governance insight june 15, 2011 enterprise risk management
TRANSCRIPT
![Page 1: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/1.jpg)
Governance Insight
June 15, 2011
www.vitalinsight.com
Enterprise Risk Management
![Page 2: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/2.jpg)
Credit Union ERM – Why we are here
Enterprise Risk Management is becoming top of mind for many credit unions- Board/supervisory committee members- Senior management- Regulatory examiners- External auditors
Credit unions want to more clearly understand:- The benefits of ERM - The goals, objectives, and deliverables of ERM- The most efficient way to implement ERM
Goal for today: Demystify the ERM Process
![Page 3: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/3.jpg)
Vice President, Risk Management, Redstone FCU
• B.S. Degree, Middle Tennessee State University summa cum laude;
Master’s Degree, Strategic Leadership, Middle Tennessee State
University, in progress; Juris Doctorate Degree, University of
Memphis
• Located in Huntsville, AL
• $3 Billion in Assets
• 340,000 members and over 1200 service groups, including
Redstone Arsenal
• Working to expand by moving into new geographical areas, product
areas, exploring merger opportunities
Introductions – Roberta Rodgers
![Page 4: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/4.jpg)
Introductions – Alan White
Former “Big 4” Executive and Experienced Internal Auditor
Conducted well over 200 risk assessments and control reviews
B.S. (Industrial Engineering), Carnegie Mellon & MBA (Finance), University of
Texas
Founder and CEO, Vital Insight, Inc.
• Focused on providing cost effective ERM Solutions to Credit Unions
- Governance Insight software application
- ERM consulting services from experienced professionals
• Training and education
• Risk assessment and evaluation
• Content and best practices
- Strong relationships with academic experts and industry associations
- CUES Exclusive ERM Partner
![Page 6: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/6.jpg)
ERM Principles & Concepts
Goals & Objectives for an ERM Program
ERM Components
Getting Started
Questions and Comments
Webinar Agenda
![Page 7: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/7.jpg)
ERM Principles & Concepts
Goals & Objectives for an ERM Program
ERM Components
Getting Started
Questions and Comments
Webinar Agenda
![Page 8: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/8.jpg)
Huge changes in the operating environment
What is Driving ERM?
![Page 9: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/9.jpg)
Competitive Marketplace Globalization
Legal Requirements
Short Product Cycles
Explosion of Technology
Complex Business Transactions
Risks management trends
Management and Board Challenge
![Page 10: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/10.jpg)
Competitive Marketplace Globalization
Legal Requirements
Short Product Cycles
Explosion of Technology
Complex Business Transactions
And, they are interconnected – with a cascading impact
Management and Board Challenge
Risks management trends
![Page 11: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/11.jpg)
Huge changes in the operating environment• Liquidity is becoming volatile• Margins are eroding• Delinquencies & charge-offs have increased drastically• Fee income is steadily becoming more important• Restructuring of the Corporates (and the NCUA lawsuit)• Regulations are changing• GAAP is inadequate and may very likely change• IT Risk management requirements will increase• Freddie & Fannie (Risk Retention)• Proposed tax code changes
Efficiency (output/input) is critical Less room for errors and surprises – i.e. risk Regulators are extending risk management requirements
What is Driving ERM?
![Page 12: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/12.jpg)
Regulators are extending risk management requirements
Redstone is getting too big to continue working in silos
The regulatory environment is becoming more burdensome and affecting more areas of the CU
Strategic goals are becoming bigger and require an enterprise-wide view
It’s the right thing to do
Redstone’s ERM Drivers
![Page 13: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/13.jpg)
What is Risk?
The possibility of an event occurring that will have an impact on the achievement of objectives.
