Enterprise Risk Management: Applications in the Private & Public Sectors

1. Presentation goals and panelists 2. ERM definition 3. Origins of enterprise risk management 4. Examples of creating value with ERM 5. Harnessing ERM in your role 6. ERM and The Institutes 7. Wrap-up

Agenda

Panelists: Leo Costantino, CPCU, ARM—Bickmore Risk Consulting Services Michael Elliott, CPCU, AIAF—The Institutes Lisa Kremer—Marsh Contributors: Carrie Frandsen—University of California Office of the President Lisanne Sisson—Bickmore Risk Consulting Services Linda Conrad—Zurich

Presentation Goals, Panelists and Contributors

A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio. RIMS

What Is ERM?

1. ERM encompasses both hazard risk and business risk.

2. ERM seeks to enable an organization to fulfill its greatest productive potential.

3. ERM focuses on the value of the organization.

4. ERM focuses on the organization as a whole.

1. Traditional RM focuses on hazard risk.

2. Traditional RM seeks to restore an organization to former pre-loss condition.

3. Traditional RM focuses on the value of the accidental loss.

4. Therefore, traditional RM is both its own discipline and part of the broader ERM discipline.

Excerpt from ARM textbook: Risk Financing by Berthelsen, Elliott and Harrison, page 1.14.

Comparing Traditional RM With ERM

ERM Past and Present—How Did We Get Here? • Frameworks • ERM’s relationship with regulatory and compliance functions • ERM from the carrier and financial institution perspective

Origins of Enterprise Risk Management

Evolution of ERM

8

1970s 1980s 1990s 2000s 2010s

S&P expands review of ERM in its

ratings of non-financial institutions

Rating agency review of ERM in

financial institutions

Increased regulator pressure to demonstrate sound risk management practices (e.g., Basel II,

SOX)

Development of disciplined approach to market risk and

energy risk

Development of robust approaches to credit and

operational risk

Embryonic development of enterprise risk

management

Collapse of companies (Enron, Andersen,

WorldCom, ...)

SEC expanded disclosure of risk

oversight

Emergence of ERM Standards

9

1995

2004 2006

2008

2009

China SASAC* ERM guidelines

• Mandatory for central SOEs (state-owned enterprises) in China

• Required pilot enterprises to submit annual report starting 2008

COSO ERM framework

• Developed by a private-sector organization; sponsored by five professional associations in the U.S.

• Accepted by U.S. SEC

• Embeds internal control framework

• Mainly adopted in U.S. or by companies listed in U.S. stock exchanges

Australian Standard 4360

• The first ERM standard

• Most-adopted internationally

• Major adopted markets: Australia, New Zealand, Europe, Japan

BS 31100

• British National Standard

• Officially published summer 2008

ISO 31000

• Mainly based on AS 4360

COSO ERM Framework and ISO 31000

10

Eight interrelated components

ERM is a process to help achieve entity

objectives across these categories

Applies to activities at all levels of the

organization Source: Enterprise Risk Management—Integrated Framework. Committee of Sponsoring Organizations of the Treadway Commission, 2004, and ISO 31000

Development of Risk Assessment

11

Ratings assessment of ERM practices

RBC

BCAR

S&P ERM

Best SRQ

ORSA

Future

NAIC risk-based capital formula

AM Best’s capital adequacy ratio

ERM section supplemental ratings questionnaire

NAIC’s Solvency Modernization Initiative (SMI)

Competing when the game changes

Formulaic risk assessment

Increasing focus on qualitative assessment

Efficient capitalization for business objectives

U.S. Property-Casualty Insurers

Source: Zurich

Enterprise Risk Wheel

Source: CEB Audit Leadership Council Research. n = 128

Risks That Matter—Market Capitalization Loss of 50% or More at Top 20% of Fortune 1000

Value of ERM

A survey by Federation of European Risk Management Associations found firms with a more mature approach to risk management have better financial results. • 75% more firms with advanced risk management practices had

earning before interest taxes depreciation and amortization (EBITDA) growth of over 10%.

• 62% more firms with advanced risk management practices attained annual revenue growth of 10%.

Creating an active risk culture is correlated with higher growth, as the company becomes more aware and accountable for risk.

