AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model

Similar documents
Enterprise Risk Management Integrated Framework

Applying COSO s Enterprise Risk Management Integrated Framework

An Overview of the Enterprise Risk Management Process

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

GOV : Enterprise Risk Management Policy

CASE STUDY DEPOSIT GUARANTEE FUNDS

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

ERM Practices: A Comparison of Approaches

Practical aspects of determining and applying a risk appetite for SMEs

Procedures for Management of Risk

The Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014

Guidance Note: Internal Capital Adequacy Assessment Process (ICAAP) Credit Unions with Total Assets Greater than $1 Billion.

Capturing Risk Appetite Through ERM - Implementation Challenges

Pillar 3 Disclosures. Invesco UK Limited

OMB A Update

Enterprise Risk Management Focusing on the Right Risks

NEWSLETTER ERM AND THE RATING AGENCIES WERF THE RATING AGENCY PERSPECTIVE

RISK MANAGEMENT POLICY

TD BANK INTERNATIONAL S.A.

WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Enterprise Risk Management (ERM)

International Certificate in Financial Services Risk Management. Qualification Syllabus. Building excellence in risk management

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Pillar 2 for Insurer s:

Working through Risk Appetite

Keeping Pace With Solvency II

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

The Components of a Sound Emerging Risk Management Framework

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Emerging Trends in Quantitative ERM

ERM and ORSA Assuring a Necessary Level of Risk Control

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

ORSA An International Development

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

Risk Management Policy

Introduction. The Assessment consists of: Evaluation questions that assess best practices. A rating system to rank your board s current practices.

APPENDIX 1. Transport for the North. Risk Management Strategy

ESTABLISHING RISK BOUNDARIES. Michel Rochette, MBA, FSA Caribbean Actuarial Association Annual Meeting Trinidad & Tobago December 4th 2008

Overview of ERM Assessment Viewpoints (June 2016) Overview

The Rating Agency View of Capital Modelling. Simon Harris Team Managing Director European Insurance

Business Auditing - Enterprise Risk Management. October, 2018

Solvency II Detailed guidance notes for dry run process. March 2010

RISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.

INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS GUIDELINE. Nepal Rastra Bank Bank Supervision Department. August 2012 (updated July 2013)

A.M. Best s New Risk Management Standards

Aon Risk Maturity Index

A Global Trend In Local Government

Own Risk and Solvency Assessment (ORSA)

Procedure: Risk management

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

CBRE Clarion Securities UK Limited PILLAR 3 RISK DISCLOSURES April 2017

Enterprise Risk Management How much risk do you want to take? Mark Lim Risk Consulting and Software Towers Watson

Certified Enterprise Risk Professional (CERP) Test Content Outline

Communicating the Value Enterprise Risk Management

NAIC OWN RISK AND SOLVENCY ASSESSMENT (ORSA) GUIDANCE MANUAL

Credit risk management. Why it matters and how insurers can enhance their capabilities

Risk Management Framework

Delivering Clarity to Credit Unions Through Expertise and Experience

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

Table of Contents. Foreword by the Editor of this Series...5 Foreword by the Authors...7 Table of Contents...11 Abbreviations...21

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Operational risk and corporate governance

MAS consults on Enterprise Risk Management ( ERM )

AIA Group Limited. Terms of Reference for the Board Risk Committee

An introduction to Operational Risk

Sections of the ORSA Report

Defining the Internal Model for Risk & Capital Management under the Solvency II Directive

Nagement. Revenue Scotland. Risk Management Framework

Guidance Note System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

AIA Group Limited. Terms of Reference for the Board Risk Committee

Criteria Insurance General: Refined Methodology For Assessing An Insurer's Risk Appetite. Table Of Contents

Risk Appetite Survey Current state of the Insurance Industry

2018 THE STATE OF RISK OVERSIGHT

The Evolution of Risk Management and The Risk Management Process

IAIS: Enterprise Risk Management for Capital Adequacy & Solvency Purposes. George Brady. IAIS Deputy Secretary General

The OCEG Open Risk Classification using XBRL

Business Continuity Management and ERM

SEPTEMBER 2014 INCORPORATING THE REQUIREMENTS OF THE RESERVE BANK OF INDIA

Subject ST9 Enterprise Risk Management Syllabus

Date Draft Writer: New Document January 1, 2016

CERA Module 1 Exam 2015

May 2015 DISCUSSION DRAFT For Illustrative Purposes Only Content NOT Reviewed or Approved by the Actuarial Standards Board DISCUSSION DRAFT