A Prerequisite to any risk discussion in an organization:
You must know
……the organization’s objectives
Risk is measured in terms of impact and likelihood. The Institute of Internal Auditors (IIA)
![Page 14: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/14.jpg)
“Silo” or “Stove-Pipe” Risk Management
Strategic Market Risks
Operations Risks
Finance Risks
IT Risks Legal Risks
Reputation Risks
Human Capital Risks
Traditional Risk Management Approach
![Page 15: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/15.jpg)
Enterprise Focus on Risks
Strategic Market Risks
Operations Risks
Finance Risks
IT Risks Legal Risks
Reputation Risks
Valuation Creation and Preservation
Human Capital Risks
Key Message: Senior Management is facilitating the aggregation and interactions of those risk exposures to evolve from Risk Management to Risk Intelligence
ERM Brings Risks Together
![Page 16: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/16.jpg)
Rewarded Versus Unrewarded Risks
Rewarded Risks (Opportunities to take risk)• Risks that are expected to bring some benefit if properly managed• Interest Rate Risk• Credit Risk• Liquidity Risk• Strategic Risks
Unrewarded Risks• Those for which there is only a downside• Transaction Risk• Compliance Risks• Reputation Risk• Financial Reporting (Accounting) Risk
![Page 17: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/17.jpg)
Maintaining a Balanced Focus on Risk
STRATEGICRISKS
EXECUTIONRISKS
OPERATIONS & COMPLIANCERISKS
Creating Value
Protecting Assets
•Senior Management ERM Agenda
•Board and Supervisory Committee Oversight
•Reputation Risk
•Executive Risk (Ethics, Integrity, Judgment)
•SWOT (risk review) with strategic planning
• Credit, Market Risk Management Processes
• Operational Risk Focus
• Risk Analysis Techniques
• Procedures, Controls, Insurance• Business Area Risk Reviews
• Key Risk Indicators• Early-warning Signals
The ERM program should help the organization to maintain a balanced focus on value creation (rewarded risk taking) as well as value protection (unrewarded risk mitigation).
Incr
easi
ng
ER
M
Pro
gra
m F
ocu
s
![Page 18: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/18.jpg)
Risk Appetite
Risk Appetite is target risk level you are willing to accept in pursuit of member value
Managing and profiting from calculated risk is what financial services organizations do
Risk management practices, risk appetite, strategy and capital are inextricably linked
Management and the Board should engage in a specific dialogue around the follow questions:
• How much risk are you willing to accept?• Are you taking enough risk to achieve the return/reward it is expecting?• Do you understand the combined effects of the risks it is taking? • How much of your capital can be put at risk at any one time?• How much risk are you willing to take with its existing assets at any one
time?• How much risk are you willing to take to achieve future growth at any
one time?
![Page 19: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/19.jpg)
State your objectives Identify most critical areas of risk (risk
assessment)• Keep in mind that you may (have) not have seen the impact yet!
Gather and analyze the relevant data Exercise sound judgment, ethics & integrity Identify potential root causes (WCGW) Determine best response Document and train Monitor, audit, and assure (and measure)
Risk Management Principles
![Page 20: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/20.jpg)
State your objectives Identify most critical areas of risk (risk
assessment)• Keep in mind that you may not have
seen the impact yet! Gather and analyze the relevant data Exercise sound judgment, ethics &
integrity Identify potential root causes (WCGW) Determine best response Document and train Monitor, audit, and assure (and
measure)
Risk Management Principles
Assess Risk
Manage Risk
![Page 21: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/21.jpg)
ERM Principles & Concepts
Goals & Objectives for an ERM Program
ERM Components
Getting Started
Questions and Comments
Webinar Agenda
![Page 22: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/22.jpg)
What is ERM supposed to do?
• Quickly identify emerging risks and problem areas before they escalate and cause serious harm
• Reduce the incidence of serious negative surprises that undermine stakeholder confidence
• Enable the organization to more effectively take advantage of opportunities
• Reduce response time for emerging risks• Demonstrate to stakeholders that reasonable risk
management processes are in place• Provide an efficient way to link business objectives,
risks, mitigation strategies, residual risks, and procedural process documentation
![Page 23: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/23.jpg)
What is ERM NOT supposed to do?
• Be just one more audit• Be just one more compliance exercise• Be done by ONLY audit or risk
management- Risk management is part of the decision
making process• Prevent healthy risk taking
- A good risk manager is a good risk taker- “Too much rigor creates rigor mortis!”
