Governance in Enterprise Risk Management
Presented by Michael Lawrence
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Building trust means managing both the conditions and consequences of reputation risk. This presentation looks at how to integrate reputation management and reputation risk into the enterprise, across functions.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Governance in Enterprise Risk Management
Presented by Michael Lawrence
Monday 10th October 2016
APM North West branch and Risk SIG conference
Alderley Park, Macclesfield
Most organizations have multiple project going on concurrently. They need a framework that allows them to evaluate (and mitigate) project risk in a way that reflects the potential business impact of this portfolio of projects.
Deloitte’s risk management philosophy – Risk Intelligence (RI), focuses on maintaining the right balance between risk and reward. Asking the right questions and finding effective answers to them is critical to developing the right risk management capabilities. Most organizations already have a multitude of Enterprise Risk Management (ERM) practices and processes to address risks but the lack of a strategic view to an ERM program, can expose risk management gaps and redundancies and prevent sufficient insight into key risk interdependencies
Building trust means managing both the conditions and consequences of reputation risk. This presentation looks at how to integrate reputation management and reputation risk into the enterprise, across functions.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Since the onset of the global financial crisis in 2008, businesses around the world have faced a barrage of new risk-related challenges.
The macroeconomic environment of recent years, marked by the global financial crisis, fiscal uncertainty in the US and sovereign debt problems in Europe, has also helped to make companies more riskaverse, leading them to swap bold investment decisions for more cautious behaviour and cash hoarding. The tide is turning, however, with most expecting 2014 to mark a return to growth...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
This presentation reviews a recent emerging risks survey, including results and how they might be used. The presenter also discusses how an emerging risk strategy is being developed at an existing firm.
How often have you wondered, “what else can go wrong and how are all the risks interconnected?” Developing a risk governance program, a stress testing and scenario analysis program, as well as a risk appetite statement, can help you build an effective, proactive risk management strategy and enhance the risk culture of your institution.
RMA's Risk Appetite Workbook is a practical guide to understanding and developing a risk appetite statement that is appropriate for your bank. Also available are workbooks on Scenario Analysis & Stress Testing for Community Banks, and Governance & Policies.
Analyzing and managing reputational riskDawn Simpson
What is the financial impact of damage to your reputation or brand? How well are you protecting your reputation. Learn about the connection before Business Continuity, Security and IT for protecting your reputation.
What are the key components of holistic risk management? This report, sponsored by SAP, investigates the organisational measures companies must take to address the totality of the risks they face. Read more>> http://bit.ly/1LsYvUx
Five lines of assurance a new paradigm in internal audit & ermDr. Zar Rdj
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
• Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”)
• The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities.
• The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB.
• The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes.
Grant Thornton - Risk appetite: A market study UK 2012Grant Thornton
Grant Thornton's inaugural market study on risk appetite. The Risk Appetite study, the first of its kind, canvassed the views of 43 chief executive officers and managing directors from leading London insurers to define current maturity of practice, answering some of the common questions coming out of the market. Our intention is to conduct this study periodically; monitoring overall progress and trends across the market in relation to risk appetite.
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
Understanding your organization’s risks is the first step in developing an effective anti-corruption compliance program. But for many businesses, identifying and understanding their risks is a complex process, involving research, analysis and cooperation from all levels of the organization. Since every company needs a robust compliance program, an effective risk analysis is crucial. The consequences of getting this step wrong can be astronomical.
Join anti-corruption experts Marc Tassé and Patrice Poitevin, as they outline the steps and tools necessary to create a risk profile for your organization.
The webinar will cover:
Tools to help determine areas of risk
Factors to evaluate
The importance of due diligence once risks are identified
Continuous evaluation of your compliance program
How to achieve accountability and transparency
Since the onset of the global financial crisis in 2008, businesses around the world have faced a barrage of new risk-related challenges.
The macroeconomic environment of recent years, marked by the global financial crisis, fiscal uncertainty in the US and sovereign debt problems in Europe, has also helped to make companies more riskaverse, leading them to swap bold investment decisions for more cautious behaviour and cash hoarding. The tide is turning, however, with most expecting 2014 to mark a return to growth...