DRAFT 3/18/14 Financial Analysis Handbook 2014 Annual/2015 Quarterly

Risk Management Strategy Highland Council Pension Fund

Guidance Note. Securitization. March Ce document est aussi disponible en français. Revised in October 2018

Day 2: Session 2 Tax governance, risk and control

RESERVE BANK OF MALAWI

CORPORATE RISK MANAGEMENT POLICY

Ashmore Group plc Pillar 3 Disclosures as at 30 June 2015

RISK MANAGEMENT POLICY Dublin & Dun Laoghaire ETB May 2016

ERM Benchmark Survey Report A report on PACICC's third ERM benchmarking survey

ERM Implementation and the Own Risk and Solvency Assessment (ORSA)

ERM and Reserve Risk

Identifying and taking opportunities to improve performance as well as taking action to avoid or reduce the chances of something going wrong

ENTERPRISE RISK MANAGEMENT Framework

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

Transcription:

AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model G.Edward DeSeve, Senior Advisor September, 2014 Oliver Wyman

Introduction Guide Posts- As governments design ERM programs, they must look to existing guidance as a necessary but not sufficient starting point Risk Registers- These capture, classify and monitor risks Maturity Model- Gives agencies a self- evaluation against accepted standards. Oliver Wyman 1

Guide Posts Guidance for Federal Agencies National Preparedness Goal- Presidential Decision Directive Eight (PDD 8) National Planning Frameworks: National Prevention Framework National Protection Framework National Mitigation Framework National Response Framework National Disaster Recovery Framework Oliver Wyman 2

Guide Posts cont d National Infrastructure Protection Plan- PDD 21 Continuity of Operations- National Security Presidential Directive 51 Internal Controls- OMB Circular A-123 ERM Strategy- OMB Circular A-11 Private Sector Guidance Committee of Supporting Organizations (COSO) International Organization for Standardization (ISO) 31000 Oliver Wyman 3

Risk Registers: Questions to be addressed Drivers- What are the key factors that give rise to the risk? Consequences- What are the potential effects of the risk on agency performance? Impacts- If the event contemplated occurs, how significant is it? Related risks- Are there other risks that would be triggered if this risk transpired? Indicators- What will indicate the presence and severity of the risk? Thresholds- When does the risk become significant? Mitigation- What can be done to prevent or contain the risk? Ownership- Who is responsible for identifying, monitoring and dealing with the risk? Future Actions- If the risk occurs and spreads, who will deal with it? Oliver Wyman 4

Risk capture Risks should be captured by the sectors and functions on a common template with a shared understanding of terms Risk Category Risk Key drivers Consequences Financial impacts Related risks Standard highlevel risk category Category of events that could increase the volatility of planned outcomes Standard risk name from revised categorisation document for consistency across the Group Key factors / events that give rise to the risk May vary according to region / market circumstances Helps to focus mitigation actions Effect of risk on strategic goals / financial performance / operational effectiveness Helps in the identification of severity Quantification of the consequences of the risk Input from assessment of severity and likelihood (gross and net) Other risks the risk is influenced by Risks this risk influences Contributes to aggregation and scenario analysis Fixed across years 1 Broadly stable Varies across/within years 1. Subject to review Oliver Wyman 5

Risk monitoring Key risks should be monitored against key indicators, giving rise to increased mitigation efforts as required Risk Standard risk name for consistency across the Group Key drivers Key factors / events that give rise to the risk May vary according to market circumstances Helps to focus mitigation actions Risk indicators and threshold Ideally leading, but lagging where necessary External (e.g. economic, market, etc) Internal performance (e.g. operational, financial) Tolerance thresholds for indicators Risk status Indicator results at last time period Indicator results at current time period Traffic light status against tolerance thresholds Adjustment to financial impacts Qualitative change in severity of impact Qualitative change in likelihood of impact Current mitigation actions Focused set of actions designed to address the key risk drivers Owner Individuals / bodies responsible for mitigation actions Support of additional key individuals / bodies noted as required Additional decision Proposed further actions to be undertaken to bring amber and red results back to green Fixed across years 1 Fixed within the year Varies by reporting period Fixed within the year Traffic light reporting Within acceptable bounds Cause for concern Significant concern No additional action required Additional action to be considered Additional action required immediately 1. Subject to review Oliver Wyman 6

