Module 8: ERM processes and structures Flashcards
What is the role of:
The second line of defence - the Chief Risk Officer, risk management team and the compliance team?
Accountable for establishing risk and compliance programmes programmes and policies, supporting and monitoring the line management and reporting to the Board.
What is the role of:
The third line of defence - the Board and audit function?
Accountable for effective governance of the risk management process, setting risk management strategy, approving policies and ensuring that ERM is effective.
What is the role of:
The first line of defence - line management staff in the business units?
Accountable for measuring and managing risk in individual business units on a daily basis (in line with the company’s stated risk appetite and risk policies).
What areas might business seek structural change to be more robust and flexible?
FINANCIAL AREAS
OPERATIONAL AREAS
- e.g. to achieve greater flexibility, a strategic decision might be made to increase the use of outsourcing, e.g. of customer services, IT, distribution, production, etc.
- to increase both robustness and flexibility, a strategic decision might be made to:
- — spread operations over various sites/countries
- — shift distribution channels
- — move away from grouping individuals into specialist teams and operating more using multi-discipline project teams
Companies should recognise the need to manage risk more effectively, for example: (2)
- using horizon scanning and early warning indicators - to identify new and emerging risks
- making structural changes - to make the company more robust and flexible
5 Parts of a risk control cycle
IDENTIFICATION
Defining and recording all risks in a consistent way
ASSESSMENT
Considering / quantifying risks in the context of the risk appetite.
MANAGEMENT
Ongoing treatment of the risks
MONITORING
Continuous recording, review and reporting of risks, losses and effectiveness of treatments + external audit
MODIFICATION
Alter approach as business and risk environment changes.
A company can use its knowledge of risk-adjusted returns to (5)
A good understanding of the risk / return profile of its business activities can help a company decide where its strengths lie and where it should compete.
In particular
- decide WHICH RISKS TO EMBRACE and which to mitigate
- decide which risky products and projects are undertaken
- determine the degree and type of RISK TRANSFER and hedging to use
- ALLOCATE CAPITAL efficiently
- manage its borrowing and GEARING RATIO
Three lines of defence
Risk management decisions are made by 3 key groups:
- line management staff in the business units and support functions
- the CRO and the risk management and compliance functions
- the Board of Directors and audit function