Chapter 7 - Risk Management Roles & Responsibilities

Question 1

Who is the overall management and direction of any organisation the responsibility of?

Answer 1

The board members - when become a member accept responsibilities and sets CLEAR OBJECTIVE FOR THE PEOPLE MANAGING the COMPANY

Question 2

What are the umbrella roles of directors & senior executives in risk management?

Answer 2

• Duty to shareholders
• Corporate governance
• Supervising risk management

Question 3

What does the Companies Act 2006 legislate? Is there a caveat?

Answer 3

Requires consideration of:
- Likely long-term consequences of decisions
- Interest of employees
- Foster relationships
- Impact of organisation on community & environment
- Acting fairly

= RISK MANAGEMENT NOT SPECIFICALLY MENTIONED BUT CERTAINLY IMPLIED

Question 4

Define corporate governance:

Answer 4

The way a board sets up its organisation to achieve its OBJECTIVES along with the systems put in place which MANAGE and CONTROL the organisation

Question 5

When was the UK Corporate Governance Code introduced, what does it cover for the board?

Answer 5

The VOLUNTARY code applies to business with a premium listing on the London Stock Exchange, whether incorporated in the UK or overseas. The version was introduced in 2018 for accounting periods beginning 1st of Jan 2019:
- Ensure resources are in place to meet company OBJECTIVES
- Establish PROCEDURES to MANAGE risk, oversee control framework
- Carry out ASSESSMENT of the company’s emerging and principle risks and confirm in annual report
-> Requires remuneration arrangements to ensure reputational and other risks from excessive rewards
- Can also DELEGATE some tasks

Question 6

What is an executive?

Answer 6

= Someone who has ADMINISTATIVE or SUPERVISORY authority in the organisation, usually members of the Board and include:
CEO
COO
Director of Finance & HR
CRO

Question 7

What is a non-executive director

Answer 7

Specialists in there field at running organisation which bring independent view to the decisions made by the board - not involved in day to day running, usually part-time and are there for THE PROTECTION OF SHAREHOLDERS

Question 8

When should the board delegate decisions to others?

Answer 8

All depends on the business, sometimes board makes all decisions whereas in others, simply rubber stamp for executive recommendations. Usually: board makes very major decisions, bulk of main decisions to executive officers

Question 9

How does the board supervise risk management?

Answer 9

1. Appoints a risk subcommittee
2. CRO (Chief Risk Officer)

Question 10

Define and explain the purpose/role of the risk subcommittee?

Answer 10

= Board selects individuals with approporiate risk backgrounds from executives & own members - DELEGATES risk ASSESSMENT and SUPRVERSION responsibilities to the subcomittee

Question 11

What does the risk subcommitee?

Answer 11

• Sets policies and manages risk decisions
• Keep board informed of all activities and seek approval where required
• Ensures compliance with appropriate legislation and regulation relating to risk management
• Publishing the risk management philosophy of an organisation
• Implementing risk policies
• Monitor and set up risk systems
• Specify risk apetite

Question 12

What is a chief risk officer (CRO)

Answer 12

The head of the enterprise risk management group function - as regulation increases, companies seek to cope with regulatory pressure and appoint a CRO. CRO is INDEPENDENT and will follow on judgement, untainted by ‘groupthink’

Question 13

What is a risk manager?

Answer 13

= Job Titles vary as no set definition, organisations use term in different ways sometimes describing and individual role or context in part of another role

Question 14

What is the hierarchy of risk management roles & job related titles?

Answer 14

1. Leadership (CRO, Director of Risk Management) - Works with governing body and senior execs, large influence of appetite for risk taking and decides shape of risk managerial roles
2. Expert (Head of Risk Management, Risk Management Exec) - Develops & manages the policies and procedures set by board, monitors and reports on the organisation
3. Support (Risk Analyst, Risk Management Officer, H&S Officer) - Focus on individual components of the RM process

Question 15

A risk manager may have Board status, or be middle management or less. The scope of the
task varies on what?

Answer 15

Whether organisation is global, international or national & public or private & if operates in service or manufacturing sectors

Question 16

Explain what is meant by Group Risk Management & when it might be required.