![Page 24: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/24.jpg)
Huge changes in the operating environment Allows the CU to make well-informed decisions Reduces surprises; prepares us for the worst case
scenario Ensures all areas have been considered – do things
right the first time Opportunities for healthy risk taking are not
overlooked Identify gaps and overkill in processes and
procedures
Redstone’s ERM Objectives
![Page 25: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/25.jpg)
ERM Principles & Concepts
Goals & Objectives for an ERM Program
ERM Components
Getting Started
Questions and Comments
Webinar Agenda
![Page 26: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/26.jpg)
Financial Risk Strategic Risk
• Relates to “macro” risks, strategic decisions, economic trends and planning
• Includes NCUA categories of Strategic and Reputation Risk (also IT)
• Typically managed through the Strategic Planning process
• Identify relevant risk scenarios and develop plans for addressing them
• All significant strategic risks should be managed due to large impact
• Relates to risk that is present in the credit union’s investments and loan portfolio
• Includes NCUA categories Interest Rate and Liquidity
• Also includes concentration and accounting risk
• Usually managed through the ALM process and includes executive and board level involvement
• Subjectivity of assumptions underlying financial models
Enterprise Risk Management Components
Operations Risk
• Risk that operations are not designed or executed effectively
• Includes NCUA categories Transaction, Compliance, and Credit risk
• Also includes Fraud, Accounting, IT
• Managed through effective business processes and controls
• Requires prioritization of efforts and activities to manage effectively
![Page 27: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/27.jpg)
Financial Risk Strategic Risk
• Relates to “macro” risks, strategic decisions, economic trends and planning
• Includes NCUA categories of Strategic and Reputation Risk (also IT)
• Managed through the Strategic Planning process
• Identified four primary risk scenarios and developed plans for addressing them
• All significant strategic risks should be managed due to large impact
Enterprise Risk Management Components
Operations Risk
• Risk that operations are not designed or executed effectively
• Includes NCUA categories Transaction, Compliance, and Credit risk
• Also includes Fraud, Accounting, IT
• Managed through effective business processes and controls
• Requires prioritization of efforts and activities to managed effectively
• Relates to risk that is present in the credit union’s investments and loan portfolio
• Includes NCUA categories Interest Rate and Liquidity
• Also includes concentration and accounting risk
• Usually managed through the ALM process and includes executive and board level involvement
• Subjectivity of assumptions underlying financial models
![Page 28: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/28.jpg)
Liquidity
Accounting
Financial Risk Management Components
Interest Rate
![Page 29: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/29.jpg)
Financial Risk Management Components
Interest Rate
•Loan pricing (risk based pricing)
• Investment yields•Duration•Typically managed through ALM process at the executive & board level
•Ratio analysis & modeling are key components– Should include scenario
analysis and shocks– Beware geeks bearing
formulas (like VAR)
![Page 30: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/30.jpg)
Liquidity
Financial Risk Management Components
•Basic cash management– Budgeting &
forecasting– Contract renewals and
vendor management– Seasonality analysis– Should include
scenario analysis•Be cognizant of NCUA requirements
•Heavily linked to strategic risk!
![Page 31: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/31.jpg)
Accounting
Financial Risk Management Components
• Important for monitoring and measuring ratios•Allowance for loan loss is incredibly subjective•Should include scenario analysis•Should not be “outsourced”
– Do not assume that accounting risk is managed just because the audit or regulatory exam is clean
![Page 32: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/32.jpg)
Liquidity
Accounting
Financial Risk Management Components
Interest Rate
Concentration Risk
![Page 33: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/33.jpg)
Financial Risk Management Components
Concentration Risk
•Hottest NCUA risk category– Supervisory Letter Issued– “A risk concentration is any single
exposure or group of exposures with the potential to produce losses large enough (relative to capital, total assets, or overall risk level) to threaten a financial institution’s health or ability to maintain its core operations.”