Source: 2012 study by Federation of European Risk Management Associations

Value of ERM—An Underwriter’s Perspective

• Since underwriters have to assess and price the overall exposure, an underwriter typically finds the details on an ERM program very valuable.

• Companies must communicate to insurance markets the strength and effectiveness of their ERM programs in order to maximize shareholder value.

Examples of Enterprise Risk Management Value Creation in Private and Public Sectors • Private sector

– Zurich • Public sector

– University of California – County of Los Angeles

Value of ERM—Private and Public Sector Examples

Value of ERM—UC’s Reduction in WC Costs

Operational risk is defined as the risk of loss resulting from inadequate

or failed processes, people and systems or from external events.

Operational Risk and ERM County of Los Angeles

18

Treating Operational Risk–Challenges – Scope

37 units; 100,000 employees – Organizational culture

Processes performed in silos – Data

Aggregate view of losses and risks lacking

Operational Risk and ERM County of Los Angeles

19

Treating Operational Risk—Current Solutions – Root cause analysis and corrective actions – Data dashboard – Loss exposure reduction committee (governance)

Operational Risk and ERM County of Los Angeles

20

Treating Operational Risk— “How Is This ERM?”

Operational Risk and ERM County of Los Angeles

21

ERM

Root Cause Analysis

Data Dashboard

Governance Committee

Applying ERM Principles Within Insurance Industry, Leadership and Management Roles • Insurance industry

– Actuarial – Underwriting – Claims

• Leadership and management – Risk management – Leadership roles (CEO, COO, CFO)

ERM Leadership Roles in the Insurance Industry

Organizational Support – Benefits at Every Level

Driver Board AC Chair Audit Director CEO Exec

Mgmt

Operating Unit

Leaders Managers Employees

Reduce Reputation Damage and Operational Surprises and Losses

Portfolio View of Risk

Increased Comfort and Confidence for the BOD

Achievement of Organization’s Strategic Objectives

Risk Informed Strategic Decisions

Achievement of Organization’s Operating Unit Goals

Risk Informed Business Decisions

Risk Management Functional Synergies and Efficiencies

Cost Savings

Improved Risk-based Capital Allocation

23 September 3, 2014

Author Caroline McDonald writes: “Risk managers, often seen mostly as insurance buyers, have work to do in expanding their view of risk to match those of senior executives and board members….Today, senior executives and boards think of risk in much broader terms, and risk managers need to see themselves as more than insurance buyers.”

Risk Management Competencies

Source: RIMS Risk Management Professional Growth Model

• Evolution from ARM to ERM • Our approach to ERM education

– Risk classifications – Organizational functions

• Emphasizes frameworks and processes • 2014 Business Insurance Innovation Award

The Institutes—Evolution of Risk Management Curriculum

Wrap-Up

Concluding Remarks from Our Panel Questions

Visible Can be evaluated

Poorly Visible

Difficult to evaluate

MORE INSURABLE

A consequence of the preceding risks and unacceptable to society

4th ORDER RISKS

3rd ORDER RISKS

2nd ORDER RISKS

1st ORDER RISKS

Indirect Economic Losses (Market share, image, managing upset,

personnel, lost investments)

Consequential Losses (Production, profits)

Physical Damage, Personal injuries/deaths

Hazard Cause

Event

LESS INSURABLE

The Anatomy of Enterprise Risk

ERM Framework and Process—ARM/ERM Courses

ERM Risk Classifications–ARM/ERM Courses

How important is knowledge of risk governance and strategy development for:

Risk Management Competencies—Research by The Institutes

Source: RIMS Risk Management Professional Growth Model

Very Important

Somewhat Important

Neutral Not Too Important

Not Important

at All

Insurance and risk management directors

3 5 1 2 0

Enterprise risk management directors

7 3 1 0 0

How important is knowledge of business process and controls for:

Source: RIMS Risk Management Professional Growth Model

Very Important

Somewhat Important

Neutral Not Too Important

Not Important

at All

Insurance and risk management directors

7 2 2 0 0

Enterprise risk management directors

9 2 0 0 0

Risk Management Competencies—Research by The Institutes