best practices in enabling erm

8/9/2019 Best Practices in Enabling ERM

1/16

Jeff HasmannDirector, Risk Management PracticeOctober, 2004

Best Practices in EnablingEnterprise Risk

Management


2/16

2

Overview

What’s driving interest in ERM

Concept of an ERM infrastructure

Barriers to effective ERM

Components of a ‘best practices’ ERM infrastructure Interesting ERM case studies throughout


3/16

3

RISK Management

Market

Credit

Operational

Scope: What is ERM and what is drivingit?

Minimum Capital Requirements and Liquidity Covenants

Supervisory Review of Internal Controls & Capital Adequacy

Public Disclosure of Risk Management by Companies

Validation of accuracy and integrity of financial management CEOs and CFOs must personally certify that their companies' statements

are complete and accurate


4/16

4

Who Cares?

CIOs are facedwith both sidesof thebusiness;needs for growthand expansion

and cost justification foreach IT project.

Institutions arespendingMillions eachyear on IT butfeel they have

reached thelimits that enablethem to containcosts yet enablelarge-scaleacquisitions.

In the post Sarbanes-Oxley environmentwhere CFOs are askedto sign off on financialstatements, the qualityof data and thesystems that producethat data are beingscrutinized now morethan ever before.

Growth can onlycome with efficientarchitectures andsynergistic investmentsin technology.

Risk compliance infinancial institutionshas become morecomplicated by anumber of regulationssuch as Basel IIaccord and USAPatriot act.

A siloed approach tocompliance is nolonger valid,significant savings canbe found in the poolingof initiatives aroundrisk.

In an environment whereCMOs are being asked togrow revenues with lessmanpower than ever before,new regulations are gettingin their way of beingeffective.

Privacy policies, and optout policies are destroyingpre existing databases andmaking it hard to cross selland up sell existingcustomers.

Quality data can only befound by drawing datafrom a centralized datawarehouse that containevery interaction with thecustomer as well as whenand where it is appropriateto contact them.

CIO’s Care: CFOs Care: CRO’s Care: CMOs Care:


5/16

5

AlignmentConvergence

Strategy

People

Processes

Themes in developing a robust ERMinfrastructure

Alignment of people, processes, and strategic vision

Integrated technology enables effective ERM

Mandatory alignment of businesses with corporate vision

Cooperation across business silos Rewards for risk-adjusted performance

Technologyas enabler


6/16

6

Some Barriers to Successful ERM

OrganizationalSilos

Inadequate Data

Management Strategy

Internal politics Fragmented data

Tunnel vision • Incomplete data

Lack of synergies • No common data models

Corporate Culture

• Overhyped benefits of ERP

• ERM is ‘catastrophe avoidance’

• Risk management is overly complex

Conflicting strategies • Manual aggregation of data • Executive compensation structure not gearedtowards ERM


7/16

7

Trust [Enterprise Risk Reduction]

Stage 1

Business &Risk Mgtm

Silos

Stage 2Partial

Integration

Stage 3Holistic

Approach

Stage 5

Innovation & CompetitiveAdvantage: Effective ERM is

Value-Added Business,which translates to higher

shareholder returns

Increasing

I n

f r a s t r u c t u r e

/ M o d e l i n g

I n t e g r a t i o n & S o

p h i s t i c a t i o n

Stage 4

Continuous

Realignment ofPolicies and

Strategies withEver-Changing

Business &

Compliance

Realities

Evolution of the Enterprise RiskManagement Infrastructure

Efficiency IncreasingReturn Increasing


8/16

8

RiskStrategy

andGovernance

RiskProcesses

Toolsand

Technology

PeopleandOrganization

ManagingBusinessRisk

Alignment

Enterprise Risk Strategy and Corporate Governance

Executive sponsorship Corporate governance Top-down definition of risk appetite

Strategic allocation of capital Policies and procedures Integration across silos

• Weaknesses in existing systematic /detective controls to manage

operational risks• Technology functionality delivered is

less than optimal and there are manymore opportunities for automation

Technology• Fragmented and disparate technology

platforms need to be better integrated

• Relatively low investments in technologyplanning & procurement have weakened theability to scale up operations, monitor andcontrol risks

• A certain amount of instability in the existingtechnology platforms leads to frustrations andlost productivity

• Deficiency in the amount of trust placed inexisting systems and applications.