Toward a Maturity Model Framework Criteria Scorecard Oliver Wyman 7

Evaluation framework Internal sources Oliver Wyman intellectual capital Proprietary ERM framework Industry, FTSE 100 and Fortune 500 ERM experience External sources Laws, regulations and statements of financial practice AS/NZS 4360:2004 Risk management standard Committee of sponsoring organizations ( COSO ) Enterprise Risk Management Integrated Framework NYSE/SEC corporate governance rules Sarbanes Oxley Act Turnbull report Internal control: Guidance for directors on the combined code Cadbury report The financial aspects of corporate governance Principle 11 and Accompanying Singapore Code of Corporate Governance Rating agency (S&P, Moody s, Fitch) ERM rating criteria ISO 31000 Risk management principles and guidelines Market-based research Conference Board ERM survey From risk management to risk strategy: Research report and guidelines Conference Board risk management publications getting your arms around ERM; The future of ERM; ERM systems: Beyond the balanced scorecard Risk and Insurance Management Society ( RIMS ): Risk Maturity Model ( RMM ) for Enterprise Risk Management Publicly available market/industry ERM publications WEF Global Risks Report Oliver Wyman s ERM evaluation framework Risk identification & measurement 1 1 Risk strategy & appetite 2 3 4 5 6 7 8 Risk mitigation approach & processes Organization & governance Tools & IT systems Risk reporting Risk culture Link between risk-reward & management processes Oliver Wyman 8

Assessment criteria Minutes version Initial Basic Established Advanced Leading edge Capabilities related to the component are absent or completed on an ad-hoc basis only Capabilities are characteristic of certain individuals, not of the organization Capabilities related to the component have some organizational framework, but practice is largely intuitively reinforced rather than embedded Regulatory requirements related to the sub-component appear to be met where relevant Key capabilities related to the component are present across the company Policies, processes, and techniques, even if unsophisticated, are well-defined and applied with appropriate support Sophisticated capabilities related to the component are tailored to the organization and proactively used to address its risk management needs Policies, processes and techniques are well aligned and applied in a standardized way Sophisticated capabilities that are continually improved are embedded in decisionmaking processes across the company The organization is focused on using its capability as a source of strategic advantage and increased operational effectiveness Oliver Wyman 9

Risk strategy & appetite Oliver Wyman s ERM evaluation scorecard (1/8) Risk strategy and appetite Market practices overview Draft Design criteria Basic Established Leading edge Metrics/features used Defined along a very limited (1-3) set of metrics in expected case No quantitative analysis conducted for parameterization Not used for further limitation Purpose and relevance Mainly for informational purpose as an additional item for consideration Level of formalization Vaguely formalized Typically not approved by the whole board (often only full endorsement by CFO/CRO) Typically not part of senior stakeholder conversation and decision-making Implementation rigour Risk appetite non-prescriptive highlevel guideline Frequency Tracked half-yearly Reviewed 1x every 2 years Delineation of strategic vs. nonstrategic risk (risk accepted, risks to avoid) Small set of (2-5) metrics (e.g. net debt factor, earnings volatility) under a simplified stress scenario (e.g. 1:10) Top-down guidance on risk limits Creates an explicit link between the business strategy and the risk taking activities undertaken Formalized, aligned and comprehensive risk appetite which serves as the basis to control and limit any risk taking activity undertaken by the company Formal risk appetite statement approved by the Managing Board considering input from key stakeholders Risk appetite additional secondary target and constrain Tracked quarterly Reviewed 1x year Definition of tolerance for multiple (~5-7) key trackable metrics under various scenarios (e.g. 1:10, specific crisis scenarios ) Frequent tracking and monitoring of risk appetite levels (automated process) Regular tracking of Risk Bearing Capacity vs. Risk Capital used Translation into operational limits and bottom-up/top-down risk limit reconciliation Serves as the guideline for risk-taking and the basis for the overall risk limit system Extended set of stakeholders involved during definition Risk Capital introduced as common currency for risk Risk appetite statement key element of steering Tracked monthly Reviewed 1x year Oliver Wyman 10

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback