Unit 2 Flashcards
Risk management standards
A published guide for managing risk comprises a risk process and risk framework
3 RM standards
IRM 2002
COSO ERM
ISO 31000
Framework definition
Risk management context. Comprises the RASP -risk strategy, risk architecture and risk protocols and forms the risk context which helps drive the risk process.
IRM 2002-Risk management process
Orgs strategic objectives
|
Risk assessment
______ Risk analysis
______ Risk identification
______ Risk description
______ Risk estimation
__\ Risk evaluation
|
Risk reporting -threats and opportunities
|
Decision
|
Risk treatment
|
Residual risk reporting
|
Monitoring
Formal Audit around all
Modification around all
Risk management process - 3 steps
Identify risks (and opportunities)
Evaluate and prioritise the significant risks (and opportunities)
Manage the significant risks
COSO ERM cube
In order to implement a successful ERM initiative an organisation needs to implement all 8 components in relation to each of the 4 risks, in all parts of the organisation.
Front is process, top is org objectives, side is implementation of process-who in the entity
COSO ERM cube- 8 components
Internal Environment
Objective setting
Event identification
Risk Assessment
Risk response
Control activities
Information and Communication
Monitoring
COSO ERM -4 risks
Strategic
Operations
Reporting
Compliance
COSO ERM -parts of the organisation
Subsidiary
Business unit
Division
Entity
Risk framework = Risk context
Risk context is 3 layers of org which drive the risk process:
External environment
Internal environment
Risk Management context aka risk framework
Risk context comprises RASP
Risk Architecture, strategy, protocols
Risk architecture
Part of the framework which focuses on answering the question on responsibilities in the org in relation to risk management
Risk strategy
The agreed overriding purpose and aims of risk management in the organisation, which involves the publication of a risk policy document and the setting of risk appetite
Risk protocols
The set of tools, procedures and instructions that an organisation has for managing risk
ISO 31000 -overall
The standard provides a statement of risk management principles, as well as a description of the risk management framework and process. List of principles of risk management provided centred around the central purpose of risk management-creation and protection of value
ISO 31000 -8 principles
- Risk management integral part of all org activities
- Structured and comprehensive approach required
- Framework and process should be customised and proportionate
- Appropriate and timely involvement of stakeholders
- Risk management anticipates, detects, acknowledges and responds to changes
- Risk management considers limitations of available information
- Human and cultural factors influence all aspects of risk management
- Risk management is continuously improved through learning and experience
Steps in ISO 31000 -risk management process
Scope, context, criteria
|
Risk assessment-risk identification; risk analysis; risk evaluation
|
Risk treatment
|
Recording and reporting
|||
Around outside- Monitoring and Review
Communication and consultation
ISO 31000 -framework (steps to implement)
Initial component is ‘leadership and commitment’ by the board, followed by:
-integrating risk management
-design of the rm framework
- evaluation of framework
- improvement of framework
PIML
Plan; implement; measure; learn
Basel 3 and Solvency 2 -Pillar 1
Quantitative requirements-
Adresses capital adequacy which is the relationship between eligible capital and RWAs. It sets out ways in which RWAs can be calculated and what constitutes eligible capital in relation to credit, market and operational risks.
Capital adequacy-how to calculate to a one year horizon
Pillar 2
Governance
Qualitative requirements and supervisory review process. Requires banks to produce an Internal Capital Adequacy Assessment Process report which sets out their assessment of their overall capital adequacy in relation to risk profile and develop a strategy for maintaining/ achieving required capital levels. Reviewed and challenged by regulators.
Pillar 3
Disclosure
Transparency
Disclosure requirements in relation to risk management, risk exposures and capital management. Publish annually.
ISO 31000 -8 principles cont
First 5 relate to design and planning of the risk management initiative so could use PACED to summarise
2017 Components of ERM COSO
- Governance and culture
- Strategy and objective setting
- Performance
- Review and revision
- Information, communication and reporting
Solvency 2- 3 pillars
Pillar 1 - Quantitative requirements including level of capital that an insurer should hold -Solvency Capital Requirement (SCR) and absolute minimum floor level of capital below which Reg intervention
Pillar 2 - same as Basel but ORSA
Pillar 3 - solvency and financial condition report (public) and report to supervisors
COSO ERM -nature of management systems-scope and design components of mgt system
Context - organisation, stakeholder expectations, scope of mgt system
Support- resources, competence, awareness, communication and documentation
Leadership- commitment, policy, org roles and responsibilities
COSO ERM control and development components of management system
PIML. Plan, implement, measure, learn
Property and casualty insurance risks
Standard- credit, market, op risk
Insurance- underwriting, reserving, claims mgt, claims reserving
Life insurance risks
Longevity, mortality and morbidity, persistence, claims mgt, underwriting, product cycle, expenses
3 approaches by the Standards
‘Risk management’ - ISO 31000 and IRM standard
‘Internal control’ - COSO internal cube and FRC guidance
‘ Risk aware’ culture - CoCo framework