This document is a dissertation submitted as part of an MSc in Insurance and Risk Management. It investigates the application of Enterprise Risk Management (ERM) within financial institutions, with a focus on the recent credit crisis and financial turmoil. The dissertation finds that while ERM was praised by academics and practitioners in the past, the crisis exposed weaknesses in some institutions' risk management practices. However, several firms weathered the storm comfortably due to actively applying ERM, with senior management closely communicating with risk departments and utilizing flexible risk models. The dissertation concludes by documenting the outperformance of firms that successfully applied ERM, and providing recommendations for improving ERM implementation.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Aaron Gracey of Squared Apples has developed this Organizational Resilience Model, which is based on research into how the UK military developed and maintained its resilience.
The tool can be used to review the current standing of an organization’s resilience, as well as provide guidance on activities that need to take place to enhance their current level.
https://www.bcpbuilder.com/2018/12/31/organizational-resilience-model/
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
Enterprise Risk Management and SustainabilityJeff B
An overview of our endeavors at implementing ISO 31000 enterprise risk management and the importance of establishing good risk culture within the company.
Aaron Gracey of Squared Apples has developed this Organizational Resilience Model, which is based on research into how the UK military developed and maintained its resilience.
The tool can be used to review the current standing of an organization’s resilience, as well as provide guidance on activities that need to take place to enhance their current level.
https://www.bcpbuilder.com/2018/12/31/organizational-resilience-model/
Enterprise Risk Management (ERM) is the process of planning, organizing, leading, and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
Enterprise Risk Management expands the process to include not just risks associated with accidental losses, but also financial, strategic, operational, and other risks.
In recent years, external factors have fueled a heightened interest by organizations in ERM.
Industry and government regulatory bodies, as well as investors, have begun to scrutinize companies' risk-management policies and procedures.
In an increasing number of industries, boards of directors are required to review and report on the adequacy of risk-management processes in the organizations they administer.
Since they thrive on the business of risk, financial institutions are good examples of companies that can benefit from effective ERM.
Their success depends on striking a balance between enhancing profits and managing risk.
In order for any enterprise to properly, effectively, and prudently manage their future growth, Business Strategy needs to be sustained by modern Enterprise Risk Management (ERM) principles and practices.
The Enterprise Risk Management discipline is not anymore a separate management profession or kinky management way, but rather it is a core competency that all organizations and executives must have in this Global Age. It should be a way of life for all.
Presentation Makes the Case for Enterprise Risk ManagementPYA, P.C.
PYA Principal David McMillan recently co-presented “Enterprise Risk Management” at the Massachusetts Continuing Legal Education 15th Annual Hospital & Health Law Conference.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Reducing an organisation’s property total cost of risk
(TCOR) is fundamental to its operational resiliency and
financial bottom line. Aon Property Laser is a unique
property and business interruption risk management
methodology that incorporates leading-edge diagnostic
and analytical tools to quantify risk exposure. By
identifying and analysing key property performance
indicators, Aon Property Laser helps organisations
to improve their risk profile, while also making the
insurance policy work more effectively should a loss
occur. Our property experts benchmark pre-loss and
post-loss risk management practices, activities and
results, to help assess and optimise an organisation’s
property risk profile.
Presentation Makes the Case for Enterprise Risk ManagementPYA, P.C.
PYA Principal David McMillan recently co-presented “Enterprise Risk Management” at the Massachusetts Continuing Legal Education 15th Annual Hospital & Health Law Conference.
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Reducing an organisation’s property total cost of risk
(TCOR) is fundamental to its operational resiliency and
financial bottom line. Aon Property Laser is a unique
property and business interruption risk management
methodology that incorporates leading-edge diagnostic
and analytical tools to quantify risk exposure. By
identifying and analysing key property performance
indicators, Aon Property Laser helps organisations
to improve their risk profile, while also making the
insurance policy work more effectively should a loss
occur. Our property experts benchmark pre-loss and
post-loss risk management practices, activities and
results, to help assess and optimise an organisation’s
property risk profile.
6 Pitfalls when Implementing Enterprise Risk ManagementPECB
This webinar covers seven common pitfalls faced when establishing enterprise risk management. Also, it conveys the commitment necessary for the proper implementation in order to achieve organizational objectives over time.
Main points covered:
Major drawbacks in Enterprise Risk Management
• Weak tone at the top
• Focusing on issues instead of risks
• Not embedding ERM within business
• Not rethinking perspective towards risk
• Unidimensional risk evaluation
• Vague risk responses
Presenter:
Shady Hallab is an Experienced Manager at PricewaterhouseCoopers LLP in Montreal. He focuses mainly on managing and directing enterprise risk management programs and acts as a risk advisor for evaluating and recommending risk solution best practices for a wide range of private, public and government organizations.
Link of the recorded session published on YouTube: https://youtu.be/GRj_GdIqIo4
The Management of Uncertainty
•It has long been recognized that one of the most important competitive factors for any organization to master is the management of uncertainty.
•Uncertainty is the major intangible factor contributing towards the risk of failure in every process, at every level, in every type of business.
•Managing business uncertainty may involve introducing, developing and implementing strategic enterprise management frameworks for –
–Corporate Foresight and Business Strategy
–Business Planning and Forecasting
–Business Transformation
–Enterprise Architecture
–Enterprise Risk Management
–Enterprise Performance Management
–Enterprise Governance, Reporting and ControlsEAEA
A new emphasis on enterprise risk management from regulators has heightened awareness among bankers to get educated and adopt these best practices at their institution. In response to this increased focus, the RMA ERM Council developed the ERM framework and associated competencies, which became the foundation for a series of highly practical workbooks for implementing effective ERM.
Why do companies need to manage the entire customer experience? New analysis reveals that the entire customer journey - the series of interactions with a brand - is more important than any single touchpoint experience. Leading companies identify and effectively manage a few "key journeys." When companies perfect managing the entire customer journey, they reap significant benefits—including enhanced customer and employee satisfaction, reduced customer churn, increased revenue, lower costs, improved organizational collaboration, and competitive advantage. Presented at the Harvard Business Review webinar. For more on customer decision journeys: http://mckinseyonmarketingandsales.com/topics/customer-decision-journey
Companies that want to turn excellent customer experience into growth need to master Customer Journeys. Customer Journeys (the set of interactions a customer has with a brand to complete a task) and less moments of truth are what matter for a customer. Companies that master not only see an improvement in customer experience, loyalty, and operational productivity; they also see above-market growth.
ERM Implementation ERM is essential for organizations.docxelbanglis
ERM Implementation
ERM is essential for organizations in managing risks and improve on opportunities related to the achievement of organizational objectives. Statoil and United Grain Growers have established an enterprise risks management that meets their company goals based on the challenges each of them is facing.
The primary difference between ERM in Statoil and United Grain Growers is that ERM will affect management at the latter. Additionally, ERM at United Grain Growers seeks to retrieve the company from financial constraints while at Statoil, ERM seeks to improve organizational performance. However, ERM at the two companies share some similarities. For instance, ERM at United Grain Growers seeks to identify and access principle risks. The same applies to Statoil which seeks to identify any potential risks during the exercise. Besides, the two companies have a strategic risk plan. A strategic plan is essential as it outlines the role of a manager, CEO and everyone involved in the steps of an ERM (Robert and Liebenberg, 2011). United Grain growers has a strategic plan to improve financial dividends while Statoil has a risk map and committee with outlined roles and responsibilities.
The Statoil ERM seems workable and productive meaning I can implement it is it were up to me. On the contrary, I will not implement the United Grain Growers ERM. In my opinion, the ERM lacks the potential to solve financial constraints that the company is experiencing. However, some parts of it are productive, but a merger comes in with other risks for the struggling company. For instance, a merger will lead to employee layoff which might put the company at a risk of losing some important skills (Chui, 2011). Additionally, the company assets might be miscalculated during financial evaluation leading to more losses.
Generally, the ERM at Statoil might be successful in future because it is based on company goals and values. On the contrary, UGG ERM might not succeed because there are many risks associated with its strategy for implementation.
References
Chui, B.S. 2011. A Risk Management Model for Merger and Acquisition.
Robert, E.H. and Liebenberg, A.P. (2011). The Value of Enterprise Risk Management. The
Journal of Risk and Insurance, 78(4).pp. 795-822.
https://doi.org/10.1111/j.15396975.2011.01413.x
According to Brustbauer, 2016 Enterprise risk management help the company prepare for the uncertainties and disasters that may occur all along. Every business must identify the threats likely to face the business and come up with a contingency plan. Different companies faces different threats and uncertainties and therefore while coming up with the risk management plan one must consider the uniqueness of the enterprise and the likely threats to occur. These differences make the companies and business have different hierarchy of risks that are likely to occur. This paper is going to compare and contrast the enterprise risk management of the united g ...
Business and Risk go hand in hand, the professionals like chartered accountants with expertise in finance, management and audit are well suited for the role of forecasting, evaluating, and mitigating prospective risk involve in any organization’s activity and seize opportunities to take the growth of business on next level. This article brings you in-depth details of the role of a chartered accountant in Enterprise Risk Management.
