Amper ERM Presentation to FEI


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Amper ERM Presentation to FEI

  1. 1. Enterprise Risk Management ‐ Building the Business Case Building the Business Case ‐ Practical Implementation Tips Thomas Mulhare Thomas Mulhare Partner in Charge,  Financial Services and Business Risk Advisory Services Jerry Ravi Senior Manager,  Business Risk Advisory Services February 2, 2010
  2. 2. ERM Defined: “… a process, effected by an entity's board of  directors, management and other personnel, applied  in strategy setting and across the enterprise,  i i d h i designed to identify potential events that may  affect the entity, and manage risks to be within its  affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance  regarding the achievement of entity objectives.” Source:  COSO Enterprise Risk Management – Integrated Framework.  2004. COSO. 2
  3. 3. SHAREHOLDER VALUE DECLINES SHAREHOLDER VALUE DECLINES Common means by which Shareholder Value is Destroyed: Common means by which Shareholder Value is Destroyed: Strategic and Business Operational Financial Compliance 5% 15% 20% 60% 3
  4. 4. What CFO's Think What CFO's Think 52% • have formalized risk management  program 42% • do historic comparisons to avoid risk 32% • set specific risk thresholds 29% • create risk adjusted forecasts and  plans Source: The Global CFO Study 2008 4
  5. 5. Why ERM is Important  Wh ERM i I t t ERM supports value creation by enabling  Underlying principles management to: Every entity exists to realize value for its  Deal effectively with potential future  stakeholders. events that create uncertainty. Value is created, preserved, or  Respond in a manner that  Respond in a manner that eroded by management  reduces the likelihood of  decisions in all activities, from  downside outcomes and  setting strategy to operating the  increases the upside. enterprise day‐to‐day. 5
  6. 6. ERM Principles ERM Principles Skilled project leaders who can  think “outside the box” Talented  Talented People Sharing &  Sharing & Effective  Knowledge  Process Transfer Willingness to cross  Effective process to identify  and  boundaries posed by  manage risks  information silos 6
  7. 7. ERM – What went wrong? ERM What went wrong? • Risks ere not f ll nderstood Risks were not fully understood • Management overrides • Compensation focused on short term • Not enough Board involvement • Inadequate communication Inadequate communication 7
  8. 8. Other Risk Drivers for ERM Implementation Other Risk Drivers for ERM Implementation 60% of senior executives “lack high confidence” that their  60% f i ti “l k hi h fid ” th t th i company’s risk management practices identify and manage all  FEI Study  potentially significant risks Requires audit committee charter to include reference to the  NYSE committee’s responsibility to “discuss risk assessment and risk  management” “It is the board’s responsibility to ensure that management has  instituted processes to identify major risks and has developed  NACD plans to deal with such risks.  BOARDS WILL BE HELD  ACCOUNTABLE 8
  9. 9. ERM Challenge – More Than Audit Committee ERM Challenge More Than Audit Committee • Defining & Managing Expectations – Board – Who on Board is responsible for all Risk – Audit Committee – Monitoring  – Executive Management – Key Sponsor of ERM Executive Management  Key Sponsor of ERM • Coordinating with Other Risk Monitoring  & Assurance Groups: – Compliance – Legal l – Safety/OSHA – Loss Prevention – External Audit • Risk Committee? 9
  10. 10. ERM: Breaking Down Silos ERM: Breaking Down Silos Financial  Information  Underwriting Reporting Technology Reinsurance Claims Regulatory New Products / Lines of Business Human Resources Policies & Procedures 10
  11. 11. What benefits come from ERM? What benefits come from ERM? Better  Better Make more  Make more Better  information  informed  communication about risks decisions Strengthen  Increased  Reduce earning  governance  accountability volatility practices ti More  Help to meet  Help to meet comprehensive  strategic goals Stress Test 11
  12. 12. Managing Risk = Better Performance i ik f Align corporate goals with: g p g Understanding the sources of risk and their relevant  performance metrics help manage: Strategies People Objectives Processes Risks Information Performance metrics Assets or technology 12
  13. 13. A Practical ERM Approach A Practical ERM Approach • The ERM Continuum • Key Implementation Factors – Setting Expectations – Indentifying your first steps – Build the “ERM Engine” – Creating the Process Build the “ERM Engine” Creating the Process – Risk Identification, Assessment and Analysis – Monitoring and Reporting Monitoring and Reporting • Success Factors • EXAMPLES: RISK ASSESSMENT & TOOLS EXAMPLES: RISK ASSESSMENT & TOOLS 13
  14. 14. Evolution of ERM Methodology Evolution of ERM Methodology ERM is not a “One Size Fits All”  ERM is not a  One Size Fits All approach.  The key is  to remember this  t b thi is a PROCESS! Strategic View ”A Strategic Tool” Integrated Risk Integrated Risk “Managing  Risks Better” Compliance 14
  15. 15. Setting Expectations S i E i • Executive endorsement • Direct reporting is critical • Leverage existing risk functions Leverage existing risk functions • Develop a risk mindset, starting at the Top • Difference between Compliance (SOX) and ERM 15
