Meeting the Challenges of Enterprise Risk Management


Published on

Presented by Kevin King, Executive Vice President and Head of Risk Management, Hong Kong Exchanges and Clearing Limited at the Premier Business Leadership Series 2010. http:://

Through its ownership of the Hong Kong Stock Exchange, Hong Kong Futures Exchange and their associated clearing houses, Hong Kong Exchanges and Clearing Ltd. brings together the market organisations that have transformed Hong Kong's financial services industry from a domestically focused market to a central marketplace in Asia. King is in charge of implementing an enterprise risk management framework to protect investment funds from all over the world. He will discuss the comforts and hidden dangers of corporate silos and the never-ending process of enhancing management decision making.

Published in: Business
  • Be the first to comment

Meeting the Challenges of Enterprise Risk Management

  1. 1. The Premier Business Leadership Series Hong Kong 11 August 2010 “Meeting the Challenges of Enterprise Risk Management” Kevin King EVP Head of Risk Management Hong Kong Exchanges and Clearing Ltd.
  2. 2. Agenda Enterprise Risk Management (ERM) defined Key benefits The evolution of ERM and several leading models Key components Heat mapping as a tool for enhanced decision making The “D Risks” and how ERM helps to manage them Closing comments 2
  3. 3. Enterprise Risk Management The process whereby all material risks faced by an organization are identified, assessed and effectively managed within a coordinated and strategic framework. 3
  4. 4. Key Benefits of an Effective ERM Framework Provides a systematic way to identify all material risks. Enhances the ability to manage risks on an aggregate level. Reduces the risk of major risk events interfering with the priority objectives of the organization. Enables the organization to better manage emergent risks. Promotes greater operational efficiency. Contributes to informed decision making. 4
  5. 5. ERM Evolution and Related Key Publications A Risk Management Standard - Federation of European Risk Management Associations [largely based on AIRMIC/ALARM/IRM Risk Management Standard] Continued focus on ERM Specialty internal control, risk Guide - Society management and Risk Management Standard - ERM Integrated of Actuaries responsibilities AIRMIC/ALARM/IRM Framework - COSO 1990s - 2000 2001 2002 2003 2004 2005 2006 - 2008 Sarbanes Oxley AS/NZS 4360 Risk Act of 2002 Management Standard - ERM Assessment Framework - Standards Australia/ Standard & Poor's Standards New Zealand [for including the evaluation of ERM Overview of ERM - Casualty (revised version) into its corporate credit rating Actuarial Society process] [largely based on the AS/NZS 4360 Risk Management Standard] 5
  6. 6. The AIRMIC/ALARM/IRM Risk Management Standard (2002) The Organisation's Strategic Objectives Some personal views: Risk Assessment Emphasizes the Risk Analysis understanding of the Risk Identification external and internal Risk Description Risk Estimation drivers of key risks faced Modification by the organization. Risk Evaluation Formal Audit Stresses the importance of relating risk Risk Reporting management to the Threats& Opportunities strategic objectives of the firm. Decision Easy to understand the Risk Treatment risk management process but provides limited guidance on the Residual Risk Reporting implementation of each step. Monitoring Source for diagram: A Risk Management Standard published in 2002 by the Association of Insurance and Risk Managers (AIRMIC); ALARM, the Public Risk Management Association; and the Institute of Risk Management (IRM) 6
  7. 7. COSO ERM – Integrated Framework (2004) Internal Environment Some personal views: - Risk management philosophy It provides a a comprehensive - Risk appetite vision of ERM. Objective Setting - Objectives - Inventory of - Risk Emphasizes the need for - Units of opportunities tolerances understanding the internal Event Identification environment and the - Inventory of risks objectives of the organization. “Objective Risk Assessment setting” is one of the key steps - Inherent - Risk . - Residual of the risk management risks responses risks process and is a precondition d Risk Response to event identification. - Risk . responses Worth studying from a theoretical standpoint but falls Control Activities - Outputs short in terms of guidance on - Indicators how to apply the principals - Reports from a practical standpoint. Monitoring Source for diagram: Enterprise Risk Management – Integrated Framework: Application Techniques published in 2004 by the Committee of Sponsoring Organizations of the Treadway Commission) 7
  8. 8. The COSO Cube (The Committee of Sponsoring Organizations of the Treadway Commissions Source: 8
  9. 9. An alternative cubist perspective on ERM 9
  10. 10. The Australian/New Zealand Risk Management Standard AS/NZS 4360 (2004) ESTABLISH THE CONTEXT - - The Internal Context The External Context Some personal views - The Risk Management Context - Develop Criteria - Define the Structure Emphasizes the understanding of the IDENTIFY RISKS - What can happen? external and internal - When and where? - How and why? environment of the firm in COM UNICATE AND CONSULT which the objectives are ONITOR AND REVIEW ANALYSE RISKS pursued. Identify existing controls Determine Determine Offers a flexible approach consequences likelihood which in my view makes the Determine Level of Risk key stages of the risk EVALUATE RISKS management process M M - Compare against criteria - Set priorities relatively easy to No understand. Treat Risks Provides more detailed Yes guidance for TREAT RISKS - Identify options implementation across the - Assess options - Prepare and implement organization. treatment plans - Analyse and evaluate Source for diagram: The Australian/ New Zealand Risk Management Standard AS/NZS 4360 (2004) published in 2004 by Standards Australia and Standards New Zealand. 10
  11. 11. Key components of an effective ERM Framework Establish the risk context Establish the frame of reference for how risks will be evaluated through the process Design a risk register for capturing the key details Design risk reference tables for the key scoring and triggered action – Likelihood – Impact – Combined risk scoring / Heat mapping – Risk Acceptance (establishing triggers for mandatory actions) Risk Identification Workshop the resident experts and front line risk owners to identify all significant risks Define each risk Risk Assessment Score the likelihood & impact based on the risk context that has already been established Assess whether the risk level of each risk is to be accepted or not Risk Treatment Identify the appropriate options and design specific risk treatment plans with owners Higher level review and sign-off on approved risk treatment plans Risk Reporting & Monitoring Establish formal procedures and routines for reporting and monitoring of action plans Heat mapping of the most significant risks for stakeholder assessments and review 11
  12. 12. Heat Mapping as a Tool for Enhanced Decision Making 3X3 Impact Low Medium High -1 -2 -3 L High -3 R5 R1 i k e l Medium -2 R7 R3 R2 i h o o Low -1 R8 R9 R6 R4 d R10 5X5 Impact Negligible Minor Moderate High Extreme -1 -2 -3 -4 -5 Almost certain -5 L i k Likely -4 R5 R1 e l i Medium -3 R7 R3 R2 h o o Unlikely -2 R10 R8 R9 R6 d Rare -1 R4 12
  13. 13. The “D” Risks (particularly relevant to ERM) Deficient Expertise Risk Deliberation Risk (actually over-deliberation risk) Difficulty Risk Disastrous Risk (Catastrophic) Disconnect Risk (Silo and/or absence of ownership) Distraction Risk Don’t Dare to Say Risk 13
  14. 14. Closing comments “Risk is all about uncertainty or, more importantly, the effect of uncertainty on the achievement of objectives. The really successful organizations, work on understanding the uncertainty involved in achieving their objectives and ensuring they manage their risks so as to ensure a successful outcome.” - Kevin Knight, ISO “If you do not actively attack the risks, they will actively attack you.” -Tom Gib “Good Risk Management fosters vigilance in times of calm and instills discipline in times of crisis.” - Dr. Michael Ong 14
  15. 15. Thank you HKEx Corporate Website: HKExnews Website: 15