2017 coso-erm-integrating-with-strategy-and-performance-executive-summaryVALUES & SENSE
This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. The updated document, titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance.
Top of FormChapter 22 PPT - JAA Inc.–A Case Study in Creating Va.docxjuliennehar
Top of Form
Chapter 22 PPT - JAA Inc.–A Case Study in Creating Value from Uncertainty
1. How high do you assess the knowledge level of the business strategy throughout the company by the average employee? Is it your assessment that there is a robust understanding of JAA’s business strategy? Support your position with examples.
2. As you are aware, effective implementation of ISO 31000 involves effective design and implementation of a risk management framework and effective implementation of the risk management processes. This will be verified by incorporation of 11 key principles. Find an example in the case for each of the 11 principles in action.
3. If you compare the internal audit department at JAA to several that you know of currently in the marketplace, what are some of the major differences that you see at JAA that obviously have contributed to superior performance? What is unique and refreshing about the approach to the external audit as compared to what you have seen in industry?
Top of Form
Chapter 25 - Uses of Efficient Frontier Analysis in Strategic Risk Management
1. How does efficient frontier analysis (EFA) differ from other forms of complex risk assessment techniques?
2. What limitations might an analyst encounter through the use of EFA?
3. How can efficient frontier analysis results be communicated and utilized with nonmathematical decision makers?
Requirements:
· API Format, No Plagiarism, You must also use a scholarly source
· As a reminder, you must list every reference that you used to build your response then cite every reference within every sentence that you used it with a properly APA formatted citation (ABC, 2019). Citation is author last name and year.Bottom of FormBottom of Form
· You have to answer every question, No word limit. I need the answers for each and every question separately with citations matched to the references.
· Provide the answers in a word doc file for chap 22 and chap 25, like question and answers for 6 questions.
· I need the answers for each and every question separately with citations matched to the references.
Chapter 22: JAA Inc.—A Case Study in Creating Value from Uncertainty: Best Practices in Managing Risk. This case has several important take aways as follows.
· To study the importance of the communication process to the overall success of a company’s business objectives
· To understand the relationship of strategic objectives, context, stakeholders, and risk criteria and how these play a critical role in the overall effectiveness of risk management
· To understand the changing role for internal and external audit and the demands that are being placed on both groups to step up to the plateTo understand the role of the board and its various committees in a company’s overall effectiveness of risk managementTo understand the key organizations and materials from around the globe that are playing a profound thought leadership role in risk management to further enhance education/thinki ...
Week 5 Post-Course Assessment Quiz
www.it-ebooks.info
http://www.it-ebooks.info/
www.it-ebooks.info
http://www.it-ebooks.info/
Additional Praise for
Implementing Enterprise Risk Management
“Educators the world over seeking to make the management of risk an integral part
of management degrees have had great difficulties in providing their students with
a definitive ERM text for their course. The Standards and associated Handbooks
helped, but until the arrival of Implementing Enterprise Risk Management: Case Stud-
ies and Best Practices, there has been no text to enlighten students on the application
of an effective program to manage risk across an enterprise so that objectives are
maximized and threats minimized. Fraser, Simkins, and Narvaez have combined
with a group of contributors that represent the cream of risk practitioners, to pro-
vide the reader with a clear and concise journey through the management of risk
within a wide range of organizations and industries. The knowledge, skills, and
experience in the management of risk contained within the covers of this book are
second to none. It will provide a much needed resource to students and practition-
ers for many years to come and should become a well-used reference on the desk
of every manager of risk.”
—Kevin W. Knight AM, chairman, ISO/TC 262—Risk Management
“The authors—Fraser, Simkins, and Narvaez—have done an invaluable service to
advance the science of enterprise risk management by collecting an extensive num-
ber of wonderful case studies that describe innovative risk management practices
in a diverse set of companies around the world. This book should be an extremely
valuable source of knowledge for anyone interested in the emerging and evolving
field of risk management.”
—Robert S. Kaplan, senior fellow, Marvin Bower Professor of Leadership
Development, emeritus, Harvard University
“Lessons learned from case studies and best practices represent an efficient way
to gain practical insights on the implementation of ERM. Implementing Enterprise
Risk Management provides such insights from a robust collection of ERM pro-
grams across public companies and private organizations. I commend the editors
and contributors for making a significant contribution to ERM by sharing their
experiences.”
—James Lam, president, James Lam & Associates; director and Risk Oversight
Committee chairman, E∗TRADE Financial Corporation;
author, Enterprise Risk Management—From Incentives to Controls
“For those who still think that enterprise risk management is just a fad, the varied
examples of practical value-generating uses contained in this book should dispel
any doubt that the discipline is here to stay! The broad collection of practices is
insightful for students, academics, and executives, as well as seasoned risk man-
agement professionals.”
—Carol Fox, ARM, director of Strategic and Enterprise Risk Practice, RIMS
“Managing risk across the enterprise is the new frontie ...
Rukmini Akula D-12COLLAPSETop of FormNow a days various to.docxhealdkathaleen
Rukmini Akula
D-12
COLLAPSE
Top of Form
Now a days various tools are very commonly used for the aid designers, and some of the additional theories will also offer some of the analytical rigorous report to all the engineering designs, and concurrent engineering would be the one of the most practical method in order to improve the design process, and there are also some of the common tools, that are usually used in order to obtain the input from the stakeholders or from the business team in the organization, in the design process, in this process, some of the methods may be like pugh method, quality function, deployment, decision matrix techniques, and the analytical hierarchy process, and these are some of the methods in order to build the design process in the organization or in the company. And these tools also include relatively some of the high levels of the subjective judgement(K, 2017). Some of the additional set of tools also addresses the variability, quality, and also the uncertainty in the design process, and these tools are more analytical and are also typically combined to these processes which are used to produce the products(S, 2016). Still there are some other tools that are also used to generate the alternate designs for the designers who are working for the web application design for their organization or for their companies.
References:
Eades, K. (2017), "General Motors: 1991 Equity Financing", Darden Business Publishing Cases. https://doi.org/10.1108/case.darden.2016.000131.
Bongoni, R. and Basu, S. (2016), "A multidisciplinary research agenda for the acceptance of Golden Rice", Nutrition & Food Science, Vol. 46 No. 5, pp. 717-728.
Bottom of Form
www.it-ebooks.info
http://www.it-ebooks.info/
www.it-ebooks.info
http://www.it-ebooks.info/
Additional Praise for
Implementing Enterprise Risk Management
“Educators the world over seeking to make the management of risk an integral part
of management degrees have had great difficulties in providing their students with
a definitive ERM text for their course. The Standards and associated Handbooks
helped, but until the arrival of Implementing Enterprise Risk Management: Case Stud-
ies and Best Practices, there has been no text to enlighten students on the application
of an effective program to manage risk across an enterprise so that objectives are
maximized and threats minimized. Fraser, Simkins, and Narvaez have combined
with a group of contributors that represent the cream of risk practitioners, to pro-
vide the reader with a clear and concise journey through the management of risk
within a wide range of organizations and industries. The knowledge, skills, and
experience in the management of risk contained within the covers of this book are
second to none. It will provide a much needed resource to students and practition-
ers for many years to come and should become a well-used reference on the desk
of every manager of risk.”
—Kevin W. Knight AM, chairman, ISO/TC 262—Ri ...
Running head COMPANY SELECTION1COMPANY SELECTION4CO.docxhealdkathaleen
Running head: COMPANY SELECTION
1
COMPANY SELECTION
4
COMPANY SELECTION (Amazon)
Company Selection
Amazon Organization Background
According to the studies, Amazon is one of the multinational companies based in the USA. Its headquarters are located in Seattle, Washington. Amazon operates in the e-commerce business, digital streaming, and cloud computing and artificial intelligence. Recent news indicates that Amazon has had various organizational issues, especially on the leadership aspect (Ott, 2012).
Organization issues in Amazon
Insensitive management. Reports reveal that the employees with different personal hardships such as miscarriages, cancer and other personal problems were significantly faced with unfair judgements. Others were given limited time to recover from their issues, which created a lot of issues for the employees.
Unfair ranking system. The Amazon management holds annual organizational-level reviews to discuss and determine the ranking of the subordinates. The reviews start with a discussion concerning the lower-level employees in front of the senior managers. Consequently, the king of review system employees in the raking system is not correct. It leads to the discrimination of some employees while favoring others.
Lack of benefits. Benefits are essential in any company to boost the motivation of the workers. However, Amazon fails to provide its employees with benefits such as meals, personal wellness and other critical benefits that can motivate the employees. Hence, Amazon gives no priority to its workers. Instead, the new employees are required to repay a share of their signing bonus if one quits before the years’ time. Such acts are discriminative.
Why do such issues hinder Amazon organizational efficiency?
Organizational issues contribute to organization controversies. The organization issues in Amazon provides to workers turn over. Besides, an unfair ranking system contributes to a poor relationship between the management and the workers. Also, the lack of benefits lowers the morale of the workers, thus reducing organizational productivity (Robbins & Judge, 2012). Hence, for an organization to succeed ant attain its set objective organizational issues should be avoided.
