Module 4

Question 1

Outline seven structural components of an ERM framework

Answer 1

1. corporate governance – to establish organisational processes and controls
2. line management – to integrate risk management into business processes
3. portfolio management – to aggregate risk exposures and identify diversification effects and concentrations of risk
4. risk transfer – to mitigate excessive risk exposures cost-effectively
5. risk analytics – to measure, analyse and report on risk
6. data and technology resources – to support the analytics and reporting
7. stakeholder management – to communicate and report on risk

The ERM framework’s success will be dependent on there being a positive risk culture.

Question 2

Define corporate governance (CG)

Answer 2

CG is the system whereby boards of directors, or governing bodies, are responsible for the governance of their organizations upon appointment by shareholders.

So, CG is the way the Board controls the organization and the processes it establishes so that it is run by the management in the best interests of the shareholders.

Question 3

Outline the responsibilities of the Board (9)

Answer 3

1. set the risk appetite
2. approve the risk strategy and/or risk policy of the organisation
3. monitor key risks by ensuring the implementation of a suitable RM framework and/or internal controls framework
4. ensure compliance with supervisory requirements
5. support a good risk culture
6. establish the organisational structure for ERM / define roles and responsibilities
7. ensure that risk personnel are fit and proper
8. review the outcomes of / lessons learnt from the RM process
9. ensure alignment of the interests of management with investors through appropriate remuneration packages

Question 4

Outline line management’s responsibilities within an ERM framework (4)

Answer 4

Line management’s responsibilities within an ERM framework:

1. day-to-day management of, and the reporting on all risks within the organisation
2. implement the ERM policies approved by the Board through setting up RM processes and integrating the risk information collected into business decisions
3. understand the risks being taken
4. understand the extent of own risk-taking powers

Question 5

State observable features of good corporate governance (7)

Answer 5

1. vigorous leadership is provided by the Board
2. employees have codes of honesty and fair dealing – managers leading by example
3. responsibilities and accountabilities for identification and management of risks are clear
4. every employee has a responsibility for identification of new and increased risks
5. managers are responsible for the identification and management of risks within their areas of responsibility
6. the Board has responsibility of a shortlist of the most serious strategic risks (identified from the central collation of all risks)
7. the Board self-assesses progress towards full ERM on an annual basis

Question 6

List the areas covered by the key principles of excellent corporate governance (7)

Answer 6

1. communication with stakeholders
2. Board independence
3. assessment of Board performance
4. Board remuneration
5. Board appointments
6. fairness
7. social responsibility

Question 7

Describe arrangements to ensure the independence of the Board

Answer 7

The Board should be at arms length from day-to-day management of the organization. Independence may be facilitated by the:
1. majority of the Board being independent Non-Executive Directors (NEDs)

2. key subcommittees comprising exclusively
   independent) :
   - eg audit, remuneration, appointments
3. Chief Executive Officer (CEO) not being chair:
   - or publish why and appoint lead director (to chair regular Board meetings where the CEO isn’t present)
4. Board meeting regularly without the CEO
5. NEDs meeting separately from Executives at least annually.

Question 8

Distinguish between an independent director and a Non-Executive Director (NED)

Answer 8

Independent = no interest (financial or otherwise) in the company.

NED = not employed in the day-to-day running of the company (but not necessarily independent, eg may have stock options).

Question 9

State the circumstances that may impair the independence of a Non-Executive Director (NED), according to the UK Corporate Governance Code (7)

Answer 9

1. is or has been an employee of the company within the last five years
2. has, or has had within the last three years, a material business relationship with the company, eg directly, partner, shareholder
3. has received or receives additional remuneration from the company apart from a director’s fee, participates in the company’s share option or a performance-related pay scheme, or is a member of the company’s pension scheme
4. has close family ties with any of the company’s advisers, directors or senior employees
5. holds cross-directorships or has significant links with other directors
6. represents a significant shareholder
7. has served on the board for more than nine years

Question 10

List the characteristics of a good Board-performance assessment process (6)

Answer 10

1. regular, eg annual
2. formal
3. at individual, subcommittee and full Board level
4. involves external / independent consultants (eg to avoid bias)
5. feedback of results fed into training
6. regular, independent development reviews and training for new Board appointees

Question 11

List the desirable characteristics of Board remuneration (4)

Answer 11

1. Directors should not be overly compensated, however, the remuneration should be enough to attract, retain and motivate, as well as reflecting the responsibility and risk of being a director.
2. Directors should be remunerated by reference to the organization’s performance against medium-to long-term (risk-management) objectives.
3. A reasonable proportion of each director’s remuneration should be in shares (exposing them to upside and downside risks and so aligning their interests with those of the shareholders).
4. Board remuneration (including share options and pension benefits) should be fully disclosed.

Question 12

List the key areas that should be covered by a risk subcommittee’s charter (6)

Answer 12

1. purpose – to oversee RM and provide challenge
2. responsibilities – eg to ensure a RM framework is in place, to ensure compliance with established RM policies
3. membership requirements – eg minimum proportion of NEDs, appropriate mix of knowledgeable Executives
4. meeting frequency
5. performance assessment criteria
6. resources available – eg which departments can/should be utilized, use of external consultants

Question 13

State the role of the audit subcommittee (3)

Answer 13

1. monitor the integrity of financial statements
2. monitor and review internal assurance functions such as financial control, risk management and internal audit
3. recommend, monitor and review the external auditor.

Question 14

Outline key recommendations of The Walker Review covering all financial institutions in the UK (5)

Answer 14

1. ‘comply or explain’ remains the best route to better CG practice
2. more ‘challenge’ in Board discussions is required – from improved mix of capabilities and experience on the Board, and greater time commitment from NEDs
3. the set up of a separate Board risk committee (CRO supported and with clear enterprise-wide authority and independence) to increase Board-level engagement with risk oversight
4. better engagement between fund managers (acting for their clients as beneficial owners) and the Boards of investee companies
5. Board remuneration committee’s remit should be extended to cover other senior influential employees, and this remuneration should be aligned with the medium-and longer-term risk appetite and strategy of the entity. The remuneration of these employees should be made publicly available on a ‘banded’ basis.

Question 15

Define risk culture

Answer 15

There is no single definition!

However possible descriptions include:

1. the company’s shared values, beliefs and behaviors (with regard to risk)
2. the attitude of ‘agents’ (eg employees) to business activities, especially risk management activities
3. ‘the way we do things around here’, including, the way judgments are exercised.

Risk culture may be used as a measure of whether ERM has been successfully integrated into the organisation.

Question 16

List what should be encouraged by an appropriate risk culture (7)

Answer 16

1. consultative leadership
2. participation in decision-making on risks
3. openness
4. accountability rather than blame
5. organisational learning
6. knowledge sharing
7. good internal communication

Question 17

Describe a supportive risk culture (10)

Answer 17

1. all staff involved in risk management
2. focus on positive employee behaviours with regard to risk, training
3. inclusion of risk and RM risk in job descriptions and performance management, link to remuneration
4. clearly defined responsibilities and accountabilities
5. good communication, including reporting to a central point
6. processes to escalate risks to the appropriate level of seniority
7. culture of openness and no-blame
8. the Board lead from the top by displaying appropriate risk behaviours
9. praise for good risk behaviours, eg report on success
10. evaluation and review of the risk culture, eg through surveys

Question 18

Outline how an organisation might change its risk culture (3)

Answer 18

1. from the top of the organisation (ie led by the Board and senior management)
2. on an incremental basis (eg through changes to performance management processes and remuneration)
3. as the profile of new recruits changes the views of the staff