Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ERM
Steven Sumner
Director, PricewaterhouseCoopers
I
PricewaterhouseCoopers
These institutions, comforted in the belief that the rating agencies had carefully
examined and modeled the risks in arriving at their rating of these securities
securities,
apparently saw little need to conduct their own due diligence, risk management,
modeling and valuation processes.
Bob Herz
Herz, FASB
Speech given September 2008: Lessons Learned, Relearned,
and Relearned Again from the Credit Crisis Accounting and Beyond
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Agenda
Section agenda
R
Recent
t llessons llearned
d
I
PricewaterhouseCoopers
and risks
Balance between risk appetite
& controls
Scenario modeling
quantitative information
Enforcement of controls
Wide range of risk measures
Unsuccessful Companies
Concentration of
exposures/aggregation
Pricing of liquidity and
contingent liquidity
Certain risk management
practices
Controls over risk management
g
of risk
Standards for what constitutes
risk transfer
Sr. mgmts role in
Section agenda
P C survey results
PwC
lt
PwCs
PwC
s Global ERM Survey 2008
S
Survey
participation:
ti i ti
S
Survey
output:
t t
questions
ti
53 Global Life and P&C
Customized self-assessment
I
PricewaterhouseCoopers
PwCs
PwC
s Insurance ERM Global Survey - 2008 www.pwc.com
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
PwCs
PwC
s Global ERM Survey 2008
ERM progress since 2004
Strong Progress
Setting of overall risk
appetite
Modeling capabilities
CRO role
Board & Management
g
priorities/oversight
Trend toward Board level
ERM committee structure
Portfolio view of risk
Limited Progress
Some Progress
Firm-wide understanding
of ERM
Linkage of risk appetite
with objectives
Linkage between risk
models
d l and
d strategic
t t i
planning
Consistent & well
understood
d t d policies
li i &
procedures
Timely reporting of risk to
Board & Sr.
Sr management
Risk mitigation & learning
Risk technology
availability
ERM roles,
responsibilities &
accountabilities
Business Unit alignment
with risk appetite &
tolerance
Ri k di
Risk
disclosures
l
Risk data or systems
strategies
Li i monitoring,
Limits
i i
enforcement & exception
approval
I
PricewaterhouseCoopers
Section agenda
ERM governance
ERM governance
I
PricewaterhouseCoopers
ERM governance
Governance
Risk Management
Compliance
I
PricewaterhouseCoopers
ERM governance
ERM governance
Validation/
re-assessment
re
assessment
Business mission
and strategy
Risk awareness/
Identification
Organisation
and people
Culture
Limits and
controls
Risk strategy
Risk assessment/
Response
Methodologies
& Models
Training
Value proposition
Operations
Systems
Communication
Risk appetite
Measurement
and Control
Data
Performance
measures
Reporting
Policies
Reporting
Reward
I
PricewaterhouseCoopers
ERM governance
Internal environment
Event identification
Risk assessment
Risk response
Control activities
Information and communication
Monitoring
I
PricewaterhouseCoopers
En
ntity-level
Division
Businesss Unit
Subsidiary
Objective setting
Business objectives
Integrated and scalable
Risk appetite and tolerance
Portfolio view of risk
Role clarity
g g
Common risk and control language
Process, risk, control libraries
Risk and Control Self
A
Assessment
t (RCSA)
Risk adjusted performance
management
g
Economic capital
Benchmarking
KRIs and reporting
Fiscal Year 2009
Slide 20
ERM governance
Strategize
Define
D
Develop
l
Deploy
Assign
Operate
C t l
Control
Report
Re-evaluate
Examine
Innovate
Act
Key Elements
Leadership, organizational
Alignment and accountabilities
Defined performance goals
and
risk tolerance
Work processes and controls
Monitoring of key risk
indicators
Management information
Rewards and incentives
I
PricewaterhouseCoopers
Section agenda
R l off th
Role
the CRO
Role of CRO
I
PricewaterhouseCoopers
Increased significance
g
of the CRO
The CRO is a p
position that has g
grown in both significance
g
and
stature in most organizations.
Yet current credit crisis has many investors and other external
stakeholders asking where was the oversight?
CROs help to:
- Bring business and risk management together
- Enable a portfolio view of risk
- Link planning, performance management, risk and capital
management
I
PricewaterhouseCoopers
Attributes of a g
good CRO
Holistic understanding of the firms strategies and core competencies
g of risk tolerance,, appetite
pp
and
Must be able to add clarityy around the setting
risk limits
Maintains an appropriate level of broad-based technical capabilities
(actuarial finance
(actuarial,
finance, economics
economics, underwriting
underwriting, capital markets
markets, etc
etc.)) and
market knowledge
Owns economic capital development and provides a level of independence
over the risk management process including how and when capital should
be deployed to the business units
Able to provide clear and accountable focus for the management of risk
Provides a monitoring and validation role that spans across the enterprise
and is not limited to traditional internal controls
Must maintain a direct reporting line (or at least direct access) to the CEO
and access to the BOD
I
PricewaterhouseCoopers
Attributes of a g
good CRO ((contd))
Must maintain a direct reporting line (or at least direct access) to the CEO
and access to the BOD
Effective at communicating and interacting with the Board/senior
management and external stakeholders including the ability to explain risk
issues in practical understandable business terminology and language
rather than technical concepts
Ability to provide coaching and advising the business in how to monitor and
manage risk within a standardized-wide approach
Ability to stretch the imagination on what could be possible in dealing with
abstract
b t t concepts
t and
d the
th courage to
t explore
l
new areas with
ith little
littl or no
direction
or precedence.