• Significant opportunity exists to implement keyearly warning systems and reduce risk whileimproving decision-making

• Weaknesses in standardized reporting ofmanagement information

• Inconsistent rrisk measurementmodels and tools

• Limited early warning systems

• Limit setting tools

• Loss classification frameworks

• RAROC and VaR models

• Increasing complexity of businessmodel has increased risk of non-compliance to policies andprocedures. This has created aneed for additional internalcontrols or even a completely newbusiness model.

• Manual work around and re-keying of data increase potentialfor human error or fraudulentbehaviour

• Increasing potential for failure tocomply with regulatoryrequirements due to lack ofsufficient assistance from thecommonly used applicationsystems

• Profiles of new products areincreasingly changing thefundamental risk profiles ofcustomers and need additionalprocesses and controls

• Absence of key risk and keyperformance indicators

Business Processes

• Increasing turnover and declining tenuretrends add to costs and risks

• Increasing need for higher skilledprofessionals

• Not enough people

• Human errors can lead to increasedchances for poor delivery of service,damaging customer relationships &increasing risk

• Potential for compensation notsufficiently matched with skill set

and market

People and Organization

Our Objective: Propose a Strategy to Enable ERM


9/16

9

Business Unit Exposures

Enterprise Risk Exposure

Risk-based

Metrics andScorecards

A enterprise risk

infrastructure gives an

organization the ability toexamine all of the layers

within it. The result is a

core that strengthens

internal controls andefficiently and reliably

manages risk exposures

An Enterprise Risk Infrastructure is composed of several

layers

Global Risk-

Based Strategies

for Loss

Avoidance andCompliance

Adherence


10/16

10



Risk-based

metrics andscorecards

Avoid unexpected losses

Stay out of the news

Improve bottom line

Reduce Fines

Increase Customer Satisfaction

Increase Employee Utilization

Business Unit Risk Management

Measuring business unit risk is the outer most layer

Global Risk-

Based Strategies

for Loss

Avoidance &Compliance

Adherence


11/16

11



Risk-based

metrics and

scorecards Leverage on more

comprehensive views

Ability to report to the BoDand Auditors with greater

clarity and depth on

compliance matters, risk

exposures, and effectiveness

of controls

Enterprise Risk Exposure Management

Measuring enterprise risk is the next layer in the journey

Global Risk-

Based Strategies

for LossAvoidance and

Compliance

Adherence

Roll together multiple BUs

Risk exposure aggregation

Information sharing


12/16

12



Risk-basedmetrics and

scorecards

Improve return/risk ratio on

capital or assets

Facilitates risk-based

performance measurement

and assessment

Ability to fully document

and effectively disclose risk-

based performance

Risk-based metrics deliver a sustainable changein everyday business behavior

Risk-based metrics

Optimal risk/return profile Balances risk and rewards

Global Risk-

Based Strategies

for Loss

Avoidance and

Compliance

Adherence


13/16


14/16

14

ERM Technology Infrastructure

Aggregation

ETL

Data WarehousingWeb Services

Measureuncertainty

Go beyond querying

Predictiveanalytics

-- Services Oriented Architecture

-- Dashboards

Scenarios / stress tests

Forecasting

Statistics

DeploymentAnalyticsData

Integrated Data Model

ERM Infrastructure

-- Portals and Portlets

Data quality


15/16

15

ConclusionA ‘best practices’ ERM infrastructure:

Embodies a philosophy

Alignment

Convergence

Contains key components

Well-defined business processes

Robust technology infrastructure

Allows appropriate flexibility

BUs can run their business effectively

Federated model

Becomes integral to the corporate culture

ERM is everyone’s responsibility

Cultural change begins at the top

best practices in enabling erm

Documents