best practices in enabling erm
TRANSCRIPT
-
8/9/2019 Best Practices in Enabling ERM
1/16
Jeff HasmannDirector, Risk Management PracticeOctober, 2004
Best Practices in EnablingEnterprise Risk
Management
-
8/9/2019 Best Practices in Enabling ERM
2/16
2
Overview
What’s driving interest in ERM
Concept of an ERM infrastructure
Barriers to effective ERM
Components of a ‘best practices’ ERM infrastructure Interesting ERM case studies throughout
-
8/9/2019 Best Practices in Enabling ERM
3/16
3
RISK Management
Market
Credit
Operational
Scope: What is ERM and what is drivingit?
Minimum Capital Requirements and Liquidity Covenants
Supervisory Review of Internal Controls & Capital Adequacy
Public Disclosure of Risk Management by Companies
Validation of accuracy and integrity of financial management CEOs and CFOs must personally certify that their companies' statements
are complete and accurate
-
8/9/2019 Best Practices in Enabling ERM
4/16
4
Who Cares?
CIOs are facedwith both sidesof thebusiness;needs for growthand expansion
and cost justification foreach IT project.
Institutions arespendingMillions eachyear on IT butfeel they have
reached thelimits that enablethem to containcosts yet enablelarge-scaleacquisitions.
In the post Sarbanes-Oxley environmentwhere CFOs are askedto sign off on financialstatements, the qualityof data and thesystems that producethat data are beingscrutinized now morethan ever before.
Growth can onlycome with efficientarchitectures andsynergistic investmentsin technology.
Risk compliance infinancial institutionshas become morecomplicated by anumber of regulationssuch as Basel IIaccord and USAPatriot act.
A siloed approach tocompliance is nolonger valid,significant savings canbe found in the poolingof initiatives aroundrisk.
In an environment whereCMOs are being asked togrow revenues with lessmanpower than ever before,new regulations are gettingin their way of beingeffective.
Privacy policies, and optout policies are destroyingpre existing databases andmaking it hard to cross selland up sell existingcustomers.
Quality data can only befound by drawing datafrom a centralized datawarehouse that containevery interaction with thecustomer as well as whenand where it is appropriateto contact them.
CIO’s Care: CFOs Care: CRO’s Care: CMOs Care:
-
8/9/2019 Best Practices in Enabling ERM
5/16
5
AlignmentConvergence
Strategy
People
Processes
Themes in developing a robust ERMinfrastructure
Alignment of people, processes, and strategic vision
Integrated technology enables effective ERM
Mandatory alignment of businesses with corporate vision
Cooperation across business silos Rewards for risk-adjusted performance
Technologyas enabler
-
8/9/2019 Best Practices in Enabling ERM
6/16
6
Some Barriers to Successful ERM
OrganizationalSilos
Inadequate Data
Management Strategy
Internal politics Fragmented data
Tunnel vision • Incomplete data
Lack of synergies • No common data models
Corporate Culture
• Overhyped benefits of ERP
• ERM is ‘catastrophe avoidance’
• Risk management is overly complex
Conflicting strategies • Manual aggregation of data • Executive compensation structure not gearedtowards ERM
-
8/9/2019 Best Practices in Enabling ERM
7/16
7
Trust [Enterprise Risk Reduction]
Stage 1
Business &Risk Mgtm
Silos
Stage 2Partial
Integration
Stage 3Holistic
Approach
Stage 5
Innovation & CompetitiveAdvantage: Effective ERM is
Value-Added Business,which translates to higher
shareholder returns
Increasing
I n
f r a s t r u c t u r e
/ M o d e l i n g
I n t e g r a t i o n & S o
p h i s t i c a t i o n
Stage 4
Continuous
Realignment ofPolicies and
Strategies withEver-Changing
Business &
Compliance
Realities
Evolution of the Enterprise RiskManagement Infrastructure
Efficiency IncreasingReturn Increasing
-
8/9/2019 Best Practices in Enabling ERM
8/16
8
RiskStrategy
andGovernance
RiskProcesses
Toolsand
Technology
PeopleandOrganization
ManagingBusinessRisk
Alignment
Enterprise Risk Strategy and Corporate Governance
Executive sponsorship Corporate governance Top-down definition of risk appetite
Strategic allocation of capital Policies and procedures Integration across silos
• Weaknesses in existing systematic /detective controls to manage
operational risks• Technology functionality delivered is
less than optimal and there are manymore opportunities for automation
Technology• Fragmented and disparate technology
platforms need to be better integrated
• Relatively low investments in technologyplanning & procurement have weakened theability to scale up operations, monitor andcontrol risks
• A certain amount of instability in the existingtechnology platforms leads to frustrations andlost productivity
• Deficiency in the amount of trust placed inexisting systems and applications.