References
Ott, J. S. (2012). The organizational culture perspective (pp. 221-243). Chicago: Dorsey Press.
Robbins, S. P., & Judge, T. (2012). Essentials of organizational behavior.
www.it-ebooks.info
http://www.it-ebooks.info/
www.it-ebooks.info
http://www.it-ebooks.info/
Additional Praise for
Implementing Enterprise Risk Management
“Educators the world over seeking to make the management of risk an integral part
of management degrees have had great difficulties in providing their students with
a definitive ERM text for their course. The Standards and associated Handbooks
helped, but until the arrival of Implementing Enterprise Risk Management: Case Stud-
ies and Best Practices, there has been no text to enlighten students on the ...
Enterprise Risk Management in Financial Institutions- Revelations of the Recent Credit Crisis and Financial Turmoil
1. [Type text] [Type text] [Type text]
Enterprise Risk Management
in Financial Institutions
Revelations of the Recent Credit Crisis and Financial Turmoil
“ A smart man always learns from his mistakes,
A wise man learns from mistakes of others,
A foolish man never learns “ K.Hayes
A n d r e a s Z a r i f i s
2. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
2 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Enterprise Risk Management
In Financial Institutions
Revelations of the Recent Credit Crisis and Financial Turmoil
Submitted By:
Andreas Zarifis
July 2008
Supervisor
DrSotirisStaikouras
ThisdissertationissubmittedaspartoftherequirementsfortheawardofMSc
InsuranceandRiskManagement
3. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
3 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
MSc PROGRAMMES
MSc in:____________________________
08Fall
CRITERIA COMMENTS (Supervisor only)
Literature Review
Examination and analysis of
information/data
Understanding and coverage of topic
Originality and difficulty
Overall structure of the work
Conclusions
Literacy, style and presentation
GENERAL COMMENTS (Second Internal Assessor)
GENERAL COMMENTS (External Examiner)
70% + 60-69% 50-59% 49% or less Signature
Supervisor (name)
2nd Internal Supervisor (name)
External Examiner
Student(s) Name(s):_________________________________Date:____
Title of Project: ______________________________________________________
FINAL AGREED MARK
Please enter percentage mark in appropriate Box
(Title of Degree)
4. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
4 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Abstract
This study investigates the application of Enterprise Risk Management1 within
Financial Institutions with focus on the recent credit crisis and financial turmoil.
For the past years, both academics and practitioners have praised Enterprisewide
risk management policies and procedures in Financial Institutions exhibiting how
Enterprise Risk Management implemented as a strategic tool and as part of the
decision making process, may reap out various benefits. It may allow value creation
over the long term and mitigate unforeseen scenarios that prevent a corporation
from reaching its objectives. Even so, implementation is paradoxical, from a long
term profithouse centre, to a shortterm marketing compliance tool.
The recent financial turbulence tested the risk management systems of FI2s and
exposed weaknesses of institutions risk management practices, bringing to
question the viability of ERM. In contrast several firms weathered the storm quite
comfortably without severe deficiencies. The differentiating factor is found to lie on
how ERM was applied and executed across the organization, with specific areas of
concern and lessons to be learned.
An outperformance by firms successfully applying ERM throughout the period is
documented. These firms have overcome the recent turmoil without significant
losses while other organizations financial performance has deteriorated to various
levels, even bankruptcy. Furthermore it is found that in those firms that avoided
significant losses senior management played an active role and closely
communicated with risk departments at all times. Flexible risk models were utilized
incorporating new market conditions and decisions involving new products where
challenged by various views and perspectives. Lastly, based on results attained,
recommendations will be made on ways to progress in terms of implementing ERM
in search for a foolproof risk management system in financial institutions.
1 In the context of this report is synonymous to “holistic risk management”, “strategic risk management” and
“strategic risk management” in terms of assessing risk and risk management via a comprehensive view
and as pronounced by the (CAS) Casualty Actuarial Society
2
In the context of this report will refer to Financial Institutions (Banks, Insurance companies, Asset
management firms, hedge funds)
M S c I n s u r a n c e a n d R i s k M a n a g e m e n t
5. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
5 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Acknowledgements
First and foremost, I would like to express my gratitude to my supervisor, Dr Sotiris
Staikouras. He has been a true mentor; providing me with invaluable guidance, help
and support throughout the course of this MSc. His professionalism and enthusiasm
have proven inspirational for researching and writing up this paper. Furthermore I’d
like to thank my course leader, Dr Christopher Parsons, his wisdom and manner of
conveying information have been encouraging throughout the year. I would also like to
thank my friends for their encouragement and patience. I am grateful to my father for
his support and understanding and as well as for the sacrifices he has made, giving me
the opportunity to do this MSc. Last but not least, I would like to dedicate this piece of
work to my mother who despite not physically being present throughout the majority of
my life has always been my key motivator in search for knowledge, self-fulfillment and
happiness.
6. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
6 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Table of Contents
Contents.................................................................................................................................................6
List of Figures .......................................................................................................................................7
List of Tables .........................................................................................................................................8
Data and Methodology......................................................................................................................9
Chapter 1 Introduction ............................................................................................................ .11
1.2 Purpose of the Study........................................................................................................... 15
1.2 Main Findings......................................................................................................................... 15
1.3 Limitations .............................................................................................................................. 16
Chapter 2 Risk Management in Financial Institutions ........................................... 18
2.3 Upsurge of Regulatory Scrutiny and Capital Requirements.............................. 18
2.3 Risk Management in Silos................................................................................................. 21
Chapter 3 Literature Review .................................................................................................. 23
3.1 ERM Development and Foundations ........................................................................... 23
3.2 Defining and Implementing the Framework............................................................ 24
3.3 ERM in Practice and Industry Observations............................................................. 29
Chapter 4 Findings from the Credit Crisis ...................................................................... 33
4.1 Drivers and Implications from the Financial Turmoil.......................................... 33
4.2 Case Studies............................................................................................................................ 35
4.3 Fundamental Weaknesses in ERM Implementation ............................................. 37
4.3 Questioning the Viability of ERM................................................................................... 49
Chapter 4 Conclusions ............................................................................................................... 41
References ........................................................................................................................................ 54
7. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
7 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
List of Figures
Figure 1: The Prospect Theory............................................................................................... 11
Figure 2: Main Categories of Risks Facing Financial Institutions........................... 12
Figure 3: Goal of Risk Management in a Strategic Perspective................................ 13
Figure 4: Total Eligible Capital as Provided by Basel II............................................... 19
Figure 5: Economic Capital for Credit Risk....................................................................... 20
Figure 6: Risk Management in Silos..................................................................................... 21
Figure 7: COSO ERM Framework.......................................................................................... 25
Figure 8: The Risk Management Process .......................................................................... 26
Figure 9: ERM Impacts Four Board Functions................................................................ 28
Figure 10: Phases of The Crisis.............................................................................................. 33
Figure 11: Lawsuits related to the Credit Crisis so Far............................................... 42
8. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
8 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
List of Tables
Table 1: Most significant losses so far ................................................................................ 35
Table 2: S&P Defining ERM in respect to Credit Rating Requirements................ 43
9. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
9 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Data and Methodology
The research report was primarily based on desk research. The majority of the
material was gathered from books, journals and the Internet. The topic in
research has been in discussion for more than a decade but is still at its
embryonic stages of development in practice. As such there are various
limitations in terms of collecting adequate primary data. Despite this, the topic
has attracted abundant literature from academics and research by various
practitioners as (GARP) Global Association of Risk Professionals; (RMA) Risk
Management Association, (PRMIA) Professional Risks Managers Association,
(CAS) Casualty Actuarial Society, (ERMII) Enterprise Risk Management
International Institute, (IRM) Institute of Risk Management, all of which
investigate the benefits of ERM. At the same time regulators have been
promoting such frameworks in search of investor protection and in association
with specialist practitioners have published various guidance’s relevant to
effective incorporation. (Basel II, 2003);(COSO, 2004); (Solvency II proposal,
2007); (Combined Code, 2003);(Sarbanes Oxley Act, 2002).
In consideration of the current practices of ERM a secondary type investigation
was applied analysing the implementation of ERM throughout the recent turmoil
and the weaknesses that have been discovered in Financial Institutions’ Risk
Management processes. The primary basis of this was derived through surveys,
reports and speeches published post‐onset of the turmoil from various
practitioners; as Deloitte, (PWC) PriceWaterhouseCoopers, KPMG, (AIRMIC)
Association of Insurance and Risk Managers, ERM symposium, (IOA) Institute of
Actuaries, research companies within the field; Edhec, Navigant Consulting,
(CEPR) Centre of Economic Policy research, Chartis as well as Central Banks and
regulators; Federal Reserve, Bank of England, (IMF) International Monetary fund
and (SEC) the Senior Supervisors Group . These provided invaluable information
in relation to the research findings of this report.
10. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
10 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
This report should be seen as an effort to tackle the loopholes that deprive
banks, insurers and other financial institutions from adequately and effectively
applying ERM. This is provided by the market players that managed to weather
the storm and without severe consequences due to efficacious implementation of
the framework. Most Financial Institutions, especially banks have already
adopted such firm‐wide risk management but there is no empirical evidence
backing the supremacy of such an approach to the traditional risk management
in silos. Regardless of, the research stipulates those qualitative factors that incite
Financial Institutions to adopt such an approach and riposte to why ERM is
superior to the traditional departmental risk management approach. Based on
the success factors implied by the financial turmoil there will be integration with
literature findings ensuing the way to adequate risk management systems in
financial institutions.
11. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
11 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Chapter 1: Introduction
Pertinent to finance, risk management emerged in 1959 and referred to portfolio
theory (Markowitz, 1952), it was initially utilised in managing the insurance
portfolios of organisations. The risk management process can be traced back to
1974 when Gustav Hamilton pioneered in illustrating the interaction and
integration of all elements of the risk management process in “risk management
circle”. Five years on ‘prospect theory’ (Daniel Kahneman and Amos Tversky,
1979) demonstrated the perverse irrationality of human nature when faced with
risk, with fear of losing often‐outshining gain expectations, as exhibited in
Figure 1.
Figure 1 The Prospect Theory
(Padula et al, 2005)
Risk may be divided into 2 categories (Schroek, 2002):
Specific: These are risks specific to the firm or the industry it operates and that
may be diversified through a balanced portfolio of stocks.
Systemic: Such risks affect the market fundamentally, cannot be diversified and
express the degree of covariance of the deviations with the changes in the broad
market environment. This risk may be rewarded in the expected returns as
derived by the CAPM.3
3 Capital Asset Pricing model
12. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
12 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Figure 2 illustrates the main categories of risk faced by Financial Institutions4.
An actual example and more absolute proposal of a Financial Institution’s risk is
illustrated in Figure 3
4 These categories can be further broken down into a large number of further risk categories. See Saunders
(2008).
5 External fraud (e.g. 3rd party theft of information), physical damage (e.g. earthquake, fire)
6 It should be noted that there is no agreed universal definition.
Figure 2 Main Categories of Risks Facing Financial Institutions
Operational Risk
The risk of loss arising from inadequate or
unsuccessful internal controls, people and
systems or from external hazardous5
events6(BIS, 2004).
Credit Risk
The risk that
arises when a
counterparty of a
loan reschedules
or fails to make a
payment or its
credit grade is
migraded
(e.g.downgrading
of credit rating)
leading to
economic los s of
the FI.
(Ong, 1999)
Market Risk
The risk arising
from assets and
liabilities of an
FI due to
changes to
market factors
as interest
rates, currency
values and/or
commodiy or
equity prices
(Saunders,
2008)
Business Risk
The risk that arises (other than credit or
market risk) driven by Fundamental
changes within the FIs environment that
may impact its future revenues(e.g. price
wars, threat of entry) (Lam and
Cameron,1999)
(ERisk.com, 2004)
13. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
13 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
As the Economic landscape evolved7 FI’s interest in risk management grew
considerably. Reacting to such increasing volatilities led to the introduction of
innovative products as forwards, swaps, options and futures. Furthermore as
financial institutions sought to incorporate risk management into their day‐to‐
day activities bankers advocated on new measures as Value at Risk, (J. P Morgan8
1994) this was mainly utilised to strengthen internal controls within their
lending and trading activities. At present day financial institutions conduct risk
management extensively and consider it as a vital corporate objective and core
competence (Raposo, 1999). This is characteristic of financial institutions as they
continuously endeavour in enhancing the efficiency of their processes as well as
the wealth of their stakeholders, thereby developing technological and financial
innovations. Peters goes further arguing that innovation is a prerequisite of
7 A) Increases in volatility from interest rates, exchange rates and commodity prices; B) Regulatory changes
and modern requirements; C) technological advances: D) Globalisation.
8 RiskMetrics.
Figure 3 Goal of Risk Management in a Strategic Perspective
(TD Bank Financial Report, 2004)
14. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
14 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
survival9 in the financial sector (1997). New products develop and markets
integrate aiming to deliver corporate objectives bringing along a number of
complexities and risks previously unheard of. One of the first academics to note
this was Ulrich Beck (1992), Director at the University of Munich who argues, the
dynamic aspect of risk is linked to the increasing organisational and
technological complexity within modern societies. Furthermore, Shimko and
Humphreys (1998) point out that banks with superior risk‐management skills
and systems surpass their competitors because in the long run a company’s stock
will outperform as losses are avoided.
This report provides a novel literature examining Enterprise Risk Management
Drivers and the stage the Financial Sector has reached in effectively
implementing such framework. Surveys convey industry participants’
confirmation of the dominance of ERM in their organizations; findings from
actual market practice are discovered in search for such confirmation,
emphasizing how well these frameworks were established and operated pre and
post financial crisis.
9 Axel Lehmann, CRO at Zurich Financial Services (2008) argues “Financial innovation has been a key factor
in economic growth over the last 10 to 20 years. So if we want to have continued economic growth on a
worldwide basis, that absolutely depends on innovation in the financial sector, including insurance.”
15. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
15 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
1.1 Purpose of the Study
This study has a binary purpose
1. To determine the main motivations behind ERM development and the
level of understanding exhibited by market participants corresponding to
the framework. Academia literature and industry reports prior to the
turmoil were used for this purpose.
2. To investigate how financial institutions applied risk management
practices throughout the financial distress and how effective enterprise
risk management contributed to several organisations’ safeguarding in
light of stressful conditions.
1.2 Findings
Enterprise Risk Management implementation was the key factor affecting the
effectiveness of risk management practices throughout the turmoil. This proved
to be the differential between Financial Institutions avoiding significant losses
throughout the subprime crisis and those that sustained considerable losses.
Specifically, those firms that championed ERM throughout the turmoil
successfully implemented a number of critical success factors:
1. Senior management implemented vigorous oversight of risk.
2. A wide array risks measures were used that were flexible in terms of
refining underlying assumptions.
3. Data fed in stress testing and Value at Risk models were constantly
updated and challenged.
4. Effective Communication amongst senior management, risk management
functions and business lines was emphasised, breaking down hierarchical
structures and silos.
5. Due diligence and judgement pioneered when assessing valuations,
without excessive reliance on external rating agencies, constantly
developing models to value complex or less liquid securities.
6. Robust controls on balance sheet growth, including incentives for
16. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
16 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
business lines adhering to limits and extensive monitoring of off‐balance
sheet entities.
1.3 Limitations of the Study
1. A primary research on the topic would have derived more complete and
explicit results. Due to the undeveloped nature of the topic in practice and
the lack of appropriate transparency in risk management disclosures
secondary research could provide utmost unprejudiced results.
2. Despite deriving results from a wide array of sources and organisations
these may be biased to a degree, reason being, firms analysed within this
report may have shareholdings in research companies that have
conducted surveys throughout the turmoil. Thus there may be a
distortion related to publicised findings. In an attempt to mitigate this
manipulation, regulatory and central bank reports have been used to
confirm findings.
3. The Financial turmoil is still proceeding and affecting firms in various
ways, thus by the end of the crisis a number of new findings may come to
the surface without being mentioned in the following context.
4. Financial Institutions analysed within this study have a capital base of
$5bn at the minimum.
17. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
17 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
This report should be seen as an effort to tackle the loopholes that deprive
banks, insurers and other financial institutions from adequately and effectively
applying ERM. This is provided by the market players that managed to weather
the storm and without severe consequences due to efficacious implementation of
the framework. Most Financial Institutions, especially banks have already
adopted such firm‐wide risk management but there is no empirical evidence
backing the supremacy of such an approach to the traditional risk management
in silos. Regardless of, the research stipulates those qualitative factors that incite
Financial Institutions to adopt such an approach and riposte to why ERM is
superior to the traditional departmental risk management approach. Based on
the critical success factors implied by the financial turmoil there will be
integration with literature findings ensuing the way for the application of
adequate risk management systems in financial institutions.
18. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
18 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Chapter 2: Risk Management in Financial Institutions
2.1 Upsurge in Regulatory Scrutiny and Capital Requirements
Towards the late 1990’s, Risk Management caught the attention of the Anglo‐
Saxon Corporate Governance policy makers who endeavoured in finding a
solution to the lack of basic management integrity/competence and weak
internal risk controls. This was brought by a number of internal control
inadequacies (B. Barings bank, 199210), accounting scandals (Enron, 200211) and
irresponsible senior management actions (Equitable Life Assurance Society12).
The rise of high company profile failures and scandals had led to corporate
governance and regulatory scrutiny widening its scope, to deal with risks that
companies face. Corporations are now required to increase the transparency of
their disclosures and internal control systems which they have embedded to
retain, finance or transfer risk. This can be through a rule base system issued
through legislation as the US Sarbanes Oxley Act 2002 or a principal based
system as the Combined Code 2003 in the UK.
European institutions are directed to comply with guidance concerning their
capital requirements and valuations. Solvency II, a principle‐based guidance
aimed at improving risk management across a Single European Insurance
market. It directs insurers to identify and report risk correlations and
interdependencies that suggest the use of Enterprise Risk management models.