Risk Reimagined! Series- The Importance of People and Culture to Effective Ri...Resolver Inc.
Copyright notice: The following slides are intended for professional use within an organization for discussion purposes only. Any other uses or modifications are strictly prohibited.
Any organization is an assembly of people: people who take risk as they manage and direct the enterprise; people who decide how much risk is acceptable or even desirable; and provide oversight of the management of risk across the extended enterprise.
Organizational culture has been the topic of study for many years.
• “Culture is how organizations ‘do things’.” — Robbie Katanga
• “Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization.” — Richard Perrin
Richard Anderson and Norman Marks share their views on this complex subject. They cover:
• What is the difference between the “risk” culture and the “organizational” culture? How can it be analysed?
• Who takes risk, and who should be responsible for deciding how much risk to take?
• Is there such a thing as a single risk level?
• Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
• Is one person’s risk another’s opportunity?
• What about when the actions of one impact the success of another?
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
This presentation reviews a recent emerging risks survey, including results and how they might be used. The presenter also discusses how an emerging risk strategy is being developed at an existing firm.
How often have you wondered, “what else can go wrong and how are all the risks interconnected?” Developing a risk governance program, a stress testing and scenario analysis program, as well as a risk appetite statement, can help you build an effective, proactive risk management strategy and enhance the risk culture of your institution.
RMA's Risk Appetite Workbook is a practical guide to understanding and developing a risk appetite statement that is appropriate for your bank. Also available are workbooks on Scenario Analysis & Stress Testing for Community Banks, and Governance & Policies.
Analyzing and managing reputational riskDawn Simpson
What is the financial impact of damage to your reputation or brand? How well are you protecting your reputation. Learn about the connection before Business Continuity, Security and IT for protecting your reputation.
What are the key components of holistic risk management? This report, sponsored by SAP, investigates the organisational measures companies must take to address the totality of the risks they face. Read more>> http://bit.ly/1LsYvUx
This presentation provides a comprehensive plan for implementing an enterprise risk management program. It covers the costs/benefits of an ERM program, the critical knowledge, skills and abilities of a Chief Risk Officer, a risk taxonomy for insurance firms, a hypothetical organizational structure for an electric utility, a sample risk register, and other useful information.
Andrew Kakabadse, Paul Moore and Dominic Carter gave this presentation on a risk survey they conducted at Risk Minds, the world's largest risk management conference on 8th December 2009.
Findings include:
- executives to blame for financial crisis
- cultural problem at banks NOT a regulatory problem (the cost to benefit of risk taking is not weighted correctly;
- remuneration too high; culture does not encourage effective change management
- Executives should have a right to tell their side of the story though
- full report due in Jan 2010 so check back at http://www.kakabadse.com
Risk Monitoring and Management Trends In CommoditiesCTRM Center
Commodity producers, traders, and industrial consumers are all facing a barrage of risks such as price exposure and cyber vulnerability, as well as legal, credit, operational and market risks. The risks associated with buying, selling, and moving commodities only seem to be increasing exponentially with greater regulatory oversight and a broadening of supply chain operational issues like traceability. Many of these risks can be business killers – the actions of rogue traders or the impact of counterparty business failures, for example – and lead to fatal damage such as an inability to access capital or damage to brands (via issues around sourcing commodities or producing substandard end-products). Other risks, such as ineffective price risk management, inefficient scheduling of transportation, or regulatory non-compliance can erode profitability and damage the company’s ability to execute on strategic plans and growth initiatives.
Of course, often where there is risk, there is also an opportunity to profit - but only when those risks are recognized, effectively managed, and properly mitigated. The rise in stakeholder scrutiny and regulatory oversight also means that being able to demonstrate effective risk management across the organization is certainly more important today than ever before.
Proposition de la création d'un fond de capital de risque pour l'industrie to...Michel Rochette
Une proposition de recherche pour la création d'un fond de capital de risque pour l'industrie touristique au Québec. Ce document date de quelques années mais les idées seraient toujours pertinentes.
A research proposal to stude the creation of a capital risk fund for the Québec tourism industry. The document dates from a few years back but some of the ideas are still relevant.