•Many credit unions are over-concentrated in cash (may increase need for fees)
•No set guidelines for establishing limits have been communicated
•Three key phases for concentration risk:– Policy setting– Initial analysis and remediation– On-going monitoring
![Page 34: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/34.jpg)
Asset Liability Policy Asset-Liability Committee meets monthly Monthly review of interest rate risk, liquidity risk,
investment strategy Monitor key ratios: net worth, delinquency, charge-
offs, ROA Monitor long-term asset ratio Quarterly qualitative review CFO establishes annually how much risk the CU can
take with BOD based on worst case scenarios using NCUA’s 7 risk categories
Planning, budgeting, forecasting, follow-up
Redstone’s Financial Risk Plan
![Page 35: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/35.jpg)
Financial Risk Strategic Risk
• Relates to “macro” risks, strategic decisions, economic trends and planning
• Includes NCUA categories of Strategic and Reputation Risk (also IT)
• Managed through the Strategic Planning process
• Identified four primary risk scenarios and developed plans for addressing them
• All significant strategic risks should be managed due to large impact
Enterprise Risk Management Components
Operations Risk
• Risk that operations are not designed or executed effectively
• Includes NCUA categories Transaction, Compliance, and Credit risk
• Also includes Fraud, Accounting, IT
• Managed through effective business processes and controls
• Requires prioritization of efforts and activities to managed effectively
• Relates to risk that is present in the credit union’s investments and loan portfolio
• Includes NCUA categories Interest Rate and Liquidity
• Also includes concentration and accounting risk
• Usually managed through the ALM process and includes executive and board level involvement
• Subjectivity of assumptions underlying financial models
![Page 36: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/36.jpg)
Two Step Process
Enterprise Risk Assessment & Prioritization (“Top
Down”)
Detailed Process Level Risk Analysis (“Deep Dives”)
![Page 37: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/37.jpg)
Two Step Process
Enterprise Risk Assessment & Prioritization (“Top
Down”)
Detailed Process Level Risk Analysis (“Deep Dives”)
Scope
Scrutiny
![Page 38: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/38.jpg)
Conducted EWRA Conducting initial deep dives on all high risk areas Forming a Risk Management business unit
responsible for implementing operational risk plan By end of 2012 will have conducted a deep dive in
every business unit Establish annual schedule for risk assessments Consult with business units on new projects Monthly reporting to the BOD
Redstone’s Operational Risk Plan
![Page 39: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/39.jpg)
The Enterprise Wide Risk Assessment is used to
identify, evaluate, and prioritize operational risk hot
spots
Financial and strategic risks are not typically
evaluated in this assessment
Goal is to identify areas that require further analysis
by process owners, internal audit, etc.
EWRA Concepts
![Page 40: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/40.jpg)
Identifying Risk Events
An item that is uncertain, can happen in the future, and has an impact on objectives
Assigned scores for likelihood and impact During the initial phase Risk should be analyzed as
though there were no controls (inherent risk)• Example: “In the payroll process, there is a risk
that the right people are paid the wrong rates” • “Or that the wrong people are paid the right
rates” Risks are usually identified by logic and analysis
(intuition) But data can be used to identify holes as well
![Page 41: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/41.jpg)
Risk Response
Accept• Risks that fall within the organization’s risk appetite and/or
that do not significantly threaten the organization’s business objectives can be accepted
- Laziness or apathy cannot be the default Transfer (Reassign)
• Typically done through insurance Mitigate
• Risks that cannot be accepted or realistically transferred should be mitigated through the use of control measures
Remaining risk is “residual risk”• Most common mistake by organizations is an attempt to
immediately determine “residual risk”
![Page 42: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/42.jpg)
Financial Risk Strategic Risk
• Relates to “macro” risks, strategic decisions, economic trends and planning
• Includes NCUA categories of Strategic and Reputation Risk (also IT)
• Managed through the Strategic Planning process
• Identified four primary risk scenarios and developed plans for addressing them
• All significant strategic risks should be managed due to large impact
Enterprise Risk Management Components
Operations Risk
• Risk that operations are not designed or executed effectively
• Includes NCUA categories Transaction, Compliance, and Credit risk
• Also includes Fraud, Accounting, IT
• Managed through effective business processes and controls
• Requires prioritization of efforts and activities to managed effectively
