overview of enterprise risk management (erm)

ENTERPRISE RISK MANAGEMENT (ERM)

© 2012 All rights reserved

INTRODUCTION TO ERM CONCEPTS

1

©2012 Paul Esther Consulting Limited, an accredited Member of the Centre for Management development, Nigeria. All rights reserved. Printed in Nigeria

AGENDA

ERM Unravelled

Concepts

Roles & Responsibilities

Benefits of ERM

2


ERM Unravelled

3


Enterprise Risk Management Unravelled Case 1: Nike. Shaming the apparel giant

4

Nike is a leading marketer of shoes and apparel clothing in the world Nike makes an annual revenue of $10billion and Sell Products in 140 countries

Nike

Design Market

Manufactures

•600 Factories •550,00 employees

In 1996, a 48hrs program (boycott Nike) was aired by CBS showing pictures of young women at a Vietnamese subcontractor who worked with toxic materials every week in poor conditions for 20 cents an hour.

In November 1997, a confidential report of a Nike (commissioned audit report) Vietnam factory owned by a Nike subcontractor by Ernst & Young leaked. The factory has 9,200 workers and made 400,000 shoes a week. Most workers are women under the age of 25 working in excessive heat , noise, foul air, toxic chemicals and constantly exposed to carcinogens. They are a paid a mere $10 a week

In 1998, Nike annual revenue dipped by more than 30%, most of its advert models dropped their contract, Nike’s ethical rating and brand image fell globally. Nike was forced to re-examine its subcontracting policies

©2012 Paul Esther Consulting Limited, an accredited Member of the Centre for Management development, Nigeria. All rights reserved. Printed in Nigeria 5

Enterprise Risk Management Unravelled Case 2: American International Group.

A credit default swap is basically an insurance on bonds. Imagine a large bank buys some bonds issued by UAC. The bank expects to receive a steady stream of payments from UAC over the years. But the bank figures there's a chance that UAC might go bankrupt. It's a small chance, but not zero, and if it happens, the bank doesn't get any more of those payments.

UAC GTB

AIG

Sell Buy

Cash

Bond CDS; an insurance policy

Most banks and financial institutions were not all that bad off, because they were simultaneously on both sides of the CDS trade. Most banks and hedge funds would buy CDS protection on one hand and then sell CDS protection to someone else at the same time. When a bond defaulted, the banks might have to pay some money out, but they'd also be getting money back in. They netted out

Everyone, that is, except for AIG was on both side of the trade. AIG only sold CDS. They never bought. Once bonds started defaulting, they had to pay out and nobody was paying them. AIG seems to have thought CDS were just an extension of the insurance business.

Credit default swaps written by AIG cover more than $440 billion in bonds. In 2009 the American Government bailed out AIG with $180billion.

The CDS Issue


Enterprise Risk Management Unravelled Case 3: General Motors & Toyota Corporation. The battle for American Market Share

General Motors is the world leader in automobile manufacturing while Toyota Corporation comes next in line. GM manufactures its cars mainly in the US (its native country) and Toyota does so mainly in Japan.

As at 2002, GM holds 31% market share in the US while Toyota holds 27.5%. An average GM car is sold for $25,000 with a profit margin of 12% while an average Toyota is sold for $24,000 with a profit margin of 11%.

In 2002, the US Dollar strengthened against the Japanese Yen causing the cost of production of Japanese goods to decline by 10%. This however, increased the profit margin on Japanese cars in the US to 22% and also gave the Japanese to lower their car prices by up to 10%.

These events caused a dramatic decline in the purchase of GM cars in the US, leaving it with 28% market share and giving Toyota a 31.5% market share.


Case 4: Heathrow Terminal 5: What Went Wrong?

Almost 300 flights in and out of Heathrow Airport were cancelled during the first five days after opening of the Terminal 5.

1.0400 - Both passengers and staff have trouble locating car parks 2. 0400 - Delayed opening of check-in resulted in long queues 3. 0442- First passengers arrive early but wait an hour for luggage 4. All morning - Clogged conveyor leads to long wait for luggage 5. 1630 - Baggage system failure; all check-in at T5 suspended 6. 1700 - After long queues form at "fast bag drop" desk, BA suspends check-in of all luggage into hold

Enterprise Risk Management Unravelled


Case 5:NNPC Insolvency Issue

The Federation Account Allocation Committee (FAAC), which manages the distribution of Nigeria's oil revenues to the three tiers of government, says however that NNPC owes it a shortfall of 450 billion naira in unremitted crude oil receipts. "NNPC is insolvent as current liabilities exceed current assets," Minister of State for Finance Remi Babalola told a FAAC meeting in the capital Abuja. "NNPC is incapable of repaying the 450 billion naira owed to the Federation Account unless it is reimbursed the 1.156 trillion naira (in subsidies) it has requested from the federal ministry of finance," he said.



Case 6: PSIN/ASCON

Commissioned in February 2009 to provide human capital development services to the public service

Established in 1979 to provide human capital development services to the public service



Case 7:National Assembly Website Hacking?

The National Assembly website was hacked on October 1st , 2010 during the celebration of its 50th year anniversary.



Case 8: Nigerian Re/NICOM/NICON


Decentralization of the placement of Government Assets in the Insurance industry NICON once controlled over a 54% market share of the insurance industry and can only boast of a little over 5% now

Removal of the compulsory Legal cession An Act that required all insurance companies to cede 25% of their business with Nigerian-Re was revised to enable insurance companies to do so with any reinsurance firm. Nigerian-Re lost the captive business

Impact of regulation on the insurance industry Reduction of the Insurance firms from 103 to 48



What is Risk ?

Risks" are simply future issues that can be avoided or mitigated, it is assessed as a function of three variables: 1. the probability that there is a threat 2. the probability that there are any vulnerabilities 3. the potential impact to the business or organization.

