Enterprise Risk Management –Similarities & Differences betweenCorporates and Financial Institutions          Montreal - Ap...
Legal DisclaimerThe information contained in this document is provided for information purposes only  and in no way consti...
Your PanelPenny CaganManaging DirectorOperational Risk DivisionMichel Rochette, MBA, FSAAssistant Director ERMAnne Duprat,...
Linkages between CorporateGovernance and OperationalRisk in the Financial ServicesSector    A Higher Standard for Risk Pro...
Five Operational Risk ClassesPeople         The risk of a loss intentionally or unintentionally caused byRisk           an...
Corporate Governance    Board                                                       Board InterlinksIndependence          ...
Countrywide: Business               Practices• Countrywide came under criticism (NYT, 8/26/2007) for squeezing  every poss...
Countrywide: Business                   PracticesFormer sales exec: “The entire commission structure in both prime and sub...
Characteristics of Subprime                   Events•70 in Algo FIRST database (as of 3/24/2008)•$70 billion in losses•Lar...
Control Failings70 Subprime Cases from Algo FIRST database            A Higher Standard for Risk Professionals
Examining Linkages between                OpRisk & Corp. Gov.•   The largest accounting fraud events in the database (Enro...
Operational Risk Events with             Corporate Governance Breaches             (337 events)Source: FIRST database     ...
Operational Risk Events –             broken down by people risk categorySource: FIRST database                   A Higher...
Conclusions•   Conflict-of-interest at the executive and board level can serve as    indicators of an environment that is ...
Similarities & Differencesbetween Corporates andFinancial Institutions    A Higher Standard for Risk Professionals
Overall Similarities• Most companies believe that ERM can increase better decision  making.• Few have integrated into stra...
Support for ERM Objectives• Little more than half of the businesses we surveyed said that the  objectives of ERM are under...
Governance    Financial Institutions                                           Corporates• Risk Committee at the Board lev...
Risk Identification    Financial Institutions                                            Corporates• Risk Inventory is bro...
Risk Quantification/                  Assessment    Financial Institutions                                             Cor...
Risk Management    Financial Institutions                                            Corporates• Still siloed but less tha...
Risk Disclosure    Financial Institutions                                                 Corporates• Elaborate for financ...
Rating Agency Drivers:               Standards & Poors• Proposal to include ERM as part of the Credit Analysis decision.  ...
S & P’s ERM for the               Corporate Sector• Modeled after what is being done for the Financial Sector.• S & P is o...
S & P’s ERM: Components• Risk Governance and Culture:       • Roles/structure/accountability       • Communications: Inter...
S & P’s ERM: Components               (continued)• Emerging risks preparation:       • New and extremely rare events: Unex...
The evolution of risk and controlsFrom score-keeping to strategic partneringApril 2008ADVISORY
Questions to consider  How can we transform an expensive compliance  obligation into a real business advantage?  How can w...
Agenda  Survey demographics  The Risk and Controls Evolution  – executive summary  Main findings         © 2007 KPMG Inter...
Survey demographics     Geographical location                                                                             ...
Survey demographics                                                               Primary industry       © 2007 KPMG Inter...
Executive Summary  A variety of factors are changing the scope of risk and controls  Getting the structure right:  −   Coo...
A changing risk environmentInternal factors driving change             © 2007 KPMG International. KPMG International provi...
A changing risk environmentExternal factors driving change            © 2007 KPMG International. KPMG International provid...
Outsourcing – potential benefits and drawbacks        © 2007 KPMG International. KPMG International provides no client ser...
What are the major barriers to effective riskand controls management?        © 2007 KPMG International. KPMG International...
Innovation is one of the keys to efficiency        © 2007 KPMG International. KPMG International provides no client servic...
Changes needed for risk and controls tofunction more effectively        © 2007 KPMG International. KPMG International prov...
How confident are respondents that thesegoals can be achieved over the next 3 years?        © 2007 KPMG International. KPM...
A vision of the future“Controlling risk is where it starts, but going forward,risk management will also have a strong link...
How can this vision be achieved?                     More broad-ranging risk profiling                     Adopting a comb...