Proposition d'une liste électorale informatiséeMichel Rochette
Une analyse que j'ai produite en 1995 à la suite d'un concours lancé par l'Institut Fraser. J'ai proposé et calculé les avantages pour l'État d'établir une liste électorale informatisée. C'est maintenant le cas au Canada.
An analysis that I produced in 1995 following a call for paper by the Fraser Institute. I proposed and calculate the advantages for a governement to establish a computerized electoral list. It is now the situation in Canada. Other countries should envision the same.
L'intérêt public: Étalon de la gouvernance étatiqueMichel Rochette
Un rapport dans le cadre de mes études doctorales sur la notion de l'intérêt public par rapport au rôle de l'État.
A report done as part of my doctoral studies on the notion of the "public interest" as used by the State. In French only.
Assurance-chômage au Canada: propositions de réformeMichel Rochette
Un rapport de recherche concernant des propositions de réforme au programme d'assurance-chômage au Canada. Le rapport date de quelques années mais les concepts sont toujours d'actualité.
Unemployment Insurance in Canada: proposals for reformMichel Rochette
A older public Policy research report on reforms to the Canadian Unemployment program as it used to be called/
Un rapport de recherche concernant un projet de réforme au programme d'assurance-chômage au Canada.
Operational and reputation risk: Essential components of ERM-MandarinMichel Rochette
An article on the Relationship of operational risk and reputational risk in madarin/
Un article sur la relation entre les risques opérationnels et réputationel en mandarin
A presentation on the proposed ERM risk evaluation standard by the US Actuarial Standards Board.
Présentation de la norme ERM du Actuarial Standards Board des USA
Specific ServPoints should be tailored for restaurants in all food service segments. Your ServPoints should be the centerpiece of brand delivery training (guest service) and align with your brand position and marketing initiatives, especially in high-labor-cost conditions.
408-784-7371
Foodservice Consulting + Design
The case study discusses the potential of drone delivery and the challenges that need to be addressed before it becomes widespread.
Key takeaways:
Drone delivery is in its early stages: Amazon's trial in the UK demonstrates the potential for faster deliveries, but it's still limited by regulations and technology.
Regulations are a major hurdle: Safety concerns around drone collisions with airplanes and people have led to restrictions on flight height and location.
Other challenges exist: Who will use drone delivery the most? Is it cost-effective compared to traditional delivery trucks?
Discussion questions:
Managerial challenges: Integrating drones requires planning for new infrastructure, training staff, and navigating regulations. There are also marketing and recruitment considerations specific to this technology.
External forces vary by country: Regulations, consumer acceptance, and infrastructure all differ between countries.
Demographics matter: Younger generations might be more receptive to drone delivery, while older populations might have concerns.
Stakeholders for Amazon: Customers, regulators, aviation authorities, and competitors are all stakeholders. Regulators likely hold the greatest influence as they determine the feasibility of drone delivery.
Comparing Stability and Sustainability in Agile SystemsRob Healy
Copy of the presentation given at XP2024 based on a research paper.
In this paper we explain wat overwork is and the physical and mental health risks associated with it.
We then explore how overwork relates to system stability and inventory.
Finally there is a call to action for Team Leads / Scrum Masters / Managers to measure and monitor excess work for individual teams.
Senior Project and Engineering Leader Jim Smith.pdfJim Smith
I am a Project and Engineering Leader with extensive experience as a Business Operations Leader, Technical Project Manager, Engineering Manager and Operations Experience for Domestic and International companies such as Electrolux, Carrier, and Deutz. I have developed new products using Stage Gate development/MS Project/JIRA, for the pro-duction of Medical Equipment, Large Commercial Refrigeration Systems, Appliances, HVAC, and Diesel engines.
My experience includes:
Managed customized engineered refrigeration system projects with high voltage power panels from quote to ship, coordinating actions between electrical engineering, mechanical design and application engineering, purchasing, production, test, quality assurance and field installation. Managed projects $25k to $1M per project; 4-8 per month. (Hussmann refrigeration)
Successfully developed the $15-20M yearly corporate capital strategy for manufacturing, with the Executive Team and key stakeholders. Created project scope and specifications, business case, ROI, managed project plans with key personnel for nine consumer product manufacturing and distribution sites; to support the company’s strategic sales plan.