10
Nick Leeson a 27-year-old futures trader at the Singapore offices of the bank who managed to los over $1billion
of the bank’s money. He concealed his losses as a result of allowing him to get involved in settling his accounts
that he exploited by creating an error trading account. He sustained this until he left the bank in 1995. This resulted
in the bank’s bankruptcy and was subsequently sold to the ING group (Gapper et al, 1995).
11
Despite not related to financial institutions it is worth mentioning due to the impact it made on corporate
governance regulations. The Enron scandal led to 5000 job losses and $1bn in employee in retirement fund losses.
This was disguised in Special Purpose Vehicles as no reporting requiremenst are required that were used to book
loans as trading revenues (Batson, 2008). They executive management not only fooled investors but also analysts
who continued recommending it as a “strong buy” when it was making consecutive losses (Bloomberg, 2008)
12
The oldest mutual life insurer (246 years of age) promising its policyholders more money (in the form of
guaranteed annuities) than it actually had for almost more than a decade, (this gap reach $4.4bn by 2001) due to
faulty Asset and Liability Management and using dubious actuarial techniques to obscure this. Equitable
distributed maximum payouts in the good years (characterized by low interest rates) and inadequately reserved for
rainy days (BBC News, 2004). This resulted in more than a million’s retirement funds being slashed. Seven years
on, investors are seeking $4.5 from ministers in the UK as the investigation discovered “Serious regulatory failure”
when overseeing their operations. (Guardian, 2008).
19. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
19 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Furthermore Basel II identifies the long‐term uncertainties that exist respective
to financial institutions operations. Within this setting, the Basel accords were
formulated to develop and the risk management functions of Financial
Institutions; “From a commercial bank wholesale perspective, from allocating
capital based on generic categories (Banks, Corporate, Sovereigns) to specific
borrowers or institutional debt (Citi Microfinance & Clifford Chance LLP April
2008).”It provides international directives regarding minimum capital
requirements that ought to be held against risks. The following three tiers
(Figure 4) provide eligible provisions on Regulatory capital, as defined by the
Basel Accord.
Figure 4 Eligible Provisions of Regulatory Capital as Provided by Basel II
Tier 1: (Core Capital) includes capital and disclosed reserves (e.g. Qualified stock, surplus,
retained earnings)
Tier 2: (Supplementary –Secondary Capital) includes undisclosed reserves, subordinated
debt, perpetual debt and other debt and equity instruments
Tier 3: (Tertiary Capital) – Includes a wide array of debt and equity products in place to
cover part of a FIs market risks that have not been externally verified.13
(BIS, 2004)
Furthermore Basel II recapitulates on the use of Economic Capital, this is the
amount of risk capital from a bank’s perspective that would be required to
13 Investopedia.com provides easy to read comprehendible guidelines of these.
20. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
20 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
remain solvent at a given confidence level and time horizon. The framework is
incorporated by Value at Risk models, deriving measures for market (VaR),
credit (cVaR) and other risks. An example of a VaR calculation of (EC) Economic
capital for credit risk is depicted in Figure 5.
Figure 5 Economic Capital for Credit Risk
The illustration provides the organisation with expected and unexpected losses
produced by a VaR calculation. The former encapsulates losses arising from daily
operations while the latter (tail past 3% in this case) represents standard deviations
from the expected losses. This example illustrates a confidence interval of 99.95%. This
corresponds to a “AA” rating. Depending on the firms risk appetite and target credit
rating, economic capital can be calculated likewise.
(Investopedia.com, 2008)
Lastly Basel II defines operational risk14, integrates it with credit risk and
provides three mechanisms by which operational risk of increased complexity
may be computed. Thus credit rating agencies and lenders may be adequately
informed. It aligns regulatory requirements on capital closer to risk but also
introduces a more sophisticated approach to risk management. This aspires in
developing a risk culture amongst lenders, whereby the corporation understands
and remains focused on risk as a core element of the desired strategy.
14 This definition includes legal risk, but excludes strategic and reputational risk. (BIS, 2004) and is
portrayed in figure 2
21. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
21 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
2.3 Risk Management in Silos
Gaining wide acceptance for the past years and influencing the reforms proposed
by Basel II is management of risks via silos, a method emphasising the
quantification of risks, making use of the latest risk measurement advances in
the field (Garside et al, 1999). This method (Figure 6) sets limits across risk
types and monitors and reports developments in the risk silos (Marrison, 2002).
Figure 6 Risk Management in Silos
The Case of an Insurer
(KPMG, 2007)
There are weaknesses attached to this approach, for example performance
indicators for one business line may be driven by premium growth without the
consideration on how this may affect the overall risk and capital needs in the
long term. Likewise a firm’s division may underwrite an amount of business to
increase its market share without evaluating, understanding or communicating
22. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
22 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
the risk to the overall enterprise. A firm may alter its risk profile and appetite
without full consideration of the implications from various hazards (e.g.
policyholder behaviour, variations in location); Despite aiming to reduce the
overall risk profile it may actually result in increasing the risk for the
corporation, overall (KPMG, 2007). A reference to an idiom by Alfred Einstein is
appropriate15 at this stage:
"Not everything that counts can be measured. Not everything that can be measured
counts."
15 This suitable is suitable for risk management in silos as the emphasis of the approach is on rendering as
many possible risks susceptible to quantification (Mikes, 2008)
23. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
23 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Chapter 3: Literature Review
3.1 Enterprise Risk Management Development and Foundations
Risk managers are required to broaden their scope of responsibilities and
develop complex processes in relation to the past. Due to the complexity of the
task associated with the risk management process across the enterprise,
specialist expertise is required. Thus a new management role has recently
emerged, that of the Chief Risk Officer. This has been growing in use and scope of
responsibilities and is usually a senior executive taking an integral coordinating
role within the strategic planning process. Since the Chief Financial Officer is
responsible for the overall financial policy of an organisation, the CRO is
required to maintain close links with him.
Companies have started considering the importance of such roles and the
implementation of a firm‐wide risk management approach to the risks they face.
Joint decisions are be made concerning hedging and insurance and finding the
right balance between ‘retaining’ and transferring risks, indicating the degree of
correlation between risks. Corporations strive to satisfy key stakeholders in
reaching their objectives, indicating interdependencies and minimising systemic
effects. A services study conducted by Deloitte on firms that sustained significant
drop in shareholder value found discovered that 80% of companies affected had
experienced numerous, interdependent risk events (KPMG, 2007) This implies,
that firms able to manage risk cohesively will result in superior an stable
performance.
Many dominant firms are abandoning their traditional risk silo approach
adopting firm‐wide enterprise risk approach (Lienenberg et al, 2003),
transforming their risk management to Enterprise risk management as it enables
firms to manage risks in an integrated fashion. Academics and practitioners
argue that ERM may benefit corporations via decreasing stock‐price and
24. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
24 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
earnings volatility, increasing capital efficiency, reducing external capital costs16
and creating synergies between the risk management activities (Lam 2001;
Beasly et al 2006). They argue that generally it increases risk awareness
enhancing both operational and strategic decision‐making. Despite the
increased awareness and amplitude of survey results regarding the popularity
and attributes of ERM frameworks (Hoyt et al, 2003; Beasley et al, 2005)
empirical evidence exhibiting the impact of such program is unavailable
(Schroeck, 2002) or scarce (Hoyt, 2008).
3.2 Defining and Implementing the Framework
In September 2004 the COSO released its second and long awaited updated ERM‐
integrated framework. This model describes key components and risk
management principles for organisations of any size. Compared to the
fragmented silo structured risk assessment, Enterprise Risk Management takes a
broad portfolio approach to risk and focuses on those effects that not only hedge
or mitigate risk but also enhances shareholder value (Moelbroek, 2002). The
new framework is complex and the definition17 is not easy to grasp as it was
developed as an all‐inclusive definition to be used by any company, profit or non‐
profit, private or public ventures. This undoubtedly creates work for consultants,
without guidance it would be hard to implement the model and realise the
benefits due to the complexity in understanding the various components and
their interrelationships. It has to be comprehended that integrating ERM with
the overall strategy is not a quick and sudden fix but a dynamic process
(Dickinson, 2001). Compared to the previous internal control model (1992) the
recent model consists of one new objective; the strategy setting, which grasping
is vitally important. (Bowling et al, 2005)
16 In 2006 Standard & Poors upgraded Munich Re from “A‐“ to “AA‐” partly due to robust ERM practices
(Hoyt, 2008)
17 “Enterprise risk management is a process, effected by an entity’s board of directors, management and other
personnel, applied in strategy setting and across the enterprise, designed to identify potential events that
may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance
regarding the achievement of entity objectives.” (COSO, 2004, p2)
25. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
25 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
ERM requires first a broad recognition of the stakeholders within the objective
setting, allowing interested parties to consider and act daily on the mission of
contributing to the achievement of goals. The eight horizontal layers identify the
chronological approach required to achieve each of the four objectives. This is
founded on the latest risk management process produced by a myriad of
international standards. Starting with the top layer the company first needs to
understand its appetite for risk as part of its internal environment before
beginning its Risk Management process and the three bottom layers exhibit the
internal controls, need be required to manage and monitor risks daily. The 3rd
dimensional aspect of the framework exhibits the different levels of the
organisation, starting from left to right, from enterprise level narrowing down to
end at the subsidiary level.18This is illustrated in Figure 7.