  16. 16. Identifying your First Steps Identifying your First Steps • Determine what’s right for your company Determine what s right for your company • Determine your risk philosophy – Survey risk culture via a  Risk Health Check Survey risk culture via a “Risk Health Check” – Consider organizational integrity and ethical values • Decide on roles and responsibilities p – Identify sponsors and owners (i.e., Board, Management,  Risk Officers, Internal Auditor) • Assess where your are on the ERM Continuum • Create a process 16
  17. 17. Example: Risk Health Check (Culture & Alignment) E l Ri k H lth Ch k (C lt & Ali t) • To what extent is the “culture” supportive of advancing an enterprise view  of risk management?   of risk management? • How has the significance of risk governance been communicated (i.e.,  regular communications and documentation)? • How comfortable are our people in discussing risk? Are they afraid to raise  f bl l d k h f d difficult issues? How quickly do they raise issues?  • Is risk management built into decisions about capital allocation,  acquisition, succession planning, and other strategic initiatives?  acquisition succession planning and other strategic initiatives? • Would you describe the organization’s approach to risk management as: – Reactive to risks that occur – P Proactive about risk possibilities i b ik ibili i • How might our compensation programs encourage inappropriate short‐ term risk taking? How can we change these programs to encourage risk‐ taking instead? What mechanisms exist to recover compensation when  taking instead? What mechanisms exist to recover compensation when excessive risk‐taking occurs? 17
  18. 18. Building the "ERM" Engine – Creating the Process  Building the "ERM" Engine Creating the Process Identify  objectives  Build Consensus  Build Consensus Identify ERM Task  Identify ERM Task (strategic, financial,  around the process Force operational, etc.) Define the  Review and  Identify / discuss  corporate risk  corporate risk leverage existing  leverage existing scope of process appetite documentation Kickoff initial  Continuously  planning  Monitor the  workshops with  workshops with Process  Ask  Process – “Ask process owners Questions” 18
  19. 19. Kickoff  the Process Kickoff the Process • Identify preliminary risk language and categories yp y g g g • Develop risk inventory questionnaires • Develop materials and hold education / risk Develop materials and hold education / risk  awareness session(s)  • Initiate/schedule interviews Initiate/schedule interviews • Identify questionnaire recipients at the business  units 19
  20. 20. Mid‐Market Pharmaceutical Company Sample Risk Management Categories Contract  Bio Technology Pharmaceutical Corporate Management Competition Dependency on CRO / Contract  Competition (Pipeline, Generics,  Debt Obligation Manufacturing for Products New, Existing) Viability ROI / Optimization of Resources / Optimization of Resources Planning Liquidity Customer Needs (Long‐Term  Product Approvals Pricing Capital Requirements / Financing focus) Profitability y Vendors / Suppliers (licensing  / pp ( g Shareholder Value Agreements) Dependency of 3rd Party Royalty  Commitments / Contingencies Contracts Expansion of existing Products (IP  p g ( Protection) Incident Reporting Product Recalls Regulation R l ti IT Systems Personnel / HR Business Development Vendor Management / Customer Management Quality Procedures / SOPs
  21. 21. Risk Identification Risk Identification • In general, there are three kinds of risks your  g y institution faces: • Risk you know of and are working on to resolve  (Low Concern) (Low Concern) • Risk you know of and are not yet working on to  resolve  (Medium Concern) eso e ( ed u o ce ) • Risks you are not yet aware of but will find out  via complaints, litigation, examiners and/or  media attention  (High Concern) di tt ti (Hi h C ) • Map risks to agreed upon categories 21
  22. 22. Risk Identification Tools Risk Identification Tools • Assessments – External:  works best for small to mid‐sized companies – Continuous Internal Assessment: Via Full Time Risk  Management Department – Internal Assessments: Via Compliance, Audit, or Risk Owners – Self Assessment Surveys:  people involved in processes know  them the best • L Leverage Existing Risk Related Assessments  (i.e., Internal  E i ti Ri k R l t d A t (i I t l Audits, SAS70s, Compliance Reviews, Regulatory Reports) • Conduct risk assessment interviews or brainstorming Conduct risk assessment interviews or brainstorming  workshops with key members of management 22
  23. 23. Risk Assessment • Compile all results of the risk identification process • Quantification of risk exposure • Options available: ‐ Accept = monitor ‐ Avoid = eliminate (get out of situation) ‐ Reduce = institute controls ‐ Share = partner with someone (e.g. insurance) • Link Risk Assessment to the Strategic Objectives  (Example attached) 23
  24. 24. Impact vs. Probability Impact vs Probability Sample:  Financial Institution p Medium Risk High Risk High Credit Risk Regulatory Violations and  g The Loaning Process Fines System Outages I M Share Mitigate & Control P Low Risk Medium Risk A C Asset Management  Customer Complaints p Turnover Fee Receivables T Trade Errors Accept Control Low PROBABILITY High 24
  25. 25. Risk Analysis Ri k A l i • Assess and prioritize risks Assess and prioritize risks  • Assess the maturity of risk management  strategies for the top risks strategies for the top risks • Deploy mitigation strategy • Develop action plan 25