Answer 16

= Large organisations may need extra layer of management supervision as different divisions or geography of the business. - may need a distinct team of people at the centre

Question 17

Describe some roles & responsibilities of the risk manager and risk team

Answer 17

= Effectively whole risk management process e.g – Drafting risk policy
- Writing risk appetite & tolerance statement
- Raising risk awareness in the organisation
- Help identify risk trends
- Identifying, anal and eval risks in designated area
- Maintaining risk register
etc etc.

Question 18

What 3 sectors has much of the development of risk management originated in?

Answer 18

• Insurance Industry
• Workplace h&S
• Financial risks of businesses

Question 19

As risk management has developed what are some specialist areas which have appeared? - Explain the following areas of specialist risk management
1. Insurance (3 Examples)
2. Healthcare
3. Operational
4. Energy
5. Cyber

Answer 19

1. Treatment of insurance risks e.g. limit of financial exposures, underwriting authority and geographical exposures
2. Patient care
3. Operational risks with the business (usually finance)
4. Future energy risks e.g. price and exploration
5. IT security

Question 20

Explain the role of the operational team in risk management, what is a realistic aim? What model is often adopted to ensure this?

Answer 20

= Operations is heart of the organisation - realistic aim is that ops managers, supervisors & employees should automatically thinking about risk.

How? Ensure operational colleagues are connected to risk management effort ensuring board, senior management, risk specialists, auditors & ops colleagues work together so adopt 3 LINES OF DEFENCE MODEL

Question 21

What are the 3 lines of the 3-line of defence model?

Answer 21

1. functions that own & manage risk - formed by staff and managers responsible for identifying and managing risk for objectives
2. Functions that oversee or specialise in compliance - frameworks, tools & techniques to support risk compliance managed at first line
3. Functions that provide assurance - Internal audit

Question 22

How does the risk team pass on their expertise?

Answer 22

= Education - training courses, risk workshops, newsletters, campaigns and computer based training

Question 23

What is the difference between operational colleagues & risk team in relation to risk?

Answer 23

operation colleagues experts in the organisation and have appreciation for risk but risk team have deeper and broader knowledge of risk and management

Question 24

Reinforce: what is ERM?

Answer 24

= important element of corporate governance where risk management is embedded throughout an organisation and not kept as domain of specialist risks

Question 25

What is the difference between a centralised & de-centralised approach to risk management?

Answer 25

Centralised apprach is where firms have large head office where ops are managed from centre and de-centralised is where firms head office is small & management and ops are assigned to subsidiary of divisional management

Question 26

What are some advantages and dis-adv of a centralised approach?

Answer 26

Adv:
- Company can build centre of excellence in risk management e.g. strategy and roll out
- Aggregate reporting and data analytics to support org

Dis-adv:
- Not the same detailed knowledge that each business will have of risks
- Can slow down decision making process

Question 27

What is a hybrid approach to the risk management structure?

Answer 27

= Largely decentralised structure with small strategic risk management team reporting to CRO and setting standards (often through a group risk policy)

Question 28

What is the role of audit and the two main types?

Answer 28

Role = provide independent assurance that the organisation’s risk management, governance and control and operating effectively

External - seperate professional orgs entirely independent and assure STAKEHOLDERS standards are correct

Internal - within organisation providing assurance to BOARD that approved systems are operating as intended

Question 29

Risk management is supported by a range of outsourced service providers that offer
specialist knowledge and services on a fee basis. One of which is loss adjusters and loss assessors, please provide a comparison relating to what they have in common, who employs, the service provided, who pays and do they need to be used?

Answer 29

= Both offer professional expertise in evaluating and negotiating insurance claims

Loss assessor = employed by POLICYHOLDER, evaluates & negotiates claim on behalf of them, paid by PH, dont have to be used

Loss adjustor = employed by INSURER, confirms circumstances of the claim, extent of damage and recommendation of payment, INSURER pays fee, PH MUST COOPERATE WITH loss adjustor BUT dont have to be used in all claims

Question 30

What are forensic specialists? What do they do, who are the employed by, are there new fields, if so what are they?

