Ch. 4: Enterprise Risk Management Flashcards
Traditional Risk Management
- Risks Evaluated in a “silo” approach
- Loss Exposures are usually insurable, pure risks:
1. Personal Risks
2. Liability Risks
3. Peroperty Risks (direct risk)
4. Net Income Risks (indirect risks)
“silo” approach: risk is handled by different, specialized departments and information isn’t shared among eachother
Evolution of Traditional Risk Management
- In the 1950s, many companies began expanding their risk management programs to include speculative financial risks
Some organizations have now gone further in their risk management programs to consider all risks faced by the organization
Enterprise Risk Management
Strategic business disciplince that supports the achievement of an organization’s business objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an integrated risk portfolio
What does an ERM Program entail?
- considers all risks an organization faces accross the entire enterprise
- Holistic/Interconnected view of risk
- Typically headed by Chief Risk Officer (CRO) and used in large organizations
- Creates a “risk culture” within the organization in which everyone is responsible for identifying and managing risks
Types of Risk within an ERM?
- Hazard (Pure) Risks
- Operational Risks
- Financial Risks
- Strategic Risks
What is a Hazard Risk?
A Hazard Risk means traditional Risk Management types of risk: property, liability, etc.
-pure risks
“hazard risk” in ERM is different than “hazard” that we discussed in Ch.1
What risk management techniques are used to treat hazard risks?
- Insurance
- Noninsurance Transfer
- Retention
- Loss Prevention / Loss Reduction
Ex. New sprinkler system and non-combustible materials used at a production facility
What does Operational Risk entail?
risks arising from day-to-day business operations
Ex. Breakdown of an assembly line at a manufacturing plant
What are some broad examples of operational risks?
- Supply chain issues
- Manufacturing defects
- Customer Service
- Cybersecurity
- Employment practices
What does Financial Risk entail?
Financial risks arise from changing conditions within financial markets
Ex. Adverse Exchange Rate Change
What are some broad examples of financial risks?
- Commodity prices
- Interest rates
- Foreign Exchange Rates
“Commodity” refers to raw materials or primary agricultural products like gold, silver, oil & natural gas, and agricultural goods (wheat)
What does Strategic Risk entail?
Strategic Risk refers to uncertainty in regards to an organization’s goals and objectives, and the organization’s strength, weaknesses, opportunities, and threats (SWOT)
What are other risks faced in an ERM Program?
- Regulatory / Compliance Risks
- Reputational Risks
- Terrorism
- Climate Change
What are some tools used within ERM?
- Risk Management Information Systems (RMIS)
- Risk Score
- Risk Register
- Risk Map
What is a Risk Register?
A Risk Register shows: a specific risk, what category that risk is, what party/department is responsible for the risk, maximum possible loss, probable possible loss, and the risk scores if the risk were left untreated vs. treated
What is a Risk Map?
A Risk Map is a line graph plotting specific risks based on low, medium, and high severity and frequency
* Frequency is the x-axis
* Severity is the y-axis
High Frequency but Low Severity: N/A
Low Frequency and Low Severity: Demographic Change
Low Frequency but High Severity: Executive Wrongful Act
High Frequency and High Severity: Cyber Attack
What are some advantages of an ERM Program?
- Improved risk assesment
- Integrated response to the full range of risks
- Alignment with organization’s risk tolerance and its strategies
- Fewer operational surprises and losses
- Reduced earnings volatility
What are some Barriers to an ERM Program?
- Lack of commitment from company leadership
- Rigid organizational culture
- Disagreements between departments over responsibility
- Technological difficulties
- Lack of information sharing
Why should and organization use ERM?
By combining all risks into a single risk management program, the organization may be able to offset one risk against another, and reduce its overall risk