The information contained herein is of a general nature and is not intended to address the circumstances ofany particular ...
Enterprise Risk Management –Similarities & Differences betweenCorporates and Financial Institutions          Montreal - Ap...
PRMIA would like to thankour sponsors    A Higher Standard for Risk Professionals
PRMIA would like to thank  our panelistsPenny Cagan (penny.cagan@algorithmics.com)Managing DirectorOperational Risk Divisi...
Upcoming PRMIA and         Partner Events• An Overview of Credit Modelling and Management (IFM2) (More information can be ...
Upcoming SlideShare
Loading in...5
×

ERM: DIFFERENCES BETWEEN SECTORS

484

Published on

DIFFERENCES BETWEEN ERM PRACTICES BETWEEN THE FINANCIAL AND CORPORATE SECTORS

DIFFÉRENCES DES PRATIQUES ERM ENTRE LES SECTEURS FINANCIERS ET CORPORATIFS

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
484
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ERM: DIFFERENCES BETWEEN SECTORS

  1. 1. Enterprise Risk Management –Similarities & Differences betweenCorporates and Financial Institutions Montreal - April 9, 2008 A Higher Standard for Risk Professionals
  2. 2. Legal DisclaimerThe information contained in this document is provided for information purposes only and in no way constitutes an offer of services or a solicitation.Past performance is not indicative of future performance.We decline any responsibility with respect to direct or indirect damages or consequences of the inaccuracy of the information reproduced in this document, nor for any actions taken in reliance thereon.No information or data contained herein may be reproduced by any process whatsoever without written consent.Certain Statements that we make in this presentation are forward-looking statements. These forward-looking statements are based upon current assumptions and beliefs in light of the information currently available, but involve known and unknown risks and uncertainties. Our actual actions or results may differ materially from those discussed in the forward-looking statements and we undertake no obligation to publicly update any forward looking statement. A Higher Standard for Risk Professionals
  3. 3. Your PanelPenny CaganManaging DirectorOperational Risk DivisionMichel Rochette, MBA, FSAAssistant Director ERMAnne Duprat, CA, CFA, MBASenior Manager, Advisory ServicesRisk Management and Operations Improvement A Higher Standard for Risk Professionals
  4. 4. Linkages between CorporateGovernance and OperationalRisk in the Financial ServicesSector A Higher Standard for Risk Professionals
  5. 5. Five Operational Risk ClassesPeople The risk of a loss intentionally or unintentionally caused byRisk an employee— i.e. employee error, employee misdeeds— or involving employees, such as in the area of employment disputes.Process Risks related to the execution and maintenance ofRisk transactions, and the various aspects of running a business, including products and services.Relationship Losses arising from the relationship or contact that a firmRisk has with its clients, shareholders, third parties, or regulators.Technology The risk of loss caused by a piracy, theft, failure,Risk breakdown or other disruption in technology, data or information; also includes technology that fails to meet business needs.External The risk of loss due to damage to physical property orRisk assets from natural or non–natural causes. This category also includes the risk presented by actions of external parties, such as the perpetration of fraud from an outside source. A Higher Standard for Risk Professionals
  6. 6. Corporate Governance Board Board InterlinksIndependence Conflicts ofManagement Interest …. Compensation StructureRelated Party Self DealingTransactions A Higher Standard for Risk Professionals
  7. 7. Countrywide: Business Practices• Countrywide came under criticism (NYT, 8/26/2007) for squeezing every possible dollar from customers in fees (lending, servicing, closing)• Countrywide’s entire structure was predicated on earning higher than industry average fees• Sold subprime loans under alleged false pretenses: did not count all income sources which may have allowed qualification for standard loans• Sales staff were paid higher commissions for loans with lengthier than average prepayment terms and shorter presets• Higher commissions paid for mortgages that were sold in tangent with home equity loans• No compensation and no money down loans issued; loans extended to some with credit scores as low as 500 A Higher Standard for Risk Professionals
