enterprise risk management: public sectors - cpcu … strategic business discipline that supports...
TRANSCRIPT
Enterprise Risk Management: Applications in the Private & Public Sectors
1. Presentation goals and panelists 2. ERM definition 3. Origins of enterprise risk management 4. Examples of creating value with ERM 5. Harnessing ERM in your role 6. ERM and The Institutes 7. Wrap-up
Agenda
Panelists: Leo Costantino, CPCU, ARM—Bickmore Risk Consulting Services Michael Elliott, CPCU, AIAF—The Institutes Lisa Kremer—Marsh Contributors: Carrie Frandsen—University of California Office of the President Lisanne Sisson—Bickmore Risk Consulting Services Linda Conrad—Zurich
Presentation Goals, Panelists and Contributors
A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. RIMS
What Is ERM?
1. ERM encompasses both hazard risk and business risk.
2. ERM seeks to enable an organization to fulfill its greatest productive potential.
3. ERM focuses on the value of the organization.
4. ERM focuses on the organization as a whole.
1. Traditional RM focuses on hazard risk.
2. Traditional RM seeks to restore an organization to former pre-loss condition.
3. Traditional RM focuses on the value of the accidental loss.
4. Therefore, traditional RM is both its own discipline and part of the broader ERM discipline.
Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliott and Harrison, page 1.14.
Comparing Traditional RM With ERM
ERM Past and Present—How Did We Get Here? • Frameworks • ERM’s relationship with regulatory and compliance functions • ERM from the carrier and financial institution perspective
Origins of Enterprise Risk Management
Evolution of ERM
8
1970s 1980s 1990s 2000s 2010s
S&P expands review of ERM in its
ratings of non-financial institutions
Rating agency review of ERM in
financial institutions
Increased regulator pressure to demonstrate sound risk management practices (e.g., Basel II,
SOX)
Development of disciplined approach to market risk and
energy risk
Development of robust approaches to credit and
operational risk
Embryonic development of enterprise risk
management
Collapse of companies (Enron, Andersen,
WorldCom, ...)
SEC expanded disclosure of risk
oversight
Emergence of ERM Standards
9
1995
2004 2006
2008
2009
China SASAC* ERM guidelines
• Mandatory for central SOEs (state-owned enterprises) in China
• Required pilot enterprises to submit annual report starting 2008
COSO ERM framework
• Developed by a private-sector organization; sponsored by five professional associations in the U.S.
• Accepted by U.S. SEC
• Embeds internal control framework
• Mainly adopted in U.S. or by companies listed in U.S. stock exchanges
Australian Standard 4360
• The first ERM standard
• Most-adopted internationally
• Major adopted markets: Australia, New Zealand, Europe, Japan
BS 31100
• British National Standard
• Officially published summer 2008
ISO 31000
• Mainly based on AS 4360
COSO ERM Framework and ISO 31000
10
Eight interrelated components
ERM is a process to help achieve entity
objectives across these categories
Applies to activities at all levels of the
organization Source: Enterprise Risk Management—Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004, and ISO 31000
Development of Risk Assessment
11
Ratings assessment of ERM practices
RBC
BCAR
S&P ERM
Best SRQ
ORSA
Future
NAIC risk-based capital formula
AM Best’s capital adequacy ratio
ERM section supplemental ratings questionnaire
NAIC’s Solvency Modernization Initiative (SMI)
Competing when the game changes
Formulaic risk assessment
Increasing focus on qualitative assessment
Efficient capitalization for business objectives
U.S. Property-Casualty Insurers
Source: Zurich
Enterprise Risk Wheel
Source: CEB Audit Leadership Council Research. n = 128
Risks That Matter—Market Capitalization Loss of 50% or More at Top 20% of Fortune 1000
Value of ERM
A survey by Federation of European Risk Management Associations found firms with a more mature approach to risk management have better financial results. • 75% more firms with advanced risk management practices had
earning before interest taxes depreciation and amortization (EBITDA) growth of over 10%.
• 62% more firms with advanced risk management practices attained annual revenue growth of 10%.
Creating an active risk culture is correlated with higher growth, as the company becomes more aware and accountable for risk.
