1. Enterprise Risk Management
and
Business Continuity
Rick Gorvett, FCAS, MAAA, ARM, FRM, Ph.D.
Actuarial Science Professor
Departments of Mathematics and Finance
University of Illinois at Urbana-Champaign
Crisis Management & Business Continuity Seminar
Bloomington, IL
October 10, 2003
2. Agenda
• About me
• A risky world
• Broadening our perspective
• Enterprise risk management (ERM)
– Evolution
– Current state
– Relationship to Business Continuity
• Conclusion
3. “Who am I? Why am I here?”
- Admiral James Stockdale, 1992
• Currently
– Professor, Depts. of Mathematics and Finance
– University of Illinois at Urbana-Champaign
• Prior
– Senior Vice President
– Director of Internal Audit & Risk Management
• Internal Audit
• Corporate Investigations
• Risk Management
• Enterprise Risk Management
• Business Continuity
4. A Risky World
And it just seems to be getting riskier!
• What’s getting riskier about our world?
• What isn’t ?
– Perhaps aspects of technology, medical care,…?
• Evidence of riskiness
– Catastrophic events in a more crowded world
with greater vulnerabilities
– Current events
– Books – e.g., Safe Food: Eating Wisely in a
Risky World
– Financial markets
5. Why Worry About
Interest Rate Risk? (cont.)
Monthly Change in U.S. T-Bill
(Annualized) Returns
Change in Annualized
4
Return (Percentage
2
Points)
0
-2
-4
-6
Month (Jan 1934 through June 2003)
Data per FRED II, St. Louis FRB, for 3-Month T-Bills, Secondary Market
6. Why Worry About
Interest Rate Risk? (cont.)
Historical Term Structure
U.S. Treasuries
18
16
14
Percentage Rate
12
3-month
10 1-year
8 5-year
10-year
6
4
2
0
1977 1983
Calendar Month (1977 to 1983)
Data per FRED II, St. Louis FRB
7. Why Worry About FX Risk?
Time Series of Annual Percentage Changes in Exchange Rates
Japanese Yen / U.S. Dollars
(Data per FRED, St. Louis FRB)
30.0%
20.0%
Percentage Change
10.0%
0.0%
-10.0%
-20.0%
-30.0%
1971 1975 1979 1983 1987 1991 1995 1999
Year
8. Steps in the
Risk Management Process
• Determine the corporation’s objectives
• Identify the risk exposures
• Quantify the exposures
• Assess the impact
• Examine alternative risk management tools
• Select appropriate risk management approach
• Implement and monitor program
9. The Bottom Line:
It All Boils Down to Capital
• “Capital”
– Assets less liabilities; owners’ equity; net worth
– Support for (riskiness of) operations
– Thus, supports profitability and solvency of firm
• “Capital Management”
– Determine need for and adequacy of capital
– Plans for increasing or releasing capital
– Strategy for efficient use of capital
10. Why Do We Care About
Managing Capital?
• Leads to solvency and profitability
• Benefits of solidity and profitability
– Higher company value
– Happy claimholders
– Better ratings
– Less unfavorable regulatory treatment
– Ability to price products competitively
– Customer loyalty
– Potentially lower costs
11. The “Problem” With Capital
• A certain amount of capital is needed in order to
promote solvency
– Thus, we need to be able to raise capital
• But.... If there is too much capital, profitability
(as measured by return on equity) will suffer
– Thus, we need to be able to efficiently deploy capital
12. What Does Capital
Management Entail?
Product
Raising Pricing Financial
Capital Risk Mgt.
Setting Capital Strategic
Objectives Management Planning
Risk Liability
Management Asset Valuation
Allocation
13. Financial Theory and
Capital Management
• Why bother to worry about financing or FRM
(or any risk management activity), in light of
the “capital structure irrelevance proposition”?
• Modigliani-Miller (1958): if financing does
matter, it must be because of one or more of:
– Tax effects – convex tax function
– Financial distress / bankruptcy costs
– Effects on future investment decisions
14. Capital Structure - Reality
• Modigliani-Miller Proposition: capital
structure decision is irrelevant to firm value,
under certain “friction-free” assumptions (e.g.,
no taxes)
• But: in reality, there are taxes
• There are also costs associated with financial
distress
• Different corporate situations may indeed lead
to different capital investment decisions
15. Impact of Financial Risk Management
on Cash Flow Volatility
Post-FRM
Likelihood
Pre-FRM
Cash Flow
16. Enterprise Risk Management
• Or “Enterprise Risk and Assurance
Management”
• What is ERM?