Over 15 years of experience managing and developing cost improvement projects with key Stakeholders, site Manufacturing Engineers, Mechanical Engineers, Maintenance, and facility support personnel to optimize pro-duction operations, safety, EHS, and new product development. (BioLab, Deutz, Caire)
Experience working as a Technical Manager developing new products with chemical engineers and packaging engineers to enhance and reduce the cost of retail products. I have led the activities of multiple engineering groups with diverse backgrounds.
Great experience managing the product development of products which utilize complex electrical controls, high voltage power panels, product testing, and commissioning.
Created project scope, business case, ROI for multiple capital projects to support electrotechnical assembly and CPG goods. Identified project cost, risk, success criteria, and performed equipment qualifications. (Carrier, Electrolux, Biolab, Price, Hussmann)
Created detailed projects plans using MS Project, Gant charts in excel, and updated new product development in Jira for stakeholders and project team members including critical path.
Great knowledge of ISO9001, NFPA, OSHA regulations.
User level knowledge of MRP/SAP, MS Project, Powerpoint, Visio, Mastercontrol, JIRA, Power BI and Tableau.
I appreciate your consideration, and look forward to discussing this role with you, and how I can lead your company’s growth and profitability. I can be contacted via LinkedIn via phone or E Mail.
Jim Smith
678-993-7195
jimsmith30024@gmail.com
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
Public Speaking Tips to Help You Be A Strong Leader.pdfPinta Partners
In the realm of effective leadership, a multitude of skills come into play, but one stands out as both crucial and challenging: public speaking.
Public speaking transcends mere eloquence; it serves as the medium through which leaders articulate their vision, inspire action, and foster engagement. For leaders, refining public speaking skills is essential, elevating their ability to influence, persuade, and lead with resolute conviction. Here are some key tips to consider: https://joellandau.com/the-public-speaking-tips-to-help-you-be-a-stronger-leader/
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
1. Friday, May 11
8 – 9:30 a.m.
Session 60
Session Sponsor: Joint Risk Management
Emergence of the Chief Risk Officer
Moderator: Sim Segal, FSA, MAAA
Presenters: Robert G. Lautensack, Jr., FSA; Henry M. McMillan, FSA, MAAA; Michel Rochette, FSA
A chief risk officer and an industry expert will explain the function of the CRO and skill sets required to
serve in this capacity. What is the CRO’s responsibility and how does it fit within the organizational and
decision-making structure of the firm? How is CRO performance evaluated? The discussion will include an
examination of the value the actuarial skill set provides to those in, or being considered for, this role
You will learn for yourself what skills need to be acquired to sit in the “C” suite. Or, if you are a company
executive, understand better how this role can serve the needs of your firm.
Targeted Value Ladder Stage: Market
Coordinators: Anthony Dardis, FSA, FIA, MAAA; David T. Henderson, FSA, MAAA
2. Enterprise Risk Advisory, LLC
May 11 2007
Bob Lautensack
Henry McMillan
Michel Rochette
Sim Segal
Role of the CRO
3. Enterprise Risk Advisory, LLC 2
(1)Main Roles of a CRO:
CRO is NOT the Risk Manager of the Risk Managers!
Leader, facilitator, integrator, coordinator of risk rather than a
manager of risk.
Create a culture risk awareness within the organization.
Formally bring consideration of risk into the strategic decision
making.
Develop a center of excellence for managing risk using the skills
sets of individual risk managers.
Communicate to all stakeholders – internal and external – about
risk.
Bring the BIG PICTURE PERSPECTIVE!
4. Enterprise Risk Advisory, LLC 3
(1)Main Responsibilities of a CRO:
Develop, maintain, and update risk governance
framework:
Risk policies, risk appetite and risk limits.
Risk infrastructure, process and reporting.
Risk integration and links between risks.
Coordinate with business line:
Risk training
Risk assessment and action plans
Incorporate risk elements in performance metrics
Ensure lines of business have risk capacity both in
personnel and risk systems.