• Relates to risk that is present in the credit union’s investments and loan portfolio
• Includes NCUA categories Interest Rate and Liquidity
• Also includes concentration and accounting risk
• Usually managed through the ALM process and includes executive and board level involvement
• Subjectivity of assumptions underlying financial models
![Page 43: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/43.jpg)
Risk Drivers on Value
0
5
10
15
20
25
30Customer
Demand Shortfall
Competition
M&A Problems
ProductsPricing
Loss Customer
Supplier
Cost Overruns
Accounting Irregularities
Management Ineffectiveness
Supply Chain Issues
Macroeconomics Commodity Prices Interest Rates
Lawsuit Natural
DisastersStrategic Operational Financial HazardSource: Marsh/Mercer; used with permission
RegulatoryR&D
Delays
Fortune 1000 companies that lost > 25% stockholder value in one month…
![Page 44: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/44.jpg)
Strategic Risk Challenges
Difficult to identify
• Requires creativity and forward thinking
• Some are outside of our control
Nearly impossible to quantify
• Requires effective estimations and judgment
• Most should be actively managed anyway
Hard to monitor
• Metrics and action items are not obvious
There is rarely one “right answer” to any risk
Solutions can often create new risks
Extended timeline means they can change
• Three huge risks of any project that lasts more than one year
(technology, environment, people)
![Page 45: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/45.jpg)
Many Overlook Risk of Committing to Wrong Strategy
Time
Range of Uncertainty
Strategies Built Today
Performance Observed Over Time
Adapted from The Strategy Paradox, by Michael Raynor
![Page 46: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/46.jpg)
Strategic Risk Identification
Start with external strategic risks• New Regulations• Changes to Asset Prices• Strategic Partner Plans & Viability
- Corporate Credit Unions- Fannie & Freddie
• Interest Rate Changes• Economy and Employment• New Competitors• Lost Competitors when Local/Regional Banks Fail
- May increase your volume – are you ready?
![Page 47: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/47.jpg)
Typical Internal Strategic Risks
Executive Integrity & Ethics Loss or compromise of member data Inability to identify and develop new/effective products &
services Insufficient access to capital Inability to manage credit risk Reputation is not maintained/perception of insufficient financial
soundness Lack of adequate resources Inability to grow/scale to meet market requirements Inability to attract and retain qualified personnel And many others….
![Page 48: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/48.jpg)
Strategic Risk Options
Accept
Avoid
Transfer (Insure/Hedge/Outsource)
Aggressively Manage
• Operationalize (but this will create operational risk)
• Monitor & Respond
• Develop “Real Options”
• Influence
![Page 49: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/49.jpg)
Developed strategic objectives Identify risks associated with each objective –
scenario planning Determine level of acceptable risk and risk
mitigation strategies for each objective Utilize forecasting model to tie strategic risk
plan to financial risk plan Monthly reporting to BOD with a detailed
annual review to make the program more visible
Redstone’s Strategic Risk Plan
![Page 50: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/50.jpg)
ERM Principles & Concepts
Goals & Objectives for an ERM Program
ERM Components
Getting Started
Questions and Comments
Webinar Agenda
![Page 51: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/51.jpg)
Define Roles & Responsibilities
Risk Management
Executives & Managers
Board of Directors
Auditors & Supervisory Committee
![Page 52: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/52.jpg)
ERM Champion
Establish the ERM Terminology
Provide Guidance, Quality Assurance & Project
Management
Communicate & Demonstrate the Value of ERM
Measure the Progress of the Program
Adjust Plans based on Lessons Learned
![Page 53: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/53.jpg)
Our First Steps at Redstone
Research ERM models
Define what ERM means for RFCU
Find a partner (Vital Insight) to assist with
development and implementation
Educate the Board; Executive Staff; Management
Conduct EWRA and determine where deep dives
were needed
![Page 54: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/54.jpg)
Vital Insight Services for Different Needs
Risk and Objectives VI Services
Financial RiskConcentration Risk Assessment
ALM Policy Review or Development
Strategic RiskRisk Profile
Strategic Risk Assessment & Scenario Analysis
Operations RiskEnterprise Wide Risk Assessment
Functional Risk Assessments (“Deep Dives”)
Education & Change Management
VI Academy Training SessionsERM Fitness Check
Mentoring & Quality Assurance
![Page 55: Governance Insight June 15, 2011 Enterprise Risk Management](https://reader030.vdocuments.site/reader030/viewer/2022020117/56649e665503460f94b60574/html5/thumbnails/55.jpg)
Questions
Roberta RodgersVice President, Risk [email protected]
Alan WhitePresident & [email protected]