– Concerned with a broad financial and operating
perspective
– Recognizes interdependencies corporate,
financial, and environmental factors
– Strives to determine and implement an optimal
strategy to achieve the primary objective:
maximize the value of the firm
17. Goals of ERM
• Ensure business continuity
• Enhance opportunities for the company to
achieve its objectives
• Create and increase company value
• Make risk management more cost-efficient
• Stabilize earnings
18. Evolution of ERM
• Historically: “risk silo” mentality
• Mid-1990s:
– First “Chief Risk Officer”
– First use of ERM terminology
• Late-1990s:
– Risk-related regulatory requirements (e.g., Turnbull)
– Earnings protection insurance debuts
• 2001:
– September 11
– Corporate scandals
– Beginning of efforts to improve corporate
governance
19. Current State
• Findings from various surveys
– An acknowledged need to improve risk
management
– A recognition that a holistic approach is
appropriate and preferable
– ERM can improve overall capital management and
thus enhance corporate value and competitiveness
– A variety of approaches to improving risk
management
– There are still problems to overcome
20. A Paradigm Shift
Traditional Emerging
• Risks managed in silos • Centralized mgt., with
• Concentrates on exec-level coordination
physical hazards and • Integrated consideration
financial risks of all risks, firm-wide
• Insurance orientation • Opportunities for
• Ad hoc / one-off hedging, diversification
projects • Continuous and
embedded
21. Types of Risks
• Operational • Legal
– Hazard – Compliance
– Physical – Regulatory
• Strategic • Financial
– Capital / resource allocation – Capital markets
– Industry / competitors – Credit risks
• Technological – Taxes
– Databases • Human capital
– Security – Retention
– Confidential information – Training
• Stakeholder • Reputational
22. Issues in ERM Implementation
• Different corporate cultures require different
ERM approaches
• Who is going to be the ERM champion within
the company
– Among senior executives
– Among departments / functions
• How to embed a risk management culture and
responsibilities throughout the firm
23. Components of the ERM Process
• Determine corporate objectives
• Risk identification
Likelihood
– Goal: comprehensiveness
Impact
– E.g., self-assessment
• Risk measurement
– Volatility measures
Likelihood
– Value at Risk (VaR)
Size of loss
24. Components of ERM (cont.)
• Assessing the impact E.g.,
“dynamic
– Stress or scenario testing financial
– Stochastic simulation analysis”
• Examine and select alternative risk
management tools and techniques
– Traditional risk transfer
– Natural hedging / diversification
– Integration of risks
25. An Analytic Technique:
Dynamic Financial Analysis
• Dynamic
– Stochastic / variable – not fixed / static
– Reflects uncertainty
• Financial
– Integration of financial, operational, etc., factors
– Assets and liabilities
• Analysis
– “An examination of a complex, its elements and
their relations”
– Complex: “a whole made up of complicated or
interrelated parts”
26. Definition of “DFA”
“Dynamic Financial Analysis is the process by
which an actuary analyzes the financial condition of
an insurance enterprise. Financial condition refers to
the ability of the company’s capital and surplus to
adequately support the company’s future operations
through an unknown future environment.
:
The process of DFA involves testing a number of
adverse and favorable scenarios regarding an
insurance company’s operations. DFA assesses the
reaction of the company’s surplus to the various
selected scenarios.” -- CAS DFA Handbook
27. Key Ideas in this DFA Definition
• “Financial condition”
– Specifically, capital and surplus
• “Future operations”
– Going concern
• “Unknown future environment”
– Uncertainty / stochastic
• “Testing a number of.... scenarios”
– Analysis across different environments
• “Assesses the reaction of.... surplus”
– Analyze acceptability of results
28. Types of DFA
• Scenario testing
– Projects results under specific conditions
– Catastrophe, interest rate shift
– Used for cash flow or stress testing
– New York Life Insurance Regulation 126
• Stochastic simulation
– Models uncertainty components by distributions
– Uses randomly selected values to calculate a large
number of outcomes
– Evaluate risk by proportion of unacceptable
outcomes
29. Sample DFA Model Output
Distribution for SURPLUS /
Ending/I115
0.16
0.13
0.10
0.06
0.03
0.00
6.8 13.9 21.1 28.2 35.4 42.5 49.7
Values in Hundreds
30. Keys to Success in ERM
• Senior management commitment and
sponsorship
• Embed a “risk management culture” in the
corporation at the operational level
• Provide for accountability, both specific and
widespread
• Clearly defined responsibilities for
coordination and maintenance
• Adequate communication
31. Keys to Success in
Business Continuity Planning
• Senior management commitment and
sponsorship
• Provide for accountability, both specific and
widespread
• Clearly defined responsibilities for
coordination and maintenance
• Adequate communication
• Differentiate BCP from “technology disaster
recovery”
32. Conclusion
“The revolutionary idea that defines the
boundary between modern times and the past
is the mastery of risk”
- Peter Bernstein, Against the Gods