What is Risk Management ?

Risk management involves assessing and quantifying various risks inherent with an organization, a business or a process, and then taking measures to control or reduce them


ERM Evolutions Organizations have long practiced various parts of what is called enterprise risk management. Identifying and prioritizing risks, either with foresight or following a disaster has been a standard

management activity. While so much attention has been placed only on financial risk; treating risks by transfer, through

financial/insurance products, has also been common practice. What has changed recently is approaching management of variety of risks in an holistic manner.

Seemly insignificant risks on their own have the potential, to become big risks because they interact with

each other events and conditions to cause great damage.



ERM Evolutions Several factors has contributed to the need to approach risk management in a more strategic and effective manner. Those factors include:

1. More complicated risks are emerging. (Foreign exchange risk, operational risk, strategic risk, advancement

in technology, globalization, increase in terrorism, increasing financial sophistication, e.t.c) 2. External pressures from regulators, rating agencies, stock exchanges and the public,

3. Institutional investors and corporate governance oversight bodies have come to insist that organization’s

top management should take responsibility for managing risks on an enterprise-wide scale

4. Need to analytically foresee and manage crises effectively so as not to jeopardise organization reputation or brand.



ERM Evolutions 5. The need to start quantifying risk that are once though to be unquantifiable. Think global warming, advance

in technology, meteorology, terrorist attacks. E.t.c What about risks that cannot be quantifiable irrespective of technological tools present. Strategic risk (ASCON & PSIN) or risks influenced by human, for example operational risks. 6. Change in organization attitude toward risk. In the past, organization tends to take a defensive posture

toward risk (viewing it as a situation that should be minimized or avoided) but now, organizations are beginning to recognize the need to take an opportunistic side to risk management

7. While ERM was developed in the commercial sector, it has direct relevance for government - for a number of reasons. Government should manage risk holistically, probably more than commercial businesses do.



ERM Definition

Strategic Risk Management

Holistic risk management

Integrated risk management Enterprise Risk

Management

ERM is the discipline by which an organization in any industry assesses, controls, exploits, finances, and monitors risks from all sources for the purpose of increasing the organization’s short- and long-term value to its stakeholders CAS committee on Enterprise Risk Management 2003




Types of Risk ? Public Sector Focus.

Reputational Risk

Project Risk

Political/Policy Risk

Operational Risk

Informational Risk

Strategic Risk

Credit Risk Liquidity Risk

Hazard Risk


ERM Concept

Enterprise risk management, as defined by COSO (Committee of Sponsoring Organizations of the Treadway Commission) is a process designed to:

1. identify potential events that may affect the

organization

2. manage risk to be within the organization's risk

appetite

3. provide reasonable assurance regarding the

achievement of the organization's objectives


ERM Concept

Holistic approach to Managing all the risk inherent within the enterprise


ERM Concept

Enterprise Level

Divisional Level Divisional Level Divisional Level

Business Level Business Level Business Level Business Level Business Level Business Level

Process Level Process Level


For ERM to be effective, an agency's managers and employees must value risk information, which typically requires a cultural mind-set for change so that a healthy risk communication culture can take hold. In addition, agency managers should assign responsibility for risks to those managers who can best oversee them. Risk without responsibility is a recipe for organizational disaster. In its best form, ERM identifies and manages the individual, collective and cumulative effects of different types of risk on agency decisions. When done well, ERM helps an agency realize its full potential. Realizing that ERM is a dynamic process that affects every aspect of an organization's resources and operations, it is also important to note that ERM’s approach is as well as taking the approach that "everyone is a risk manager."

ERM Roles & Responsibilities


Chief Risk Officer

Risk Management Dept.

Hazard Risk

Research & Development Strategic risk

Treasury/Finance Dept

Financial Risk

Human Resource Dept

Workers compensation,

health, employee risks

Planning & Documentation Operational risks

ERM Roles & Responsibility


Role of the Chief Risk Officer in ERM

The risk officer play an important role in monitoring ERM, and also have primary responsibility for its implementation or maintenance.

The personnel should assist management and the board or audit committee in the process by: Monitoring, Evaluating, Examining, Reporting and Recommending improvements

The Chief Risk Officer activity’s plan of engagements should be based on a risk assessment, undertaken at least annually.

Based on the results of the risk assessment, the Chief Risk Officer should evaluate the adequacy and effectiveness of controls encompassing the organization’s governance, operations, and information systems.

When planning the engagement, the Chief Risk Officer should identify and assess risks relevant to the activity under review. The engagement objectives should reflect the results of the risk assessment.


key benefits of ERM

1. It allows the Organization to set a quantitatively based risk/reward threshold across its businesses so that management can better understand the totality of its risks, their interrelationships and their financial implications for the company

2. It allows management to evaluate how lines of business compare to each other vis-a-vis

capital consumption and whether the returns are commensurate with the risks inherent in those businesses.

3. It provides management solid new measurements to inform business decision making 4. It will enable managers make risk and capital related decisions, asset/liability management,

risk limit setting and monitoring, and capital allocation and pricing

5. The long-term benefits of a good risk culture include transparency and a "fix-it" mentality, thus making risk management behaviours a natural part of the way an organization does things


Conclusion

Enterprise Risk Management should not be perceived as theoretical but rather as an implementable strategy. ERM is becoming an inevitable strategy for organization to survive in this recent economic situations and It is also a strategic step for laying a solid foundation for sustainable growth and competitiveness in this present day dynamic business environment. ERM is a discipline which each organization should imbibe and treat as a corporate culture rather than a mere guiding framework. For ERM to survive both In the private and Public Sector, efforts has to come from the everyone in the organization (from top management to mid management to junior staff)


Thank you