  26. 26. Monitoring and Reporting Monitoring and Reporting • Establish accountability for risks y • Summarize a risk assessment report • Create risk dashboards for high level board reporting Create risk dashboards for high‐level board reporting – Leverage technology tools (screen shots attached) • Develop a continuous monitoring program l – Ensure updates are reflected (i.e., changes in systems or  processes) ) 26
  27. 27. Success Factors Success Factors • Be brutally honest with your self assessment y y • Select the right people and approach • g Encourage constructive feedback • Make it clear who owns the process • Risk management is everybody s job Risk management is everybody’s job • Learn from losses • View it as a  Process not a Project View it as a “Process”, not a “Project” 27
  28. 28. Context of the Risk Assessment Context of the Risk Assessment Objectives provide the context for  the risk assessment … the risk assessment … E l Obj ti Example Objectives Strategic Objectives  Increase market share by 10% over the  Strategy y next 3 years. Supporting Objectives Business Unit  Deploy new line of business in San  (Region,   Francisco by May 2010. Location)) Functional Objectives  Functional  Improve availability  and continuity of IT  (IT,  Accounting) core applications by June 2010. Risk Management Objectives Risk Specific  Maintain profitability (Pricing, loss  (Profitability) (Profitabilit ) experience, etc…) experience etc ) 28
  29. 29. Example: Risk Model Example: Risk Model Which areas of risk might be identified, analyzed, and prioritized in  an ERM program? p g Environmental Risks • Capital Availability • Liquidity • Regulatory, Political, and Legal • Financial Markets and Shareholder Relations Process Risks P Ri k • Operations Risk • Empowerment Risk • Information Processing / Technology Risk • Integrity Risk • Financial Risk Information for Decision Making • Operational Risk • Financial Risk 29 • Strategic Risk
  30. 30. EXAMPLE: Credit Administration/Loan Review Potential Significant Risks and Overall Risk Rating:  High ♦ Ability to achieve the business plan for targeted markets/customers/products   Strategic Risk High ♦ Standardization of credit administration guidelines Reputation Risk High ♦ Consumer and commercial loan approval and underwriting  process is highly visible to the customer  Compliance Risk Low ♦ Risk of lawsuits, fines and penalties related to non‐compliance with lending laws and regulations ♦ Credit risk is inherently high especially during the current downturn in the market  ♦ The number of large loans ($5‐15 million) has increased significantly during the past year ♦ Nine independent bank credit cultures Credit Risk Credit Risk High ♦ Risk in wire transfer and ACH continues to increase Ri k i i t f d ACH ti t i ♦ Lack of consolidated credit information for banks and non‐bank affiliates ♦ Consumer credit judgment may be inconsistent  ♦ Financial risk is inherently high in a loan origination process ‐ loans are interest rate sensitive ♦ The Federal Reserve has been decreasing interest rates over the past year ♦ g y p ACME is in a highly competitive market Financial Risk Fi i l Ri k High Hi h ♦ Future Basel Accord implications ♦ ACME does not have a standard ALLL methodology that all banks follow ♦ Inconsistent application of non‐accrual and charge‐off policies ♦ No formal training for loan officers on regulation changes ♦ No standard guidelines for credit policies and procedures for loan origination and approval process ♦ Some banks  have specialty loan areas that  perform loan operations functions  Some banks have specialty loan areas that perform loan operations functions ♦ Missing quality assessment review at loan origination for compliance with ACME credit documentation and  Operational Risk High approval policy ♦ Administration of participated loans is managed by the lead affiliate bank and not centrally managed.  The  experience levels of credit officers vary within the affiliates ♦ No standardization and centralized approval of law firms used for loan closings ♦ IT system not fully utilized or may lack data integrity due to lack of standard credit administration policies ♦ IT system is the common platform for loan processing Technology Risk ♦ IT system does not interface with non‐bank subsidiary systems making it difficult to compile consolidated loan  Moderate information  ♦ Lack of a front end system to process consumer applications that enforces ACME’s credit policies Human Resources  ♦ In the event additional employees are needed or turnover occurs, ACME may have difficulty identifying an  I th t dditi l l d d t ACME h diffi lt id tif i Moderate employee internally or recruiting a candidate in a highly competitive job market  Risk Financial Impact High ♦ Combined loan portfolio is approximately $3.6 billion Risk Direction  ♦ Credit risk increasing as a result of current market conditions 30 Increasing Indicator
  31. 31. Risk Framework Tool  ALINE GRC: Risk Framework Tool – ALINE GRC: Accountability, Measurement, and Impact y, , p 31
  32. 32. Enterprise Risk Heat Map Enterprise Risk Heat Map 32
  33. 33. 33
  34. 34. Thomas M. Mulhare Jerry R. Ravi y Amper, Politziner & Mattia, LLP Amper, Politziner & Mattia, LLP Tel:   (732) 287‐1000 x 1281  Tel:  (732) 287‐1000 x 1294 Cell:  (908) 930‐1435 C ll (908) 930 1435 Cell: (732) 770‐3519 C ll (732) 770 3519 E‐mail: E‐mail: The material contained in this presentation is for general information and should not be acted upon  without prior professional consultation. 34