Answer 30

= Scientific & engineering expertise to IDENTIFY CAUSE OF LOSS OR DAMAGE, commissions by INSURER, lawyers, police and companies e.g. cause of fires.
1. Forensic accounting - review business records to identify problems e.g. financial irregularities pertaining to embezzlement, fraud
2. Digital forensics - identity fraud etc and growth of cyber crimes

Question 31

What do legal services provide in relation to risk management service providers?

Answer 31

= MAINLY CONCERNING INSURANCE, employed by insurer, broker or PH in matters of death, injury and property damage e.g. disputing coverage

Question 32

What do corporate governance specialists do?

Answer 32

Specialist risk governance advisors offering skills to advise board members, directors & committees on policies and procedures

Question 33

How do valuation and appraisal specialists assist in risk management?

Answer 33

Ensure realistic sums insured - judging reinstatement value, declared value and indemnity

Question 34

When disaster strikes, which 3 specialists assist in getting client back to normal?

Answer 34

1. BCM consultant - impact analysis, recovery strategies and maintaining plan
2. Emergency response consultant - comes in when something goes wrong and puts plans into action
3. Emergency property & restoration specialists - e.g. drying out and cleaning up floods

Question 35

What do risk management information software (RMIS) specialists do?

Answer 35

= Provide computing power to assist:
- Incident management -> record of all incidences & reports
- Insurance claims - all policy details, dates, costs etc.
- Exposure and asset management - record assets and levels of exposure and inform decisions to transfer risks
- Managing risk controls -

Question 36

In relation to risk analytics, what is the ‘big data’ problem? and how can risk analytics help in the risk management?

Answer 36

Refers to huge volumes of data becoming available to organisations everyday e,g records of everything: customer data, competitor data - VALUE AS MAKES CONNECTIONS AND PATTERNS

• Combines maths, stats, predictive modelling, computer porcesing to filter the large quantities of data

Question 37

What is the role of HSE in regulating?

Answer 37

• covers wide range of activities e.g. reviewing regulations, producing research & stats and guidance and tools

Question 38

What is the role of the UK Government, Foreign, Commonwealth & Development Office and Department for International trade in regulating risk management?

Answer 38

Provides geogrpahical & economic alanysis on overseas markets and guidance on potential risks e.g. human rights, bribery, corruption

Question 39

How does the PRA regulate risk managment?

Answer 39

= Supervises firms and steps in if not BEING RUN IN SAFE OR SOUND way

Question 40

What does the FCA do? What are is aims?

Answer 40

= Ensures financial industry RUN WITH INEGREITY
- Firms must provide appropriate products and services with CONSUMER BEST INTEREST AT HEART

Question 41

In what 2 ways is the FCA’s Consumer Duty relevant to risk management?

Answer 41

For consumers REDUCES risk with buying inappropriate insurance products
For insurer/broker introduces ADDITIONAL RISK OF NON-COMPLIANCE with regulations e.g. fines

Problem = firms presenting information making it hard for customers to make informed decisions

Solution = ending hidden charges, make it easy to switch products, clear and accessible consumer support and making sure information is clear and timely

From end of July 2023 applies to all new products and services and all existing products for renewal

Question 42

How does the CII Code of Ethics assist in the regulation of risk manahement?

Answer 42

The CII publication ‘Financially Inclusive Customer Outcomes: A companion to the CII Code
of Ethics’ summarises the key principles which insurance and personal finance professionals
should observe at each of the following four stages of their customer engagement process:
* Designing products and services.
* Marketing products and services.
* Engaging with customers for the first time.
* Servicing customers throughout the policy life cycle.

Question 43

What is a GRC structure?

Answer 43

Governance, risk and compliance = merge the structures & objectives by designing organisational structure which merges functions but remain independent

Question 44

What does analysis of corporate disasters reveal?

Answer 44

nearly all organisations suffering losses did not have embedded culture that emphasised risk management as an essential element of corporate governance or chose to avoid warnings

Question 45

What are the indicators risk management is truly embedded?

Answer 45

= Good practice in INMLEMENTING risk management processes - should DOCUMENT channels used, what records are established etc.
- Reviews - how effective procedures are
- Historical tests - see if worked
- New projects - ensure all risks are identified
- Looking for signs of ongoing awareness - embedded in handbooks and training Ing, news sheets and annual reports
- Benchmarking - testing international standards