Source: 2012 study by Federation of European Risk Management Associations
Value of ERM—An Underwriter’s Perspective
• Since underwriters have to assess and price the overall exposure, an underwriter typically finds the details on an ERM program very valuable.
• Companies must communicate to insurance markets the strength and effectiveness of their ERM programs in order to maximize shareholder value.
Examples of Enterprise Risk Management Value Creation in Private and Public Sectors • Private sector
– Zurich • Public sector
– University of California – County of Los Angeles
Value of ERM—Private and Public Sector Examples
Value of ERM—UC’s Reduction in WC Costs
Operational risk is defined as the risk of loss resulting from inadequate
or failed processes, people and systems or from external events.
Operational Risk and ERM County of Los Angeles
18
Treating Operational Risk–Challenges – Scope
37 units; 100,000 employees – Organizational culture
Processes performed in silos – Data
Aggregate view of losses and risks lacking
Operational Risk and ERM County of Los Angeles
19
Treating Operational Risk—Current Solutions – Root cause analysis and corrective actions – Data dashboard – Loss exposure reduction committee (governance)
Operational Risk and ERM County of Los Angeles
20
Treating Operational Risk— “How Is This ERM?”
Operational Risk and ERM County of Los Angeles
21
ERM
Root Cause Analysis
Data Dashboard
Governance Committee
Applying ERM Principles Within Insurance Industry, Leadership and Management Roles • Insurance industry
– Actuarial – Underwriting – Claims
• Leadership and management – Risk management – Leadership roles (CEO, COO, CFO)
ERM Leadership Roles in the Insurance Industry
Organizational Support – Benefits at Every Level
Driver Board AC Chair Audit Director CEO Exec
Mgmt
Operating Unit
Leaders Managers Employees
Reduce Reputation Damage and Operational Surprises and Losses
Portfolio View of Risk
Increased Comfort and Confidence for the BOD
Achievement of Organization’s Strategic Objectives
Risk Informed Strategic Decisions
Achievement of Organization’s Operating Unit Goals
Risk Informed Business Decisions
Risk Management Functional Synergies and Efficiencies
Cost Savings
Improved Risk-based Capital Allocation
23 September 3, 2014
Author Caroline McDonald writes: “Risk managers, often seen mostly as insurance buyers, have work to do in expanding their view of risk to match those of senior executives and board members….Today, senior executives and boards think of risk in much broader terms, and risk managers need to see themselves as more than insurance buyers.”
Risk Management Competencies
Source: RIMS Risk Management Professional Growth Model
• Evolution from ARM to ERM • Our approach to ERM education
– Risk classifications – Organizational functions
• Emphasizes frameworks and processes • 2014 Business Insurance Innovation Award
The Institutes—Evolution of Risk Management Curriculum
Wrap-Up
Concluding Remarks from Our Panel Questions
Visible Can be evaluated
Poorly Visible
Difficult to evaluate
MORE INSURABLE
A consequence of the preceding risks and unacceptable to society
4th ORDER RISKS
3rd ORDER RISKS
2nd ORDER RISKS
1st ORDER RISKS
Indirect Economic Losses (Market share, image, managing upset,
personnel, lost investments)
Consequential Losses (Production, profits)
Physical Damage, Personal injuries/deaths
Hazard Cause
Event
LESS INSURABLE
The Anatomy of Enterprise Risk
ERM Framework and Process—ARM/ERM Courses
ERM Risk Classifications–ARM/ERM Courses
How important is knowledge of risk governance and strategy development for:
Risk Management Competencies—Research by The Institutes
Source: RIMS Risk Management Professional Growth Model
Very Important
Somewhat Important
Neutral Not Too Important
Not Important
at All
Insurance and risk management directors
3 5 1 2 0
Enterprise risk management directors
7 3 1 0 0
How important is knowledge of business process and controls for:
Source: RIMS Risk Management Professional Growth Model
Very Important
Somewhat Important
Neutral Not Too Important
Not Important
at All
Insurance and risk management directors
7 2 2 0 0
Enterprise risk management directors
9 2 0 0 0
Risk Management Competencies—Research by The Institutes