Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008

Similar documents
Energize Your Enterprise Risk Management

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Sections of the ORSA Report

Applying COSO s Enterprise Risk Management Integrated Framework

Delivering Clarity to Credit Unions Through Expertise and Experience

ERM Mini-Seminar. James Lam President, James Lam & Associates. Sponsored by Society of Actuaries December 9, Filename

Certified Enterprise Risk Professional (CERP) Test Content Outline

Presentation by: Nasumba Kizito Kwatukha CPA,CIA, CISA,CFE,CISSP,CRMA,CISM,IIK 6 th JULY 2017

Enterprise Risk Management Integrated Framework

FIRMA Nashville Tennessee April 21, 2015

Enterprise Risk Management

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

Enterprise Risk Management: A Practical Approach

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

Introduction. The Assessment consists of: A checklist of best, good and leading practices A rating system to rank your company s current practices.

What Is Enterprise Risk Management?

RISK MANAGEMENT - CORPORATE COMPLIANCE & ETHICS

RISK MANAGEMENT FRAMEWORK

Top Down, Bottom Up. Your Treasury Team. Robert Freiling Fund Financial Services, Fund Treasury Sr. Manager Vanguard

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Leveraging an organization s current risk management to create a sustainable ERM program. Thursday, January 15, 2015

Headline Verdana Bold Managing tax Balancing current challenge with future promise The EYE, Amsterdam, 30 November - 1 December 2016

Enterprise Risk Management (ERM)

RISK MANAGEMENT FRAMEWORK OVERVIEW

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

CORPORATE RISK MANAGEMENT POLICY

J SAINSBURY PLC (THE COMPANY ) ANNUAL REPORT AND FINANCIAL STATEMENTS 2016

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

1st Capacity Building Seminar on Enterprise Risk Management

AFERM Best Practices: Guideposts, Risk Registers and a Maturity Model

Now THAT YOUR ORGANIZATION'S INITIAL WORK

Day 2: Session 2 Tax governance, risk and control

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

ERM Capability A Rating Agency s View. David N. Ingram, CERA Director Enterprise Risk Management, Financial Services Ratings Standard & Poor s

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

Business Continuity Management and ERM

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Management Policy Coface Singapore

Finally ERM Made Easy: ERM for Dummies Has Evolved!

I would like to thank the following organizations for sponsoring the course, which allows their employees/members to have the registration fee waived:

Thirty-Second Board Meeting Risk Management Policy

Enterprise Risk Management Program

ERM and ORSA Assuring a Necessary Level of Risk Control

Understanding Enterprise Risk Management: An Overview

RISK MANAGEMENT POLICY

Unlocking Value with Enterprise Risk Management. presented by Jim Toole, FSA, CERA, MAAA Bob Daino, FCAS, MAAA

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

PENSION SYSTEM RESUMPTION (PSR) RECOVERY PLAN PROJECT

TD BANK INTERNATIONAL S.A.

Journey of a Compliance Officer in ERM Implementation. SCCE Regional Conference September 8, Introduction

Enterprise Risk Management. University of Nebraska Max J. Rudolph, FSA CFA CERA Rudolph Financial Consulting, LLC February 15, 2008

Presented by Kristina Narvaez President & CEO ERM Strategies, LLC

ERM: Lessons Learned and Tools Used from One University's Nearly 10-Year Implementation Journey. University Risk and Compliance

INTERNAL AUDIT AND OPERATIONAL RISK T A C K L I N G T O D A Y S E M E R G I N G R I S K S T O G E T H E R

OMB Update Enterprise Risk Management. April, 2018

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

ERM Concepts and Framework. Paul Duffy

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Economic Capital 4.14 Solvency II and Basel II and III Regulatory Standards 4.19 NAIC Own Risk and Solvency Assessment (ORSA) 4.23 Summary 4.