  8. 8. Countrywide: Business PracticesFormer sales exec: “The entire commission structure in both prime and subprime was designed to reward salespeople for pushing whatever programs Countrywide made the most money on in the secondary markets.”• Countrywide advertized that it was dedicated to getting the best loan possible• Countrywide’s reliance on securitization drove sales behavior• Subprime mortgages earned more in secondary markets, were more in demand from investors, and hence, sales execs were compensated to sell more of them• Securitization influenced lender’s risk culture because it seemingly “outsourced” credit risk; loans were be made with focus on volume rather than credit worthiness• However, with the outsourcing of credit risk, came increased operational, reputational and liquidity riskA class action suit has been filed by shareholders claiming that the lender “issued false and misleading statements…” A Higher Standard for Risk Professionals
  9. 9. Characteristics of Subprime Events•70 in Algo FIRST database (as of 3/24/2008)•$70 billion in losses•Largest loss: $18.4 billion Event Triggers Control and Contributory• Liquidity Risk • Market Risk Factors• Credit Risk • High Pressure • Undertook Excessive Risks Sales Tactics • Strategy Flaw• Suitability • Accounting • Lack of Internal Controls Fraud • Failure to Disclose• Breach of • Concealing • Failure to Supervise Fiduciary Losses/Problem • Inadequate Due Diligence Duties Assets Efforts A Higher Standard for Risk Professionals
  10. 10. Control Failings70 Subprime Cases from Algo FIRST database A Higher Standard for Risk Professionals
  11. 11. Examining Linkages between OpRisk & Corp. Gov.• The largest accounting fraud events in the database (Enron, Adelphia, Parmalat) display instances of related party transactions• The largest internal fraud events in the database include breakdowns of board level accounting oversight• The largest oprisk events in the FIRST database involve people risk and some sort of fraud – primarily accounting fraud• The majority of the largest losses in the database occur in the corporate center of the organization (senior management, board of directors) • Predictable given the access senior management has to decision making, information and policy Data Set: 322 OpRisk Events in FIRST database A Higher Standard for Risk Professionals
  12. 12. Operational Risk Events with Corporate Governance Breaches (337 events)Source: FIRST database A Higher Standard for Risk Professionals
  13. 13. Operational Risk Events – broken down by people risk categorySource: FIRST database A Higher Standard for Risk Professionals
  14. 14. Conclusions• Conflict-of-interest at the executive and board level can serve as indicators of an environment that is prone to experience operational risk events.• Conversely, operational risk events may indicate problems at the senior management and board level.• Decisions made at the top of the organization out of self interest can have a detrimental effect on all stakeholders• Related party transactions serve as red flags for the existence of conflict-of-interest• Senior management is responsible for establishing, maintaining and distilling corporate values A Higher Standard for Risk Professionals
  15. 15. Similarities & Differencesbetween Corporates andFinancial Institutions A Higher Standard for Risk Professionals
  16. 16. Overall Similarities• Most companies believe that ERM can increase better decision making.• Few have integrated into strategic planning/budgeting/risk- adjusted performance, in the day-to-day activities.• The majority of directors in both industries have a good understanding of their company’s risks.• In both industries, boards do understand the risk/return trade-offs of strategic decisions when Boards are presented the proper analysis.• Most established ERM are less than 2 years old but majority wants to implement within 2-3 years. A Higher Standard for Risk Professionals
  17. 17. Support for ERM Objectives• Little more than half of the businesses we surveyed said that the objectives of ERM are understood and supported “entirely” or “significantly” by the board of directors and senior management, this decreases to only one in four in middle management and only 4% of employees as a whole. A Higher Standard for Risk Professionals
  18. 18. Governance Financial Institutions Corporates• Risk Committee at the Board level • Audit committee is usually charged work in close collaboration with with the risk/ERM function in addition Audit Committee. More elaborated. to overseeing the audit function.• Board more educated about risk. • More reliance on top management to inform board.• CRO is usually charged with the • CFO is responsible for the ERM ERM function. program (50%) compared to the• Risk Appetite statements are more CRO (10%). often defined. • Risk Tolerance is usually the focus, when done.• More diverse frameworks: Regulatory/value creation like • Risk Framework: COSO / ISO/ SOX Aus/NZ Standards compared to more prevalent as drivers. COSO. • Executive compensation not linked to risk.• Risk better integrated with executive compensation. A Higher Standard for Risk Professionals