Figure 7 COSO ERM Framework
An Integrated Approach Across the Strategic Setting
(COSO, 2004)
As previously mentioned, ERM requires a disciplined top‐down process (as
provided by Figure 8); robust parameters for policies and internal control are
18 This depends on the FIs size and structure.
26. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
26 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
necessitated at executive levels (Walker et al, 2002). Once Business units are fed
the information and implement the strategy, managers closest to risks are
required to feed back information centrally so as to formulate, amend and
monitor the overall risk policy (Dickinson, 2001). Business unit delegates must
have a certain degree of responsibility to combat business line’ exposures before
these become severe.
Figure 8 The Risk Management Process
A Corporate Framework Required for Effective Implementation
(Chapman, 2006)
27. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
27 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Since corporate governance codes make top executives liable, audit functions
have to be made independently from executive functions; (Combined Code
2003)(Sarbanes Oxley Act 2002) the board of directors sets a person responsible
for the audit committee clearly defining the risk audit function including an
overview of their top management. Subsequently the board of directors is
responsible for the ERM of the company accountable to shareholders and other
stakeholders. The Chief Risk Officer ideally, should provide a link between the
executive committee and operations of the corporation in addition to liaising
with the non‐executive committee, subsequently providing an independent
assessment and guidance to shareholders (Lam, 2003).
Enterprise Risk Management ought to be embedded within the corporate
strategy of an organisation as the activities used to reach objectives largely
depend on the resources and organisational structure it chooses to use, within
the uncertain environment of the operation (Vijentra, 2006).
It can only be measured as the difference between the initial setting of objectives
and the actual outcomes of these, both in terms of variance from the expected
distribution as well as the downside failure of meeting these entirely (Walker et
al, 2007). For quoted companies, the more aligned are corporate objectives with
shareholder values the more transparent to enterprise risk will be the stock
market price assessments (Schroeck, 2002). Figure 9 exhibits the effect a
comprehensive ERM framework may have on the board of directors.
28. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
28 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Figure 9 ERM Impacts Four Board Functions
These impinge on Shareholder Value
(Garratt, 2003)
Insurance, hedging and other financial risk decisions demand coordination with
the corporate treasury and capital structure. Both risk retention decisions on
insurance and hedging and their aversion to risk (choice of deductibles and
strike prices) ought to be determined jointly as being under the Enterprise Risk
management umbrella as they will be probably not be independent. (Dickinson,
2001)
Throughout a period where hedging instruments are expensive and insurance is
going through a “Hard” market19 a strategic plan ought to have effective internal
controls in place and minimise operational risks. This will minimise excessive
insurance costs from economically unfair rates. Through an Enterprise risk
management approach whereby all risks of a strategic portfolio are taken into
19 This is due to the theoretical phenomenon knows as the underwriting cycle whereby insurance markets
swing between hard and soft markets. Throughout a hard market insurers try to cover for any previous
losses increasing rates and reducing supply.
29. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
29 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
account one can more easily monitor and alternate the risk appetite of the
organisation and counteract systemic effects.
3.3 ERM in Practice and Industry Observations
A survey conducted by the Conference Board and Mercer Oliver Wyman in 2004
surveyed 271 executives. A proportion of 91% of those queried have understood
the importance of accepting ERM or are actually implementing it in practice. The
survey also derived that 93% of those responsible for assessing risk in their
organisation where risk or financial managers. Responding to the main driver of
ERM 66% said due to corporate compliance whilst optimistically 60% ranked as
important the understanding of operational and strategic risks. Cynically though
only 11% have formally adopted tan actual framework. This stems from the
complexity of the model and the compliance priorities of organisations on
review. (MIT Sloan Review, 2006)
Another discovery was that only a fifth of those surveyed take inventory of the
critical risks faced by their organisation; from this minor segment more than half
respondents found ERM helped make better informed decisions as well as
improved communication between the executives and the board of directors.
Furthermore organisations that had a fully integrated approach on ERM
reported that it produced better management consensus, assessment and
understanding of key risks 83%, compared to the 36% for all other
organisations. The companies that fully integrate the framework also reported
increased transparency and management accountability. It can be derived that
those with advanced integrated approaches who viewed risk management as a
central discipline derived the full extent of advantages, in contrast to the rest
that implement a compliance‐driven model. This is reaffirmed by another survey
conducted by Deloitte in association with AESRM in 2007 exhibiting how the
majority of financial institutions continue to manage risk at the traditional silo
level, thus concealing potential interdependencies of risks and financial
indicators and with the potential exposure of financial institutions to acute
30. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
30 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
losses. In addition, such isolation may exacerbate dangers attached to new
business lines, thus stifling competition and forgoing growth opportunities
(Kopp. G, 2007). This exposes financial institutions to speculative threats in the
future due to the changing economic landscape and evolution of 4 factors:
“Era of Regulation”: The increasing sophistication of regulatory requirements;
from Sarbanes Oxley act and Combined Turnbull Guidance, both increasing
responsibilities and the integrity of duties of the board; to Basel and Solvency; all
now require organizations to capture information on a broad range of risks that
may affect their market or operations. As this sophistication increases, so too
must senior management’s and the board’s understanding and related
responsiveness.
Complexity: Due to the increasing nature of new products and complexities that
arise from business models and interrelationships between organizations, there
needs to be a more holistic approach to managing risk.
Connectedness: The increasing interdependency between operations, risks and
controls has become evident. The traditional silo approach cannot capture this as
it leaves too many gaps and does not provide an overall evaluation of an
organization’s risk position. Some ERM advocates refer to it as common sense as
risk by their inherent nature are dynamic (Lam the pioneer of the CRO function,
2003). Once a systematic process reaches across the functions and departments
and promotes the sharing of risk and control knowledge, only then can the
correlations and interconnectedness amongst risk be truly captured. These are
the fundamentals of ERM.
Market Forces: Risk management has been enforced to senior management and
board level due to various corporate scandals (e.g. Enron, WorldCom) that forced
board members to dig deep into their pockets and settle shareholder lawsuits.
Subsequently Directors have rushed to educate themselves in terms of
understanding a range of risks. At the same time executives are paid exorbitant
31. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
31 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
bonuses, even when failing to increase shareholder value20.
Ernst and Young conducted a survey targeting Life insurance companies (2008).
In contrast to its previous survey (2003) 68% respondents stated having ERM
policies in place, 23% are in the process of development and 9% are planning to
develop one. The survey exhibits that ERM is work still in progress and have not
yet been fully integrated in companies’ systems and policies. Most companies
have formally developed ERM mission statements, principles, procedures and
ownership structures but have yet to address the dynamic characteristic of the
process as risk aggregation, tolerances and limits and how to identify emerging
risks. A finding related to CROs, is that despite having a seat at the management
table, 81% stated influencing; product design, pricing and investment strategy
related decision but have no influence on strategic planning and feel somewhat
that their contribution is rather implicit rather than a consequence of some
formal explicit oversight. Moreover, regardless of the increasing awareness at
board level of risk management other business priorities21 may draw their
attention.
It is yet to be realized how important risk management is not in building long‐
term value creation nor have companies clearly understood the depth of
operational and cultural change required to implement the framework
effectively. Significant gaps remain present, and certain areas have yet to mature
in order to promote a disciplined and rigorous approach. Work is needed to
integrate firms ERM practices to influence strategic decision‐making. There is a
variability of tasks addressed to CROs but there is a long way to go before their
formal risk oversight, aggregation and risk taking evolve and strengthen to a
required degree. Risk measurement should be invested in heavily, so that
sophistication increases incorporating all critical data needed for risk reporting
and decision‐making. The increasing engagement by the C‐level22 has been found
20 Three former executives of UBS who under their management led the bank to $38bn losses last year,
shared a $87mil bonus from Switzerland's biggest bank (timelesonline.com, 2008)
21 As increasing market share or seeking short‐term profit.
22 C‐level postulates a Chief position (CEO, CFO and now CRO)
32. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
32 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
to be encouraging, however, risk leadership education especially at board level
requires augmentation to assert the sustainable evolvement of risk management
within decision‐making (IBM‐CFO survey, 2008). CROs and other Risk
management executives will have to improve the quality of their communication
with executive and board leadership. Critical for moving risk leadership to the
next level requires stronger functional links and better communication between
all risk stakeholders within organizations. Nocco confirms this by arguing “While
ERM maybe straight forward conceptually, its implementation in practice is
not”(2006). The industry has experienced years of consolidation and
reorganization of departments, incorporating risk silo management. Common
credit or trading groups do exist but very few banks or FIs actually reorganize to
take full advantage of an ERM culture (IBM‐CFO survey, 2008).