Fraud Investigation & Dispute Services Corporate misconduct individual consequences

OUTLINE BACKGROUND: REGULATORY ENVIRONMENT SII/ERM IMPLEMENTATION: BUSINESS MANAGEMENT INTEGRATION IS KEY SII AND CAPITAL REQUIREMENTS

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

AIG Acquisition of Validus Holdings: A Step Forward in AIG s Profitable Growth Strategy. Investor Presentation January 22, 2018

GENERAL RISK CONTROL AND MANAGEMENT POLICY

ENTERPRISE RISK AND STRATEGIC DECISION MAKING: COMPLEX INTER-RELATIONSHIPS

Enterprise Risk Management How much risk do you want to take? Mark Lim Risk Consulting and Software Towers Watson

WHITE PAPER FOUR PRACTICAL WAYS TO CAPTURE AND MONITOR RISK APPETITE

Working through Risk Appetite

Solvency II - Risk Management Strategies for Insurance Businesses

Risk Management Policy Adopted by:

ERM Sample Flashcards

INTEGRATING RISK MANAGEMENT AND BUSINESS CONTINUITY

Pillar 3 Disclosure Statement

Risk An overview and MIS An audit Perspective

The Role of Finance and Accounting as Critical Players in ERM and ORSA

Managing business risks in SMSEs

Solvency II - Risk Management Strategies for Insurance Businesses

Own Risk Solvency Assessment (ORSA) Linking Risk Management, Capital Management and Strategic Planning

Operational Risk Management

Guide to an ERM Risk Map and Working in Practice

Disclosure Controls. Boris Feldman NIRI San Francisco Chapter October 3,

Aligning Risk Management with CU Business Strategy

Bournemouth Primary MAT Risk Management Policy

Corporate Governance and Oversight Sharon Moderator James, General Counsel, Boston Financial Amy Dauwer, General Auditor, Boston Financial.

Keeping Pace With Solvency II

Risk Management at ANZ

Fintechs and regulatory compliance The risk management imperative. May 2018

The OCEG Open Risk Classification using XBRL

Business Auditing - Enterprise Risk Management. October, 2018

Risk Management Policy

Amex Bank of Canada. Basel III Pillar III Disclosures December 31, AXP Internal Page 1 of 15

CATTOLICA LIFE DAC SOLVENCY AND FINANCIAL CONDITION REPORT 31 ST DECEMBER 2017

Leveraging an organization s current risk management to create a sustainable ERM program. Tuesday, September 23, 2014

Three Lines of Defense: Working Together to Enhance Business Performance

TERMS OF REFERENCE OF THE BOARD RISK COMMITTEE OF THE BOARD OF DIRECTORS

Best practices for multiple sub-adviser mutual funds

(Re)insurance Fast Forward. Régis DELAYAT Senior Digital Advisor to the Chairman February 28 th, 2018

OMB A Update

Transcription:

Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management David K. Whatley UTH Advisors April 15,2008 UTH Advisors 2008 1

What is Enterprise Risk Management? Why don t more companies have ERM? What are Risks? What is the Risk Management Process? What is ERM Process? What is Stealth ERM? How did we do ERM at Home Depot? What does Integrated Stealth ERM Look Like? Q & A Introduction UTH Advisors 2008 2

What Is ERM? COSO Definition a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. COSO Enterprise Risk Management Integrated Framework. 2004 UTH Advisors 2008 3

Arthur Andersen Definition a structured and disciplined approach: it aligns strategy, processes, people, technology and knowledge with the purpose of evaluating and managing the uncertainties the enterprise faces as it creates value. Arthur Andersen 2000 UTH Advisors 2008 4

My Definition A process to coordinate identification and management of all risks facing an organization. DKW 2008 UTH Advisors 2008 5

Why Don t We Have More ERM? Too Complex Too Many Initiatives ROI Hurdle Silos Turf War No Value Proposition UTH Advisors 2008 6

What Are Risks Risks are impediments to achieving business goals Two Types of Risk: Positive = Opportunity Risk Negative = Loss Risk UTH Advisors 2008 7