  19. 19. Risk Identification Financial Institutions Corporates• Risk Inventory is broader. • Risk Inventory is narrower.• Risk Importance: • Regulatory/ Strategic(1st) • Risk Importance: • Financial risk(2nd) • Strategic risk(1st) • Operational(3rd) • Operational risk (2nd): Supply chain risk/ pandemic/food safety/ P&C. • Financial (3rd) • Compliance(4th). SOX has done the job! A Higher Standard for Risk Professionals
  20. 20. Risk Quantification/ Assessment Financial Institutions Corporates• Based on internal models for some • More qualitative assessment risks: focusing on ranking only. - Traded portfolios: Var. - Credit Risk: Intensity Based & • Risk scales are qualitative: high/low. Credit migration models • Prioritization of risks is thus more - Operational risk: LDA qualitative, more based on gap-type - Based on market value impacts analysis. for others: - Strategic/reputation. • More emphasis on heat maps/ scorecards.• Correlation: often performed(EC) • Less analysis of unexpected events:• Prioritization of risks is a by-product Company killers! of the quantitative analysis. • Metric chosen: EBIT.• Analysis inform company of the potential of all risks: expected vs. unexpected.• Metric chosen: Value Metric A Higher Standard for Risk Professionals
  21. 21. Risk Management Financial Institutions Corporates• Still siloed but less than • Risk is still siloed and viewed to be corporations. Attempt to manage the domain of traditional risk direct/indirect impacts of risk: managers. • Reputation impact • Board members still believe that • Corporate social their companies don’t manage risks responsibility. very well. More reactive than • Social responsible proactive. investments guidelines. •Environmental guidelines. • Still try to control risk.• More portfolio views of ERM. • Less emphasis on cost/benefit analysis of implementing controls. • More emphasis on business continuity/crisis management. A Higher Standard for Risk Professionals
  22. 22. Risk Disclosure Financial Institutions Corporates• Elaborate for financial risks: • Still focus solely on SEC • Trading portfolios VARs. requirements for publicly held • Credit limits/Credit Var. companies. • ALM risks. • Communicate after the fact during a crisis• Still limited for: • Operational risk. • Reputation risk.• Basel II, Pillar III will improve on that. A Higher Standard for Risk Professionals
  23. 23. Rating Agency Drivers: Standards & Poors• Proposal to include ERM as part of the Credit Analysis decision. • Issued in the Fall of 07. • Comments were submitted until March 08. • Proposal to include ERM or not will be issued soon.• Describes an analysis approach to ERM from S & P’s perspective: components.• Describes a high-level scoring approach to ERM: Scoring approach.• Describes high level principles on how the ERM would be integrated with the credit rating approach: Ratings impact. A Higher Standard for Risk Professionals
  24. 24. S & P’s ERM for the Corporate Sector• Modeled after what is being done for the Financial Sector.• S & P is of the view that ERM can help companies anticipate/better manage risk on a forward looking approach: • Help reduce volatility of earnings → overall probability of default by the firm → overall credit rating.• Credit rating approach has 3 main components: • Business profile • Financial profile • Management profile: ERM would influence this component. A Higher Standard for Risk Professionals
  25. 25. S & P’s ERM: Components• Risk Governance and Culture: • Roles/structure/accountability • Communications: Internal/External • Looks for transparency of the ERM process. • Firm must look beyond just compliance. • Business units daily adherence to risk tolerance: Use Test of other regulatory criteria!• Risk Controls: • Identification/measuring/managing risks. • Proper implementation of risk controls. • Risk tolerance and risk limits consistency. A Higher Standard for Risk Professionals
  26. 26. S & P’s ERM: Components (continued)• Emerging risks preparation: • New and extremely rare events: Unexpected/Cat. • Wants to see firms have in place processes to deal: • Environmental scanning • Trend analysis • Stress testing • Contingency planning• Strategic risk management: • Incorporate risk into strategic decision making. • Must use a comprehensive measure of risk: enterprise value. • Will seek evidence of implementation in: • Strategic asset allocation, new products, M & A, compensation. A Higher Standard for Risk Professionals
  27. 27. The evolution of risk and controlsFrom score-keeping to strategic partneringApril 2008ADVISORY
  28. 28. Questions to consider How can we transform an expensive compliance obligation into a real business advantage? How can we deliver significant and quantifiable operational and financial value from the risk spend? How do we reconcile increased efficiency with increased risk and controls management? © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 1