Restructuring in financial institutions may be required due to a merger or
acquisition, this involves integrating processes, methodologies and
Infrastructure, these need to be realigned (Atkins et al, 2008) as “legacy
systems23” may be developed. The most daunting task is to consolidate IT
systems, as they must incorporate systems from various departments and levels
and at the same time maintain a regulatory reporting standard. IT is a significant
amount of investment in financial institutions; the problem arises when such
systems meet both external and internal requirements, as these remain static.
However, the market environment is constantly changing with an upsurge of
both credit rating agency and regulatory requirements. Firms cannot expect that
historical success will speculatively prevail but must dynamically improve their
systems enhancing their competitive advantage(s).
This leads to the conclusion that organizations need to become more efficient as
the more accurate the risk measures are employed; the more effectively the
financial institution may compete in cutthroat competitive environment.
23 Computer systems operating for a long time and due to the vitality of the function they serve cannot be
easily updated or integrated with new systems of advanced technology.
33. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
33 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Chapter 4: Findings From the Credit Crisis
4.1 Drivers and Implications of the Financial Turmoil
Recent market events indicate a number of risk management lessons for
financial institutions. Before the recent turmoil the banking system was
characterised by strong balance sheets, rapid growth, innovation and relatively
few bank failures. Such status within the market bred a sense of overconfidence
among bankers and investors leading to underestimation of risks and lack of
understanding that such state may potentially come to an end. This greed was
fed into the housing market that was exhibiting an upward trend and led to
blindness in considering what may result from a disruption to such trend and
housing prices falling (Kohn, 2008). The timeline of events is depicted in the
following paragraph and summarised in the following page.
Figure 10 Phases of the Crisis
Anatomy of the Storm
(Saunders, 2008)
34. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
34 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Financial institutions made hefty losses due to concentrated exposure to
securitisation of U.S mortgage related credit. Despite having an inadequate
understanding of CDOs24 and relative instruments’ inherent risks they retained
large exposures on them. This resulted in major losses on such holdings and
substantially affected both their earnings and capital positions. Furthermore
failing to understand balance sheet growth and liquidity needs led to inaccurate
pricing of the risk inherent to possible funding of pricing off‐balance sheet
entities internally when market factors prevented external subsidising.
Leveraged loans where hard to syndicate as risk aversion increased and appetite
for assets diminished. This impact was trivial regarding capital ratios, but
regarding firms’ balance sheets, these exposures led to significant write‐downs
and write‐offs. Inability to aggregate an organization’s overall risk position was
the main reason a credit failure in a relatively minor section of the US real estate
market to enable a spill over into a global liquidity risk for financial markets.
Furthermore increased overreliance on model assumptions and the sustaining
silo structure resulted in lack of transparency between functions resulting in a
breakdown of confidence, as firm‐wide exposure was unknown. Such state
brought into question the advocacy of Enterprise Risk Management as
imperative for assessing risk management in financial institutions.
Certain companies discharged their CROs including Ambac, Washington Mutual
Inc and Citigroup. In other firms CROs quit in repulsion, as they were never given
the opportunity to ever apply an enterprise risk management system or were
ignored by traders who set their own fiefdoms. Others were blamed for errors
beyond their control and were treated as scapegoats. “When the onion peeled
back, it disclosed that one part of the bank wasn’t talking to the other—it was
almost that simple,” (Mat Allen, enterprise risk services practice leader, Marsh,
2008). Table 1 provides the most significant losses incurred by Financial
Institutions, in so far.
24 Collateral Debt Obligations: Different types of debt (bonds, loans, other assets) referred “tranches” that
are syndicated in a pool together and traded as an investment grade security. Depending on the risk and
maturity associated with the debt the payout is adjusted.
35. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
35 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
James Lam, the father of the position of CRO (GE Capital and Fidelity
Investments) argues that if ERM failed it was due firms were not incorporating
the right data to allow for effective decision‐making, this created a state of risk
ignorance. (e.g. some firms relied heavily on credit models that utilized only
seven years of credit information , this would have revealed steady house rates
and mild default rates, obviously, such models underestimated exposures).
4.2 Case Studies
Business Model Failures
Northern Rock prompted the first run on a UK bank for the first time in 140
years. Despite not being technically insolvent with asset values exceeding
liabilities it struck a liquidity drought. Due to its business model it was reliant on
Table 1 Most Notable Losses so far
Financial Institution Loss Value
Citigroup $40.7bn
UBS $38bn
Merrill Lynch $31.7bn
HSBC $15.6bn
Bank of America $14.9bn
Morgan Stanley $12.6bn
Royal Bank of Scotland $12bn
JP Morgan Chase $9.7bn
Washington Mutual $8.3bn
Deutsche Bank $7.5bn
Wachovia $7.3bn
Credit Agricole $6.6bn
Credit Suisse $6.3bn
Mizuho Financial $5.5bn
Bear Stearns $3.2bn
Barclays $3.2bn
(Bloomberg, 2008)
36. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
36 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
the money markets in fund its mortgage liabilities more than any other
commercial bank. When investors lost their appetite in investing in mortgage
related assets the bank could no longer meet its pending obligations. In
September 2007 the Bank of England injected £25 bill in loans and £30bill in
guarantees resulting in Nationalization of the distressed bank25.
Bear Sterns was an investment bank that flourished between 2001‐2007, an era
characterized by low interest rates and a booming housing market. Its business
model was highly reliant on fixed income securities. Its troubles came when
demand for subprime related securities faded and contemplating on reputational
risk it financed (SIVs) structured investment vehicles from its balance sheets
leading to excessive liability growth. Within three days 13‐15 March its capital
cushion of $17bil evaporated, this led JP Morgan with the backing of the Federal
Reserve to make an offer of $2 per share that was later finalized at $10. This is
inconceivable looking back a year ago when Bear Sterns’ shares traded as high as
$171.51 (Bilbull, 2008).
Other examples can be found in monoline26 insurers as AMBAC, MBIA had to seek
additionally funding when the assets they guaranteed were downgraded so as to
avoid their own downgrading and continue attracting business.
These failures exhibit the degree of vulnerability internal models exhibit in
estimating the risk inherent in organizations’ activities throughout the crisis.
The benign market conditions of a number of years prior to the turmoil where
used to calibrate these models, this was flawed as the volatility that one would
find going back 5 years ago would not reflect the extremity of events in the
second half of 2007.
25 A lot of questions are being asked about the Northern Rock downfall as why the deterioration of its
portfolio was not acted upon time and why did they continue trading complex financial products knowing
the risk and uncertainty concerning loans was rising? An investigation on the subject by tax expert
Richard Murphy discovered that NR were disguising $50mil using an offshore trust “Granite” and a charity
in England (Credit Magazine, 2008).
26 In this pretext a monoline insurer is defined as a guarantor that assigns its credit rating to loans and
offers assurance over counterparty default payments.
37. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
37 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Operational Deficiency Failures
Lehman Brothers London operations suffered losses from unauthorized activity
worth $150 million on miss‐valued exotic option derivatives. Another financial
titan Credit Suisse suffered $2.85billion write‐downs in February (adjusted
March 20th to $2.65bil) due to the failure of its traders to update valuations of
portfolios of subprime linked structured credit products whilst these had fallen.
(Campbell A, April 2008, page 8).
Late January 2008, a media frenzy was created when E. Societe Generale alleged
that one of its Paris‐based junior traders, Jerome Kerviel accumulated more than
$7bn in losses from the placement of directional bets on futures transactions and
covered his tracks by creating forged hedges from the opposite direction. (FT,
2008). As a result of these allegations, Societe Generale responded with a $5.5bn
offer to increase its capital base.(NYT, 2008). Following the investigation,
France’s banking regulator fined “SG” a record €4m for breaching banking
regulations, it was found that fraud signals were present but ignored and that the
bank failed to invest adequately in its control systems. (FT, 2008)
4.3 Fundamental Weaknesses in ERM Implementation
During the AIRMIC conference in July (2008) Marsh revealed the results of
research it had undertaken discovering that risk management has not yet
reached the stage of full integration with the decision making process at board
level. One of the main findings was that only 30% of Risk managers queried felt
somewhat confident that risk management was taken into account in the
strategic decision making process, more worryingly 22% felt that it never or
seldom happened whatsoever. When asked how they measure the value created
by risk management 35% stated it was the impact on ‘cost of risk’ while 25%
quantified it in terms of the reduction of incidents or losses. Furthermore5%
cited it as the reductions in insurance premium while 14% answered they didn’t
38. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
38 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
measure value. In response to the biggest risk management challenge facing
their organization the majority replied that quantification of risk and measuring
value were their biggest concern, 37% found incorporating risk management
into their organization was a challenge. Concerning the findings of the survey
Eddie McLaughlin (leader of Marsh Risk Supervisory Group) noted his
understanding that risk management is recognised to contribute to long‐term
success and competitive advantage but has not yet been fully recognised in the
boardroom. He argues “The challenge remains proving the shareholder value
added through effective risk management. Progress has been made by linking risk
management quality to capital allocation, and over time to a firm’s credit rating,
but as an industry we are not there yet.”
