Chapter 12: Governance functions and role of CRO Flashcards
CRO roles DIME PROMO TECCS
- Development and design of RMF
- Implementation and oversight of RMF
- Maintenance of RMF
- Establish and co-ordinate Leadership of ERM application
- Policy development and monitoring
- Reporting on risk – external and internal
- Oversee other areas of business w.r.t. risk management – challenge! (increase awareness of the risks and ensure they remain within risk tolerance levels)
- Models and data systems developed to monitor and manage risk
- Optimise risk portfolio
- Trends analysis of key risks and ERM approaches
- Educate and advise on risk management
- Capital allocation
- Culture risk management established
- Safeguard financial and reputational assets of company
What a CRO needs to establish in a company GRAVIT GO
- Gaps in skill, capability and experience in the risk team
- Reporting channels
- Alignment between risk and business management
- Value added by each part of the business – risk adjusted returns
- Integration of risk management into all parts of the business
- Tolerance of risk levels understood
- Governance structures is appropriate and robust
- Operating of model or risk management is appropriate
Role of the CRF MARCO GOM
- Monitoring of risk management
- Advise the board on risk
- Reporting focus point
- Compare risk profile with risk appetite
- Oversight and assessment of risk management in the business
- Guidance and education given to line management and employees on risk management
- Overall risks taken by business assessed
- Monitoring and audit
Considerations when integrating RMF with business GRAS
- Governance structures
- Risks faced by the business
- Autonomy of BUs in the current structure
- Size and nature of the business
The role of the compliance function LAMPI
- Legislation and regulation company should comply with
- Abuse of company information prevented
- Market conduct is properly done
- Provisions of compliance are met and documented by BUs
- Identify areas of non-compliance
Areas of line management that should contain risk management functions SPPDR
- Strategy
- Pricing
- Performance measurement
- Development of products
- Remuneration – should encourage appropriate risk taking
Skills risk managers should have RIP TC TICAL
- Relationship management
- Implementation management
- Project management
- Technical expertise
- Change management skills
- Tools and application of risk management known
- Interdependencies between risk and management
- Control cycle knowledge
- Advise and challenge
- Legislative knowledge
Embedding risk management in business strategy ATOM P DC
- Assessment and monitor key risks
- Tolerance level of key risks considered
- Objectives at risk
- Mitigation of risks
- Performance adjustment due to risk management
- Decision-making influenced by risk management
- Champions of risk management to ensure its integration
Features of good risk controls to build into business SET FAT
- Simple
- Economical
- Timely response and changes
- Flexible
- Appropriate to size and nature of the risk
- Trigger an action
An organizational structure to ensure successful ERM is executed GRIL
Governance - SPOOR CAPS
RMF - MARCO GOM, RIP TC
Integration - ATOM PDC
Lines of defense - LAMB
Relationships between lines of defense POP
Partnership model
Offence versus defense
Policing
Partnership model PLICA
o Performance measures shared between risk and business
o Long-term benefit of RMF function recognised
o Integration of risk management staff in BU’s
o Client consultant relationship created
o Agency and independence of RMF ensured
Offence and defense DOIL
o Destructive relations
o Opposing objectives for risk and business
o Income maximising – business
o Loss minimizing
Policy and policing PROC FR
o Policed by risk, audit and compliance
o Rules create by risk
o Outdated policies
o Continuous monitoring required
o Friction due to lack of understanding between risk and business
o Remuneration of business should consider compliance to risk rules