5. Enterprise Risk Advisory, LLC 4
(1)Main Responsibilities of a CRO:
Senior management:
Advice on risk issues in strategic decision making
Provide aggregated and detailed reports on risk in
line with risk appetite and limits
Keep management appraised of industry standards
Committees:
ALM, Credit, Operational, IT, Security
External Party liaison
New regulatory risk initiatives: Ex. NAIC Corporate
Governance for Risk Management Act.
6. Enterprise Risk Advisory, LLC 5
(1)Skills Required:
Some quantitative skills but not be a polymath: analytical,
understands the models and bright!
Excellent understanding of the supply value chains of your
organization: See the links between risks that the risk silos don’t
see!
Strategic and tactical thinker.
Ability to understand business issues.
Ability to compare risk and reward.
Leader/ educator in terms of promoting a risk culture.
Project manager of risk initiatives.
Ability to synthesize a lot of data and see trends and potential
impact on company.
Communication skills are a priority because a
CRO is a C-level Executive: written and oral.
7. Enterprise Risk Advisory, LLC 6
(1)Differences between Actuaries and CRO
Actuaries:
Emphasize high
quantitative skills
Specialize in a field:
Valuation, pricing, risk…
Risk field: focus on
measurement of risk
Communication with peers
Usually function with other
actuaries in actuarial
departments.
CROs:
An analytical background is
sufficient
Overall view of the
businesses: Integrative
view. Can see the links.
Some risk can’t be
quantified but doesn’t mean
that they can be managed.
Communication to a broad
audience, internal/external.
Build links with business
units where risks are
managed.
8. Enterprise Risk Advisory, LLC 7
(2)Internal: Interaction with the Board
Once a month
Once a quarter
Twice a year
Once every year
Other
Do not formally report 8%
1%
11%
15%
53%
12%
TP 2006 ERM Survey
92% report on risk to their
Board of Directors at least annually
9. Enterprise Risk Advisory, LLC 8
(2)Internal: Interaction with Senior
Management
Once a month
Once a quarter
Twice a year
Once every year
Other
Do not formally report
7%
5%
6%
8%
35%
39%
More frequent than with the Board, about 40% monthly
TP 2006 ERM Survey
10. Enterprise Risk Advisory, LLC 9
(2)External: Interaction with Shareholders
Once a month
Once a quarter
Twice a year
Once every year
Other
Do not formally report 39%
4%
27%
8%
18%
4%
TP 2006 ERM Survey
The majority (61%) of respondents indicate they
report on risk to shareholders at least annually
11. Enterprise Risk Advisory, LLC 10
(2)External Interaction with Regulators
Once a month
Once a quarter
Twice a year
Once every year
Other
Do not formally report 38%
5%
32%
3%
18%
4%
62% of the participants formally report on risk to regulators
TP 2006 ERM Survey
12. Enterprise Risk Advisory, LLC 11
(2)External Interaction with Rating Agencies
Once a month
Once a quarter
Twice a year
Once every year
Other
Do not formally report 37%
3%
48%
6%
6%
0%
63% report on risk to the rating agencies at least annually
TP 2006 ERM Survey
13. Enterprise Risk Advisory, LLC 12
(2)Internal Communication of Risk
Regular reports to executive
committee/board of directors
On an ad hoc, as-needed basis
Regular reports to CRO
Risk “dashboards” at the risk
category, business or corporate
level
Regulatory reporting formats
Other 4%
25%
29%
32%
45%
75%
(75%) provide reports on key risk exposures and risk management activities to
the executive committee or Board of Directors
TP 2006 ERM Survey
14. Enterprise Risk Advisory, LLC 13
(2)External Communication
Provide separate information to rating
agencies
Separate section devoted to risk management
in annual report
Provide supplementary information to
regulators
Use regulatory reporting formats
Provide separate information to financial
analysts
Do not externally communicate with
stakeholders
Hold focus groups with key
customers/suppliers/community
Other 4%
3%
14%
18%
31%
32%
45%
59%
More common with European insurers (68%)
North America (26%)
TP 2006 ERM Survey
15. Enterprise Risk Advisory, LLC 14
(3)Decision Making by CROS: Risk/Control
High Level position => High level involvement
Oversight role, not a cop!