Classic Risk Management Process Identify Risk Assess Current Risk State Probability Impact Risk Map Current State Determine: Cost/Impact/Benefit of Mitigation Tools Avoid Transfer Balance Manage Risk Map Residual Risk/Mitigated State Cost/Benefit Decision UTH Advisors 2008 8

Enterprise Risk Management Process Risk Identification and Evaluation Built Into All Business Processes Assimilation of Results of Risk Management in Each Business: Assure Risk Management Process is Executed Risk Tolerance Levels Are Appropriate and Uniform Determine Consolidated Risk of Enterprise Measure vs. Level Approved by Board of Directors UTH Advisors 2008 9

Goals of ERM Increase Positive Risk Taking Reduce Negative Risk Occurrence Improve the Bottom Line UTH Advisors 2008 10

Stealth ERM Enterprise Risk Management by Many Other Names is Still Enterprise Risk Management Integrate Risk Considerations into all business processes Position ERM as process/management process improvement that adds value by inserting risk awareness and considered risk decision making into all processes Changes culture by introducing enterprise wide view-- better business planning-- better decisions UTH Advisors 2008 11

Enterprise Risk Management Structure Board of Directors = Overview Process/Sets Risk Level Chief Executive Officer = Chief Risk Officer Senior Leadership Team = Risk Committee Business Processes Include Risk Assessments and Consideration of Risk in Decisions or are Risk Based UTH Advisors 2008 12

COSO Enterprise Risk Management The ERM Components COSO Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information and Communication Monitoring Influences how strategies and goals are set, how activities are structured and how risks are identified, assessed and acted upon Creates a process for setting objectives, ensuring that those objectives are aligned with strategic goals and that those goals are consistent with risk appetite Considers internal and external factors that might affect strategy and achievement of business objectives Focuses on the likelihood and impact of potential events and their effects on objectives Evaluates risks for possible responses and their effects Ensures that risk responses are carried out efficiently via policies and procedures Involves the exchange of relevant data with internal and external parties so that they may identify, assess and respond appropriately to risk Ensures that the components of ERM are applied at all levels UTH Advisors 2008 13

COSO ERM Components At HD ERM Components Internal Environment Objective Setting Event Identification Risk Assessment Risk Response Control Activities Information & Communication Monitoring THD Activities Tone at the Top Sarbanes-Oxley/404 Board of Directors (BOD) SOAR Liability Risk Analysis SOAR SOAR Internal Audit SOAR Internal Audit Liability Risk Analysis Sarbanes-Oxley/404 Corporate Compliance Quarterly Executive Council (QEC) Weekly President s Call SOAR Quarterly Executive Council Activity Deliverable Corporate Governance Entity Level Assessment Strategic Vision Strategic Initiatives Insurance Levels Strategic Initiatives Strategic Initiatives Internal Audit Plan Strategic Initiatives Internal Audit Plan Insurance Levels Attestation of Fin. Reporting effectiveness SOP s Standard Reconciliation Process Strategic Initiative Issue Resolution Management Report Outs Strategic Initiatives Strategic Initiative Issue Resolution UTH Advisors 2008 14

The Home Depot s Risk Areas THD Risk Area Business Leader / Oversight Asset Management EVP Bus. Development/Corp. Operations / REEC Customer Service EVP HD Stores / Store Manager Council Legal EVP Secretary/General Counsel / Compliance Council Human Resources EVP - HR / Leadership Development Compensation Committee Finance/Accounting EVP - CFO / Audit Committee Brand and Image EVP Merchandising/Marketing / Branding Committee Merchandising EVP Merchandising/Marketing / Innovative Council Growth EVP Bus. Development/Corp. Operations / Growth Steering Comm. Information Technology EVP IT/CIO / IT Advisory Council Supply Chain EVP Merchandising/Marketing / Supply Chain Council External Factors CEO / BOD, QEC UTH Advisors 2008 15