Following the magnitude of losses in the industry Edhec sought to investigate the
models used to support risk management decision‐making. They addressed 229
financial Institutions based in Europe holding more than €10 trillion of assets
under their management. This is quite representative of the Pan‐European asset
management industry. One of the main findings of the research was that firms
are often familiar with research findings but rarely actually implements such
techniques. In consideration to previous years Edhec found usage of VaR and
cVaR(conditional VaR) had spread throughout the industry, methodologies that
were previously used mainly by investment banks.
Such progress has its limits as despite making use of the models; 42%
worryingly assumed normality in their returns and only 10% were
implementing Extreme Value theory tools (Goltz, 2008). An even more worrying
observation was that despite 50% use VaR to assess risk only 33% make use of
the measure to estimate risk –adjusted performance. Furthermore it was found
that 42% of institutional investors don’t explicitly incorporate liability risk when
developing asset allocation strategies.
39. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
39 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
In addition there has been plentiful noise in terms of alpha27, but only a few
actually measure it correctly. Despite the limitations of assessing Alpha (Myner,
2001) via peer performance analysis; 62%‐ of those queried make use of it,
whilst only 23% actually make use of multi‐factor methods; of which advantages
have been proclaimed within financial research (Martellini et al, 2005).
It seems that certain Financial Institutions have failed to ride the tide of research
for the past 2 decades and make use of risk management as a marketing tool.
Edhec finds this concerning; as knowledge is not transferred to the industry and
tested within realistic environments but used merely as an aid to the systems
already in place.
4.4 Questioning the Viability of ERM
For the past years, both academics and practitioners have praised Enterprise‐
wide risk management policies and procedures in Financial Institutions. ERM
has been touted, as the standardized FI risk management approach and now is
being re‐evaluated subsequently after the subprime market meltdown. A
disciplined framework guiding companies to apply the risk management process
across the organization including any interplay that may exist between these
across business units.
Financial Institutions first embraced ERM with insurance and energy companies
following. This gave rise to the Chief Risk Officer a senior level position to
manage and supervise the effort. (T&R, 2008). Then the credit crisis and
financial turmoil impacted company after company, especially Financial
Institutions, long thought to be the paradigms in ERM practices – hit a brick wall.
27 A measure of performance on a riskadjusted basis, Alpha takes the volatility (price risk) of a mutual fund
and compares its riskadjusted performance to a benchmark index. The excess return of the fund relative to the
return of the benchmark index is a fund's alpha. Alpha is one of five technical risk ratios; the others are beta,
standard deviation, Rsquared, and the Sharpe ratio. These are all statistical measurements used in modern
portfolio theory (MPT). All of these indicators are intended to help investors determine the riskreward profile
of a mutual fund. Simply stated, alpha is often considered to represent the value that a portfolio manager adds
to or subtracts from a fund's return. A positive alpha of 1.0 means the fund has outperformed its benchmark
index by 1%. Correspondingly, a similar negative alpha would indicate an underperformance of 1%
(Investopedia, 2008)
40. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
40 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Such exposures were what ERM was designed to ferret out. As would be
expected, the reality is much more complicated.
To begin with not all companies experienced large losses as they did in fact
manage their risks appropriately. Empirical evidence finds that certain
companies applying ERM did quite well relative to their competitors and others
didn’t se the signals coming and grabbed the headlines within the past year
(Treasury and Risk, ERM survey 2008).
“JPMorgan in the banking industry and Goldman Sachs in the securities industry—
both well known for their ERM capabilities—actually did quite well relative to
their competitors,” “Other firms, of course, didn’t see the signals.” Those firms are
the headline grabbers of the day—Bear Stearns, Countrywide Financial, Ambac,
MBIA, UBS and Swiss Re, among others. (Lam, president of James Lam & Associates,
2008).
Problems have been found to lie on how ERM is applied and executed effectively
across the organization. Moreover specific areas of concern and weaknesses
have been found in how risk management is applied (Treasury and Risk, ERM
survey 2008).
41. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
41 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Chapter 5: Conclusions
Organisations now are updating and focusing on their risk profiles. Global
regulators request improved corporate governance models and the usage of
internal control frameworks, policies and procedures. Simultaneously, investors
are losing confidence and becoming more prudent
Navigant Consulting (2008) recorded a staggering increase in lawsuit activity in
relation to subprime and credit issues, with 170 cases filed in the first quarter of
2008 compared with a total of 278 cases filed in 2007. 448 cases have been
found to relate to the credit crisis over a period of 15 months up to the first
quarter of 2008. This level indicates that soon the 559 savings and loan cases of
the early 1990’s will be surpassed. Of these, 42% where named a Fortune Global
500 company as the defendant and from the 10% that were non‐US companies,
half originated from the UK. As Figure 11 exhibits and as reported by a NERA
consulting report 49% of plaintiffs where shareholders, this implies that
shareholders are becoming more active, reinforced with regulatory measures
that have been developed in concern of adequate safeguarding of their
investments.
This finding is reaffirmed by a survey conducted by RiskMetrics in April 2008
and in response to shareholder lawsuits 38% indicated lack of effective risk
management as the primary reason for the rise in activism and as key cause of
the subprime meltdown.
42. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
42 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
Furthermore Credit rating agencies focus on Risk Management more than ever.
For example Standard and Poor’s latest report explains the development and
that it will recognize the adoption of firms of accepted risk management
standards but this will not be considered be sufficient evidence of effective risk
management. The recent turmoil has Financial Institutions rethinking their risk‐
management functions; this translates into updates and revived insights for
rating agencies risk analysis. Such updates will revolve around probabilities,
severities and various losses that may arise; the fundamental structure of the
rating will stay in tact. Furthermore recent events have highlighted the increased
importance on focusing on risk management as part of the rating process, not
just as an internal framework but how this is applied throughout the
organization and as defined by table 2.
28 Defendants included amongst others Credit Suisse, HSBC, Lehman Brothers, Merrill Lynch, Citigroup,
Washington Mutual, Bear Stearns, UBS, Morgan Stanley, and Bank of America.
Figure 11 Lawsuits related to the Sub‐prime Crisis (through to
21/04/08)
Defendants28 Plaintiffs
(Nera Consulting, 2008)
43. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
43 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
In today’s environment Financial Institutions face investor confidence issues,
increased regulatory requirements and rating agency oversight. To effectively
meet such challenges organizations are restructuring their PMI processes
(polices, methodologies, infrastructure). Considering Crouhy’s ‘essentials of risk
management’ these are the three building blocks required to develop an
enterprise risk management environment (Crouhy, et al, 2005).
Within the last decade academics and practitioners have published a number of
different methods of measuring risk, some tailored for specific risk factors others
Table 2 S&P Definition of ERM in respect to Credit Rating Requirements
ERM ERM is not…
An approach assuring the firms is
attending all risks
A method to eliminate all risks
A set of expectations amongst
management, shareholders, and the
board about the firms risk appetite
A guarantee that the firm will avoid
losses
A set of methods for avoiding
situations that may result in losses
that would be outside the firm’s risk
tolerance
A crammed‐together collection of
longstanding and disparate
practices
A method to shift focus from
“cost/benefit” to “risk/reward”
A rigid set of rules that must be
followed under all circumstances
A way to help fulfill a fundamental
responsibility of a company’s board
and senior management
Limited to compliance and
disclosure requirements
A toolkit for trimming excess risks
and a system for intelligently
selecting which risks need trimming
A replacement for internal controls
for fraud and malfeasance
A language for communicating the
firm’s efforts to maintain a
manageable risk profile
Exactly the same for all firms in all
sectors or the same from year to
year
A passing fad
(S&P, 2008)
44. Enterprise Risk Management – Evaluating the Systems in place throughout 2007-2008
44 Page Andreas Zarifis
Cass Business School MSc Insurance and Risk Management, July 2008
for aggregating risk (e.g. Economic Capital).
History has exhibited a number of financial crisis from the ‘Black Monday’ of
1987 when world stock markets collapsed, to the Asian Crisis of 1997 that led
(IMF) International Monetary Fund in injecting $40bill to stabilize the economies
mostly hit by the crisis; and to the recent US mortgage crisis of 2007 that has
given rise to a global systemic shock within the financial community. Each of
these crises calls out for the importance of establishing good risk measures and
PMI processes.
Financial institutions focus these three factors, which are influenced by internal
management as well as external factors, such as investor confidence and
regulatory standards. In terms of infrastructure it would be safe to say that
technology is not a bank’s core competence and would benefit from outsourcing
such functions to third parties and gain specialist processes, personnel and
Information technology.
Risk management can be applied via managing each risk on its own or through
an integrated and holistic approach, this has been referred to as Enterprise Risk
Management (Nocco, et al, 2006). Its goal is to set policies determining risk
across the firm and its diverse business activities and require methodologies
aggregating the variable risk types (credit, operational, market). This is not an
easy task as their distribution patterns vary substantially (Rosenberg, et al,
2004).
Enterprise risk can be calculated using economic capital and risk adjusted return
on capital as steered by the capital adequacy guidelines of Basel II. Such
measures integrate various risk components into a holistic measure utilized to
calculate Enterprise Risk. Commencing the analysis of the credit crisis, several
factors discovered have to be prospectively addressed to implement a successful
ERM framework.