Must exist at the same level as CFO.
Areas of focus:
Risk identification, particular emerging risks
Risk approval process of new initiatives making sure that all
risks are taken into account
Risk exception authorization
Risk prioritization and escalation.
Risk mitigation strategies and alternatives
Risk compliance and business continuity.
Risk communication
17. Enterprise Risk Advisory, LLC 16
(4)Risks under CRO’s Purview: Emerging
Reputational Risk
(52)
Regulatory Risk
(40)
Human Capital Risk
(40)
IT RISK
(35)
Financial, Market, Credit and Insurance Risk
(30)
Crime, security, political, natural hazard, FX, Terrorism, Country Risk
(20)
Source: Economist Intelligence
Unit, 2005
Max Scale: 100
18. Enterprise Risk Advisory, LLC 17
(5) TOP RISKS
Economic risks:
Credit losses are at historical lows: Risk of downturn is
increasing. No spill over yet from SubPrime meltdown.
Political risks are increasing everywhere.
Liquidity risk: private equity, structured deals.
Thus: Scenarios and Stress tests still RELEVANT.
Compliance with the new regulatory environment:
NAIC Corporate Governance For Risk Management Act
Solvency II.
Principles-based
Others: AML
Monitoring and identifying emerging risks:
Longevity risk. Impact of new lifestyles, drugs on health.
Extreme events: Avian Flu, terrorism and business continuity
Concentration of risks and links between risks.
19. Enterprise Risk Advisory, LLC 18
(6)Reporting relation of the CRO
Responsible for Risk Management
To Whom Primarily Reports
The person responsible for risk management most often reports to
the CEO (45%)
Chief Risk Officer
Chief Fin. Officer
Risk Management
Committee
Chief Actuary
Head of Internal
Audit
Other 14%
1%
8%
16%
18%
43%
CEO
CFO or Financial
Director
Board of Directors
COO
Risk Committee
Other 6%
4%
4%
17%
24%
45%
TP 2006 ERM Survey
20. Enterprise Risk Advisory, LLC 19
(7)ERM Culture
Evolutionary process: Must see a trend in a company from:
Existing risk identification in silos.
Start establishing links between risks: Ex. Natural Hedge
between life and annuity operations.
Start being proactive in risk assessment: Forward looking, not
just reporting on existing situation.
Embed risk analysis in new initiatives – new product, new IT
system, M & A,
Communicate internally and externally about your risk
situation.
21. Enterprise Risk Advisory, LLC 20
(7) ERM Culture: Enshrined in organizations
when:
Business lines takes the initiative on risk issues: Behaviors have
changed.
Prevention: Scanning for risks, consciously choosing the risks we
want to retain, then managing them proactively.
Detection: Early identification of risks from internal or external
sources.
CRO focuses only on emerging risk.
Recovery after risk occurrence and learn quickly: continuous
improvement.
Risk analysis becomes as important as revenue generation:
activities are evaluated on a risk-adjusted basis.
Compensation becomes tied to risk.
22. Enterprise Risk Advisory, LLC 21
(8) Risk Appetite:
Definition: Risk appetite is defined as the
organization’s willingness to accept risk in pursuit of its
strategic objectives.
Risk appetite is assessed against the organization’s
key drivers of success: financial and non financial.
The establishment of the statement on risk appetite is
intended to guide employees in their actions and ability
to accept and manage risks.
Preferable if determined from top down rather than
bottom up.
Define metric: Debt rating, earnings volatility.
23. Enterprise Risk Advisory, LLC 22
(8) Risk Appetite:
Link with overall strategic goal.
Ex. Insurance financial strength rating or desired debt rating -
which implies a desired capital to keep that rating over a given
time horizon-.
Translate into day-to-day management:
Allocate risk appetite to each type of risk by setting up
appropriate limits including the zero tolerance risk.. Ex. Fraud..
Allocate risk appetite even for the non quantifiable risk: Ex.
Reputation risk. Firm not willing to compromise its reputation.