Risk Identification and Assessment Processes Corporate Compliance Program Internal Audit Program Risk Management Information Systems Safety Data Claims Cost Data Security Assessments Loss Prevention Product-containing Facilities Corporate Security- Offices/Events/Executives IT Business Risk Assessments Systems Recovery Priorities SOAR Strategic Risks HR Risks Safety Programs Safety Audits Safety Investigations UTH Advisors 2008 16

Home Depot Compliance Program The Home Depot Compliance Program is based upon the three-fold approach of: (1) prevent, (2) detect and (3) respond to potential issues. These three components form a closed-loop cycle that reinforces compliant conduct throughout the Company. UTH Advisors 2008 17

Compliance Structure A Compliance Policy and Guidelines are maintained for each identified risk area of the Company s business Compliance Assurance Mechanisms are included in the SOPs that establish processes for Company conduct Training educates and informs targeted associates about the Company s Compliance Policies & related SOPs UTH Advisors 2008 18

Compliance Reviews Quarterly Reviews: Select policies or functional areas are reviewed quarterly Annual Compliance Reviews: Week-long enterprise-wide policy and functional area review with all Divisions, Subsidiaries and International Businesses UTH Advisors 2008 19

Compliance Review Components Laws/SOP Update New External Standards New Internal Standards Risk Change Assessment Risk Monitoring Process Improvement Progress Incident Update Major incidents are reported, with the investigation details and resolutions Other Updates Government Investigations Training Proposals Budget/Resource Allocations UTH Advisors 2008 20

Risk-Based Compliance Monitoring 2007 Compliance Monitoring Plan Company, Inc. : Safety Dept. 3 rd Quarter METRIC RISK BENCH Q1 Q2 Q3 Q4 YTD TRAFFIC RISK LEVEL MARK LIGHT # of Incidents Low 0 0 0 0 0 G Sample Risk 1 # of Violations Low 0 0 0 0 0 G Sample Risk 2 Compliance Metrics: Traffic Lights provide an efficient way of quickly determining the status of each individual risk. UTH Advisors 2008 21

Compliance Process Improvement 2007 Compliance Process Improvement Plan Company, Inc. : Safety Dept. Process Improvements 3 rd Quarter PROCESS IMPROVEMENT ACTION STEP COMPLETION STATUS TRAFFIC LIGHT DATE Process Improvement #1 G Process Improvement #2 G Process Improvements: Any processes/procedures being developed and implemented to improve current operations and mitigate risks. UTH Advisors 2008 22

SOAR Includes Risk Discussions Enhance Core Extend Business Expand Market Customer Satisfaction Differentiated and Innovative Merchandise at Great Value Store Readiness Information Technology New Stores New Formats Home Depot Services Home Depot Direct Home Depot Supply MRO Builder Professional Supply Canada Mexico China Voice of Customer Conversion Store Productivity New Locations New Service Categories New Channels New Businesses New Platforms New Geographies Align SOAR with Strategic Vision UTH Advisors 2008 23

SOAR Strategic Planning Entities DEPARTMENTS #21 #22 #23 #24 & #59 #25 #26 #27E #27L #28 #29 #30 Store Formats OTHER BUSINESSES AHS HD Supply/ ITB PRO / Tool Rental Canada Direct /ebusiness Operations / Stores (Supply Chain) IT Credit FUNCTIONS / OPERATING PLANS Marketing / Store Merchandising Human Resources Legal Finance Real Estate / Construction Merchandising / Divisions UTH Advisors 2008 24

Proposed SOAR Calendar Strategic Planning Operating Plan February March April May June July August September October November December Key Meetings & Events Off-site to finalize plans Set strategic guidance/ Metrics ELT Game Changers SOAR current year Initiative update Progress Review Progress Review SOAR I Strategy Reviews SOAR I Decisions SOAR II Operating Reviews Divisional Reviews Capital & G&A Decisions 06 Plan locked Process Teams designated SOAR I Kick-off Strategic Planning Final Plans Due Targets & guidance set for teams Space Planning Prework Interdepartmental reviews Executive Team SOAR Activity SOAR II Kick-off Merchandising & UTH Advisors 2008 Divisional working 25 sessions