  29. 29. Agenda Survey demographics The Risk and Controls Evolution – executive summary Main findings © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 2
  30. 30. Survey demographics Geographical location Global revenuesIntervieweesRaj Singh, Chief Risk Officer, Allianz Robert Brewer, SVP and Chief Compliance Officer, Office DepotMark Carawan, Internal Audit Director, Barclays Rob Kella, Chief Risk Officer, QantasIan Rushby, Group VP and General Auditor, British Petroleum Andreas Grunbichler, Group Chief Risk Officer, Zurich Financial ServicesThomas C. Wilson, Chief Insurance Risk Officer, ING Group © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 3
  31. 31. Survey demographics Primary industry © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 4
  32. 32. Executive Summary A variety of factors are changing the scope of risk and controls Getting the structure right: − Coordination is the key to success − Co-sourcing of internal audit is becoming more widespread as companies require specialized skills A limited awareness of risk remains a significant barrier Innovation points the way to greater effectiveness and efficiency Risk and controls management is no longer confined to “Keeping Score” © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 5
  33. 33. A changing risk environmentInternal factors driving change © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 6
  34. 34. A changing risk environmentExternal factors driving change © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 7
  35. 35. Outsourcing – potential benefits and drawbacks © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 8
  36. 36. What are the major barriers to effective riskand controls management? © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 9
  37. 37. Innovation is one of the keys to efficiency © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 10
  38. 38. Changes needed for risk and controls tofunction more effectively © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 11
  39. 39. How confident are respondents that thesegoals can be achieved over the next 3 years? © 2007 KPMG International. KPMG International provides no client services client is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. © 2007 KPMG International. KPMG International provides no and services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 12
  40. 40. A vision of the future“Controlling risk is where it starts, but going forward,risk management will also have a strong link intothe decision-making process and create newbusiness opportunities” Andreas Grunbichler Group Chief Risk Officer, Zurich Financial Services © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 13
  41. 41. How can this vision be achieved? More broad-ranging risk profiling Adopting a combined risk and assurance model Co-sourcing Using progressive tools Cultural change Developing a strategic, enterprise focus © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 14
  42. 42. The information contained herein is of a general nature and is not intended to address the circumstances ofany particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to beaccurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.The views and opinions expressed herein are those of the interviewees and do not necessarily represent the views and opinions of KPMG International or KPMG member firms.© 2007 KPMG International. KPMG International is a Swiss cooperative. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services.No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. © 2007 KPMG International. KPMG International provides no client services and is a Swiss cooperative with which the independent member firms of the KPMG network are affiliated. All rights reserved. 15
  43. 43. Enterprise Risk Management –Similarities & Differences betweenCorporates and Financial Institutions Montreal - April 9, 2008 A Higher Standard for Risk Professionals
  44. 44. PRMIA would like to thankour sponsors A Higher Standard for Risk Professionals
  45. 45. PRMIA would like to thank our panelistsPenny Cagan (penny.cagan@algorithmics.com)Managing DirectorOperational Risk DivisionMichel Rochette, MBA, FSA (Michel_Rochette@aon.com)Assistant Director ERMGlobal Risk ConsultingAnne Duprat, CA, CFA, MBA (aduprat@kpmg.ca)Senior Manager, Advisory ServicesRisk Management and Operations Improvement A Higher Standard for Risk Professionals
  46. 46. Upcoming PRMIA and Partner Events• An Overview of Credit Modelling and Management (IFM2) (More information can be found at http://www.ifm2.uqam.ca). April 10-11, 2008• Buy Side Risk Managers Roundtable May 27, 2008 A Higher Standard for Risk Professionals
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×