Define risk tolerances around that risk appetite.
Communicate internally and externally: Build expectations
about risk. When risk materializes within limits, markets will not
react as they have already built it into their pricing.
24. Enterprise Risk Advisory, LLC 23
(9) Challenges of the CROs
Ensuring that the organization is in compliance with
the ever changing regulatory environment.
Informing the Board about significant risk issues.
Assuring business continuity and prepare for crisis:
crisis management and fight inertia to do so.
Monitor emerging risks: Operational, reputation,
environmental.
Get an integrated picture of risk: Establish links.
Embed risk management in day-to-day operations.
Linking risk management in capital management.
25. Enterprise Risk Advisory, LLC 24
(9) Challenges of the CROs
Improving the risk measurement and quantification
processes
Acting to manage the risk profile of your
organization
Improving internal risk reporting processes
Ensuring that risk management considerations are
explicitly factored into decision making
Improving the risk identification and prioritization
processes
Establishing a risk framework and/or risk policy
Improving education and internal communication of
risk management principles and approach
Establishing a risk management organization and
governance structure
Improving external communications
Incorporating risk management considerations into
incentive compensation
Other 1%
8%
14%
42%
46%
53%
54%
59%
63%
64%
77%
TP 2006 ERM Survey
26. Enterprise Risk Advisory, LLC 25
Thanks
Ellen Bull, Librarian at the SOA for useful references
and help for my two presentations
27. SOCIETY OF ACTUARIES
Life Spring Meeting (May 2007)
Session Topic:
Value Ladder
All Sessions 60
Expected Attendance 2,690 32
Actual Attendance 2,238 17
Number of responses 998 11
Return rate (# of resp./actual att.) 45% 65%
Overall 1
Rating Overall rating of this session 3.78 4.30
Provided you with practical technical information 3.97 3.60
Will enable you to make better business
decisions
3.83 4.10
Prepared you to impact industry-wide changes 3.64 4.00
Knowledge of Subject 4.28 4.36
Effectiveness of Delivery 3.79 4.50
Number of participants indicating presenter included
commercial promotion in presentation
0
Knowledge of Subject 4.28 4.27
Effectiveness of Delivery 3.79 3.90
Number of participants indicating presenter included
commercial promotion in presentation
0
Knowledge of Subject 4.28 4.55
Effectiveness of Delivery 3.79 4.30
Number of participants indicating presenter included
commercial promotion in presentation
0
Sim Segal Moderator Effectiveness 1
: Rate the
moderator's skills in managing this session
3.80 4.64
1
The rating scale used: Excellent (5), Very Good (4), Good (3), Fair (2), Poor (1), and N/A (no value).
2
The rating scale used: Strongly Agree (5), Agree (4), Neither Agree nor Disagree (3), Disagree (2), Strongly Disagree (1), and N/A (no value).
Emergence of the Chief Risk Officer
Robet Lautensack
Market
Learning
Experience 2
Indicate your level of
agreement with the
following. This session:
Evaluation Tips to keep in mind when reviewing the responses:
Numerical evaluations tend to give you a pretty good feeling for how well the attendees responded to the session as a whole. Scores in the
range of 3 to 5 are considered successful programs. Written comments come from people who may have a strong opinion, therefore they tend to
be very good or very bad. Repetitive comments that point to the same theme could be an indication of an area you may want to capitalize on in
the future or work on for future presentations.
Henry McMillan
Michel Rochette
PresenterEffectiveness1
4.30
3.60
4.10
4.00
4.36
4.50
0
4.27
3.90
0
4.55
4.30
0
4.64
3.78
3.97
3.83
3.64
4.28
3.79
4.28
3.79
4.28
3.79
3.80
This Session
All Sessions
Perception Solutions, Inc. www.perceptionsolutions.com 7/17/2007
28. SOCIETY OF ACTUARIES
Life Spring Meeting (May 2007)
Session Evaluation (Participants' Comments)
Session Value Ladder Overall Comments Regarding This Session
60 Market Good discussion - should be repeated so more attend.
60 Market Great format!
Perception Solutions, Inc. www.perceptionsolutions.com 7/18/2007 Comments- 1