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Section Two
ERM O
Overview
i
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Industrys
Industry
s Ability to Attract Talent
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
I
PricewaterhouseCoopers
Insurer
Overall Risk Appetite
BU 1
BU 2
BU 3
BU 1
Appetite
BU 2
Appetite
BU 3
Appetite
Prod. 2
Prod. 3
Prod. 4
Prod. 5
Product Limits
I
PricewaterhouseCoopers
Risk Appetite
Turns the story into some numbers
To effectively drive risk management need to specify both:
- Severity
- Probability
ERM programs may have multiple defined risk appetites
- Capital (Ruin focus)
- Earnings (Volatility focus)
- Rating (May be driver of probability choice)
I
Permission to reprint or distribute any content from this presentation requires the prior written approval of Standard & Poors.
36.
PricewaterhouseCoopers
Risk Limits
Hard Limits or Soft Limits?
- Are they really limits if nothing happens when they are
exceeded?
Relative
R l ti or Ab
Absolute
l t Li
Limits
it
- Is business growth impacted by limit systems?
Add up to Overall
O
ll Risk
Ri k A
Appetite
i or llarger or smaller
ll value?
l ?
- Take into account diversification?
- Provide for tactical opportunities
Allocation process
Enforcement
I
37.
PricewaterhouseCoopers
I
38.
PricewaterhouseCoopers
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
returns
Risk transfer strategies
Linkage of planning and risk strategy
Linkages to product pricing
Performance management
Capital management
I
PricewaterhouseCoopers
Excess Capital
Assets available
for required
capital
Economic Capital
Assets covering
liabilities
Liabilities
I
PricewaterhouseCoopers
C
Capturing
i Ri
Risk
k
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Operational Risk
Traditional Operational Risk Management - Separate Silo
Ri k M
Risk
Managementt ffor:
IT Risks
HR Ri
Risks
k
Regulatory & Compliance Risks
Fraud
F d Risk
Ri k
Internal Controls
Reputation Risk
Business Continuity
Distribution Risks
Outsourcing/Vendor Risk
I
47.
PricewaterhouseCoopers
I
48.
PricewaterhouseCoopers
Operational Risk
Survey Results: Key Trends
<10% recognize operational risk management as a
competitive advantage
Integration of Operational risk into the broader ERM policies
and assessments and monitoring are at a limited stage
- < 1/3 have formalized monitoring and reporting processes
to support ERM functions
- <15%
15% capable
bl tto obtain
bt i O
Operational
ti
l risk
i k managementt d
data
t
- low level of comfort on data integrity
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
S ti f ti With Operational
Satisfaction
O
ti
l Risk
Ri k M
Managementt
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
P i it IT Capabilities
Priority
C
biliti
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
I
PricewaterhouseCoopers
D t Strategy
Data
St t
Rating
R ti
I
PricewaterhouseCoopers
R ti D
Rating
Data
t M
Managementt E
Expenditures
dit
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
procedures,, including:
p
g
Risk rating policies;
Exposure measurement policies;
Risk
Ri k lilimit
it policies;
li i
Monitoring and review policies;
Risk transfer policies;
Management and board reporting policies.
Overall risk policies
p
I
PricewaterhouseCoopers
Limits and
controls
Methodologies
& Models
Systems
Data
Policies
Reporting
exposures
Limit exception reporting
Risk dashboards
Board reporting, including enterprise view on aggregate losses,
ERM
ERM O
Overview
i
An
A Illustrative
Ill t ti F
Frameworkk
Environment
Infrastructure
Process
Strategy
Validation/
re-assessment
re
assessment
Business mission
and strategy
Risk awareness/
Identification
Organisation
and people
Culture
Limits and
controls
Risk strategy
Risk assessment/
Response
Methodologies
& Models
Training
Value proposition
Operations
Systems
Communication
Risk appetite
Measurement
and Control
Data
Performance
measures
Reporting
Policies
Reporting
Reward
I
PricewaterhouseCoopers
Section agenda
Cl i th
Closing
the gaps
Current
Program structured solely to respond
Risk culture
Risk assessment
Risk measurement
Risk aggregation
I
PricewaterhouseCoopers
purpose
Frequent
q
validation
ERM enabled systems, data
Active assessment of aggregation and
correlation
Reactive risk management
Targeted
g
risk appetite
Capital allocation
Establish targets and limits
Monitor limit breaches
Fiscal Year 2009
Slide 66
I
PricewaterhouseCoopers
Questions
I
PricewaterhouseCoopers