needed for ERM to Grow
• Quantify Operational Risk
• Integrate Risk Effectively
• Develop Reliable Risk Metrics
• Communicate Risk to Decision Makers
• Weed out Ineffective Risk Managers – Positive impact of disasters– Survival of the fittest