ERM Governance and Culture Flashcards
What is the first principle of governance and culture? What does that intel?
1) Exercise Board Risk Oversight
- Accountability and responsibility (Ensure that management is accountable and responsible for ERM)
- Independence (suggestions on how the board is going to be independent from management and the organization)
- Organizational bias
What is potential impairment to Exercise Board Risk Oversight?
- Substantial financial interest including substantial donation
- Employment in “executive capacity”
- Advises the board
- Material or contractual business relationship between organization and board member
- Personal relationship with key stakeholders
- Membership on a board with potential conflict of interest to this board
- Holding board position for an extended period of time
What is the second principle and what does that intel? What are the influences
2) Establishing Operating Structure
Influences on operating structure:
- Strategy, business objectives, and related risks
- Nature, size, and geographical distribution of the business
- Assignment of authority, accountability, and responsibility
- Reporting lines (direct vs secondary) and communication channels
- External reporting requirements (financial, tax, regulatory)
What are ERM structures for establishing operating structures?
1) Board-appointed risk committees
2) Complex organizations may have multiple risk committees
What is the one board approach to managing risk?
One board- management designs and implements practices to achieve strategy and objectives and the board oversees that
What is the dual board approach to managing risk?
Supversiroy board that focuses on long-term strategy and oversight
Management board that oversees daily operations
Risk management improves when…?
1) Delegates responsibility only as required to achieve objectives
2) identifies transactions that require review and approval
3) identifies and assess new and emerging risks
What are internal influences on operating structure (examples)?
- Management judgement
- The level of autonomy provided to employees, employee and management interactions
- Physical layout of the workplace
- Rewards, recognition, and compensation
What are external influences on operating structure include…?
Regulatory requirements
Customer and investor expectations
How do you define the desired culture?
- Organizational units may be more risk seeking or risk averse which impacts the desired culture of the organization
- may have a aggressive sales units that doesn’t really comply with regulatory compliance (Volswagon went around reg in order to boost sales)
A risk-aware culture may permit both approaches, where both are within risk tolerance and appetite
Risk adverse vs risk-seeking culture
*remember culture evolves over time (start-ups may be more risk-seeking and then become risk adverse)
Good judgement= Thoughtful, rational, decision from available information. One element of good judgement is bias- management is susceptible to bias
How does risk-adverse or risk-seeking entity impact resource allocation
Risk-averse- May allocate more resources to achieve objectives
Risk-Seeking- Less resources in pursuit of specific objectives
How do you demonstrate commitment to core value?
The communication of values within an organization = “Tone”
A risk-aware culture includes? (Number 4)
Strong leadership endorsement of risk awareness and tone
Participative management style that encourages risk discussions
Aligning risk awareness with behaviors and performance evaluation
Encouraging risk awareness across the entity
How do you attract, develop, and retain capable individuals?
Include:
- Establishing and evaluating competence
- Attract, develop, and retain individuals
- Rewarding performance:
- Consider potential ethical risks
- Consider non-monetary rewards
- Address pressure (including “excessive”)