• Significant opportunity exists to implement keyearly warning systems and reduce risk whileimproving decision-making
• Weaknesses in standardized reporting ofmanagement information
• Inconsistent rrisk measurementmodels and tools
• Limited early warning systems
• Limit setting tools
• Loss classification frameworks
• RAROC and VaR models
• Increasing complexity of businessmodel has increased risk of non-compliance to policies andprocedures. This has created aneed for additional internalcontrols or even a completely newbusiness model.
• Manual work around and re-keying of data increase potentialfor human error or fraudulentbehaviour
• Increasing potential for failure tocomply with regulatoryrequirements due to lack ofsufficient assistance from thecommonly used applicationsystems
• Profiles of new products areincreasingly changing thefundamental risk profiles ofcustomers and need additionalprocesses and controls
• Absence of key risk and keyperformance indicators
Business Processes
• Increasing turnover and declining tenuretrends add to costs and risks
• Increasing need for higher skilledprofessionals
• Not enough people
• Human errors can lead to increasedchances for poor delivery of service,damaging customer relationships &increasing risk
• Potential for compensation notsufficiently matched with skill set
and market
People and Organization
Our Objective: Propose a Strategy to Enable ERM
-
8/9/2019 Best Practices in Enabling ERM
9/16
9
Business Unit Exposures
Enterprise Risk Exposure
Risk-based
Metrics andScorecards
A enterprise risk
infrastructure gives an
organization the ability toexamine all of the layers
within it. The result is a
core that strengthens
internal controls andefficiently and reliably
manages risk exposures
An Enterprise Risk Infrastructure is composed of several
layers
Global Risk-
Based Strategies
for Loss
Avoidance andCompliance
Adherence
-
8/9/2019 Best Practices in Enabling ERM
10/16
10
Business Unit Exposures
Enterprise Risk Exposure
Risk-based
metrics andscorecards
Avoid unexpected losses
Stay out of the news
Improve bottom line
Reduce Fines
Increase Customer Satisfaction
Increase Employee Utilization
Business Unit Risk Management
Measuring business unit risk is the outer most layer
Global Risk-
Based Strategies
for Loss
Avoidance &Compliance
Adherence
-
8/9/2019 Best Practices in Enabling ERM
11/16
11
Business Unit Exposures
Enterprise Risk Exposure
Risk-based
metrics and
scorecards Leverage on more
comprehensive views
Ability to report to the BoDand Auditors with greater
clarity and depth on
compliance matters, risk
exposures, and effectiveness
of controls
Enterprise Risk Exposure Management
Measuring enterprise risk is the next layer in the journey
Global Risk-
Based Strategies
for LossAvoidance and
Compliance
Adherence
Roll together multiple BUs
Risk exposure aggregation
Information sharing
-
8/9/2019 Best Practices in Enabling ERM
12/16
12
Business Unit Exposures
Enterprise Risk Exposure
Risk-basedmetrics and
scorecards
Improve return/risk ratio on
capital or assets
Facilitates risk-based
performance measurement
and assessment
Ability to fully document
and effectively disclose risk-
based performance
Risk-based metrics deliver a sustainable changein everyday business behavior
Risk-based metrics
Optimal risk/return profile Balances risk and rewards
Global Risk-
Based Strategies
for Loss
Avoidance and
Compliance
Adherence
-
8/9/2019 Best Practices in Enabling ERM
13/16
-
8/9/2019 Best Practices in Enabling ERM
14/16
14
ERM Technology Infrastructure
Aggregation
ETL
Data WarehousingWeb Services
Measureuncertainty
Go beyond querying
Predictiveanalytics
-- Services Oriented Architecture
-- Dashboards
Scenarios / stress tests
Forecasting
Statistics
DeploymentAnalyticsData
Integrated Data Model
ERM Infrastructure
-- Portals and Portlets
Data quality
-
8/9/2019 Best Practices in Enabling ERM
15/16
15
ConclusionA ‘best practices’ ERM infrastructure:
Embodies a philosophy
Alignment
Convergence
Contains key components
Well-defined business processes
Robust technology infrastructure
Allows appropriate flexibility
BUs can run their business effectively
Federated model
Becomes integral to the corporate culture
ERM is everyone’s responsibility
Cultural change begins at the top
-
8/9/2019 Best Practices in Enabling ERM
16/16
16Copyright © 2003, SAS Institute Inc. All rights reserved. 16