Module 31: ERM implementation Flashcards
4 Major processes to establish when implementing ERM
- Corporate governance
- Risk assessment and quantification
- Risk management
- Reporting and monitoring
When scoping an ERM implementation project, the key considerations are: (3)
- resourcing - internal vs external
- proportionality - to the risks and the size / sophistication of the business
- top-down and/or bottom-up
2 Key challenges in ERM implementation
- lack of risk awareness
- inappropriate risk culture
3 Typical benefits of implementation as risk capabilities mature are, in turn:
- loss reduction
- uncertainty management
- performance optimisation
4 Areas to consider when assessing the maturity of an ERM framework
- corporate governance (eg risk appetite definition)
- risk language and culture
- competencies and performance management
- RM processes and responsibilities
Outline the relevance of proportionality in the context of the implementation of an ERM framework
The IAA note highlights that the ERM framework appropriate to one organisation `will not be appropriate for a different organisation. One size does not fit all.
Outline the relevance of the Pareto rule in the context of the implementation of an ERM framework
In order to ensure ERM adds value, risk management activities need to feed through into action.
Decisions on which actions to take are taken based on the data, information and analysis provided to the organisation decision-makers (eg senior managers and ultimately the Board).
Lam points out that Pareto’s rule applies here. He suggests that 80% of the effort should be in the data collection, analysis and reporting, leaving 20% to be in the decision-making.
However, 80% of the value of ERM is a result of informed decision-making.
Outline 4 key questions (based on key building blocks) that a company should ask itself to ensure a successful ERM implementation.
- Governance structure and politics - who is responsible for risk oversight and critical RM decisions?
- Risk assessment and quantification - how (ex-ante) will they make these decisions?
- Risk management - what decisions will they make to optimise the risk/return profile of the organisation?
- Reporting and Monitoring - how (ex-post) will such decisions be monitored?
5 Types of controls aimed at limiting downside losses
Credit controls
To reduce the probability of default and maximise recovery.
Investment and liquidity policies
To minimise portfolio losses and ensure liquidity, perhaps by adopting lower-risk investment policies.
Other internal controls
To reduce the probability and severity of operational losses.
Audit processes
To ensure the finances of the company are in order.
Insurance coverage
To transfer risk to third parties.
3 Activities a business might undertake to optimise performance
- Active management of its credit risk portfolio
Pricing for risk and disaggregating (breaking down) its credit business into distinct activities. - Active management of its balance sheet.
Considering all assets and liabilities (not just the investment portfolio) with a view to optimising the risk / reward trade-off. - Re-engineering of processes to minimise operational risk and to better understand and reduce costs.
5 Successful strategies for improving risk awareness
- Set the tone from the top
It is critical that the CEO acts as a role model by displaying the desired behaviours. - Ask the right questions concerning “risk”:
- risk / return balance
- limits and other controls to minimise the downside risk
- systems
- knowledge - Establish a common risk taxonomy
A common language and risk classification structure ensures consistent measurement and facilitates aggregation when reporting. - Provide induction training and ongoing education.
- Link compensation to risk to reward desired behaviours.
5 Stages of Lam’s ERM maturity model
- definition and planning
- early development
- standard practice
- business integration
- business optimisation
5 Stages of Lam’s ERM maturity model
- definition and planning
This stage consists of organising resources to define and scope an ERM program.
Activities include:
- identifying internal and external requirements for the ERM programme
- obtaining Board and management support
- developing overall framework and plan
- appointing key personnel
5 Stages of Lam’s ERM maturity model
- early development
This stage consists of formalising roles and responsibilities, identifying risks and education.
Activities include:
- establishing ERM policies and risk functions
- identifying key risks
- co-ordinating risk and control processes across the functions
- educating and training (especially for the Board).
5 Stages of Lam’s ERM maturity model
- Standard practice
This stage consists of improving risk assessment capabilities and developing risk quantification processes.
Standard practice activities include:
- establishing risk databases for events and losses
- developing key risk indicators (KRIs)
- establishing risk models for market, credit and operational risks
- measuring risk-adjusted performance.