ERM Is Culture Not Process ERM processes are just another set of controls unless you get cultural change ENRON! Efficient vs Effective Efficient---Doing Things Right Effective----Doing The Right Things Efficiently Culture of Effectiveness will improve achievement of Business Goals ERM Supports/Drives this culture This is ERM S Value Proposition UTH Advisors 2008 26

Q & A David K. Whatley UTH Advisors 404-217-5720 dkw02@bellsouth.net

2008 Enterprise Risk Management Symposium Practical Implementation Issues Grover Edie 1

Implementing Enterprise Risk Management At an Insurance Subsidiary of a Financial Services Organization 2

From the Session Description As a firm begins to implement an ERM program, how can it prevent the firm s internal inertia from killing the program in the cradle? Why implement ERM? What is the purpose, the vision, the payback? 3

Before You Start Your approach to ERM needs to match your organization s style Approach also needs to reflect what the organization knows about the elements of Risk Management You will likely have to learn a lot, and Educate others along the way 4

Tracks of Actions at Subsidiary Following the ERM lead set by Parent Establish a subsidiary ERM Committee Establish subsidiary policies for Operations Risk, Credit Risk, etc. Establish a Risk Adjusted Return on Assets Develop an education plan Begin an evaluation of risks as they relate to an insurance organization 5

ERM 2 Enterprise Risk Management Everyone a Risk Manager 6

A Company s Risk/Return by Operation Increasing rate of return Maximum return C F A B risk free return Risk threshold D E Increasing risk of venture 7

S A G E Expand new products, markets, territories beyond organic growth, including acquisitions Grow organic growth Accomplish the organization s goals Maintain operations Generate an appropriate profit Survival of the organization 8

Survival of the Organization Proper reinsurance (or insurance) Licensing issues Adequate capital Proper governance (Sar-Box, SEC, etc.) Business continuity, resumption, etc. Data backup, systems resumption, etc. Etc., etc. 9

Considerations in Determining What to Address Likelihood of adverse event Cost of adverse event Is someone already handling the risk? Cost and Effort needed to mitigate the risk How soon would the adverse event happen, if it did? What is management s appetite for risk? 10

Additional Considerations Leverage on what Parent has already done Get Subsidiary ERM activities to an acceptable level according to Parent s ERM standards Develop Insurance company specific standards for Subsidiary 11

Ins Sub of Financial Svcs Co. Parent company chooses the style Style meets its needs, but might not best meet yours, in some cases Generic risks seem to work fine they do the work, you just ride along with adjustments Risks specific to insurance companies might pose a problem 12

Ins Sub of Fin. Svcs Co. - Issues Insurance Fraud not the same as (internal) employee fraud Losses our business, not unexpected events Reinsurance an integral part of our operations Credit Risk reinsurance counterparty risk Market Risk asset/liability matching Balance sheet reserves significant risk 13

Enterprise Risks Parent ERM Risks Credit Market Operations Human Resources Information Technology Legal / Regulatory Business Continuity / Disaster Recovery Reputation Ins. Co. Specific Risks Credit counterparty (Reinsurers) Market Asset/Liability matching Underwriting Catastrophic Event Geographic concentration Loss Reserving Unearned Premium Reserving External Fraud Insureds / Providers Regulatory actions 14

Example Survey Questions Internal Management Risk Assessment Survey Is there a management oversight process in place to evaluate the effectiveness of controls over financial reporting, including clearly defined management accountability, and is consistent with regulatory requirements (e.g. Sarbanes-Oxley, FDICIA)? AM Best Supplemental Rating Questionnaire For insureds that purchased commercial property coverages, what percentage of those insureds purchased terrorism protection for the property coverages, either as a separate endorsement or already included in the policy? Annual Statement Interrogatories Does the reporting entity have established procedures for disclosure to its Board of Directors or trustees of any material interest or affliction on the part of any of its officers, directors, trustees, or responsible employees that is in conflict or is likely to conflict with the official duties of such person? 15

Conclusions 16

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback