Let’s get real. Today’s business landscape is ever evolving and fiercely competitive driven by game changers, value creators, innovators in trying to match changing consumers’ demographics and expectations. Subject risk expert and practitioner Andrew Koh, seeks to address the complex issue on how to manage the key challenges firms face in using their Enterprise Risk Management (“ERM”) framework to support firms in operating within these competitive and disruptive business climate, that remain crucial for business success, and takes readers further on some of the deeper issues and challenges they face in using enterprise risk management framework, the real situation facing ERM managers as they seek to communicate and to work together with stakeholders in achieving common ERM objectives by using common methodologies and enterprise values; the corresponding possible explanations behind them; as well as highlighting the top 3 challenges that boards and senior management teams must and need to overcome to ensure the successful implementation and running of their ERM programs. In each of these slides, Andrew will share his thoughts and opinions, drawing from his almost quarter of a century in risk and governance experience working across banking, finance, cards and payment sectors. Looking from the lens of a thought leader, risk and governance expert, readers are provided with simple, practical and refreshing ideas on how to approach and manage these key ERM challenges in firms operating in ever increasingly complex environments across different industries, geographical boundaries and regulatory requirements. The real issues and challenges Readers will precisely understand why the objective in effectively using an ERM approach is critical for business success. ERM is no longer an option but a must do for firms to manage risks so as to remain highly competitive. Companies who embraced ERM early and steadfastly strive to improve and align to their business strategies, stand to reap the benefits and gained competitive advantages in achieving their corporate objectives. Regardless, all firms will continue to face real challenges managing enterprise risk management programs so as to be effective and to avoid incurring losses from unidentified or unquantified potential risks. I hope readers who read and followed these slides have gained a better insight on how to approach and manage key challenges in driving enterprise risk management programs within their own firms. This is especially important in today’s ever changing and competitive business landscape, coupled by market disruptive innovations.

1. REAL CHALLENGES OF
ENTERPRISE RISK
MANAGEMENT
Presented by:
Andrew Koh
Vice President &
Head of Enterprise Risk Management
Network For Electronic Transfers S’pore

2. Thought leader.
Subject risk and governance expert.
24 years’ in banking, finance, cards & payment
sectors’ working experience.
3 Masters’ degrees: MSRM, MSGF, MBA from
NYU Stern, HKUST, Manchester Business School.
MY LINKEDIN PROFILE
http://sg.linkedin.com/pub/andrew-koh/11/687/4b6/

3. 1. Why Enterprise Risk Management?
2. What is the REALsituation facing ERM
managers?
3. POSSIBLE explanations?.
4. Top 3 Challenges
CONTENT

4. 1. WHY ENTERPRISE
RISK MANAGEMENT?
ERM is a process encompassing:
A. Board of Directors Accountability.
B. Senior Management Responsibility.
C. Manage risks within Risk Appetite.
D. Alignment of risks across all
Business Units.

5. A. BOARD OF DIRECTORS
ACCOUNTABILITY.
Typical duties of boards of directors include:
• Establish governance, policies and objectives.
• Select, appoint and review chief executive
officer’s performance.
• Ensure the availability of adequate resources.
• Approve annual budgets.
• Accountable for organization’s performance.
• Approve senior management’s salaries and
compensation packages.

6. B. SENIOR MANAGEMENT
RESPONSIBILITY.
Typical duties of senior management include:
• Day-to-day (and profitability) responsibilities of
managing entire operations of a corporation.
• They hold specific executive powers conferred
onto them with and by authority of the board of
directors and/or the shareholders.
• Responsible for preparing the annual budget
for Board approval.
• Authorising the funding of projects.
• .

7. C. MANAGE RISKS
WITHIN RISK APPETITE.
• Amount of risk exposure, or potential adverse
impact from an event, that the organisation is
willing to accept/retain.
• Once the risk appetite threshold has been
breached, risk management treatments and
business controls are implemented to reduce
exposure level back within the accepted range.
• Helps organisations to align risk exposures
with risk management and escalation activities.

8. D. ALIGNMENT OF RISKS
ACROSS ALL BIZ UNITS.
• Agreement to the use of common risk impact
parameters and cascading these within each
business unit so that all stakeholders are
willing to accept/retain.
• Aligning risks to enterprise values across
business units.
• Aligning strategic risks to the risks across all
business units.
• Aligning risk escalation activities in biz units.

9. 9
2. WHAT IS THE REAL
SITUATION FACING ERM
MANAGERS?
DEALING WITH:
- REAL ERM RISKS & COMPLEXITIES
- REAL HUMAN RISKS
- REAL INDUSTRY & REGULATORY
STANDARDS
- REAL SURVEY RESULTS

10. DEALING WITH REAL ERM
RISKS & COMPLEXITIES
Credit Risk
Regulatory Risk
Operational Risk
Transactional Risk
Market Risk
Technology RiskPortfolio Risk
Legal & Compliance Risk
Systemic Risk
ORSA
Solvency II
COSO
Basel
II
Basel III
Volcker Rule
EMIRDodd-Frank Act
Reputation RiskFraud Risk
Country Risk
Tail Risk
Human Risk
SOX
Product Risk
Cyber Risk
PCI DSSReporting Risk
Audit

11. DEALING WITH
REAL HUMAN RISKS

12. DEALING WITH REAL
INDUSTRY & REG. STANDARDS
Risk Governance Guidance
for Listed Boards
(Singapore’s Corporate
Governance Council, May
2012)
MAS Notice N.126:
Enterprise Risk
Management for
Insurers(effective
Jan 2014)

13. 3.POSSIBLE EXPLANATIONS?
I. No Volunteersto own KEY RISKS
II. Risk owners do not identify and assess risks
holistically. .
III. Lack of ERM skills and knowledge
within corporations.

14. POSSIBLE EXPLANATIONS?
I. No Volunteers to own KEY RISKS.

15. POSSIBLE EXPLANATIONS?
II. Risk owners do not identify and assess risks
HOLISTICALLY

16. POSSIBLE EXPLANATIONS?
III. Lack of ERM skills and knowledge within
corporations.

17. 4.TOP 3 CHALLENGES?
# 3. Defining Risk Appetite / Tolerance
# 2. Holistic Use of ERM Tools
# 1. Having a Right Risk Culture

18. # 3. DEFINING RISK APPETITE /
TOLERANCE
 A.K.A. Finding Needles in Haystacks.
 How do you know the risk appetite / risk
tolerance you have is for REAL?
 If still unsure, put it into action.
 Compare against single largest aggregate
exposure, biggest limit size, stress test results).

19. # 3. DEFINING RISK APPETITE /
TOLERANCE
 A.K.A. Finding Needles in Haystacks.

20. # 3. DEFINING RISK APPETITE /
TOLERANCE
 How do you know the risk appetite / risk
tolerance you have is for REAL?

21. # 3. DEFINING RISK APPETITE /
TOLERANCE
 If still unsure, put it into action.
 Compare against single-
largest aggregate exposures,
biggest limit sizes,
stress testing results).

22. # 2. HOLISTIC USE OF
ERM TOOLS
 ERM Tools requires participants from
all Business Units to be really holistic.
 Robust Risk Assessment to be able to
effectively quantify all key risks, including
the non-financial ones.

23. # 2. HOLISTIC USE OF
ERM TOOLS (AN EXAMPLE)

24. # 1. HAVING A RIGHT
RISK CULTURE
 Let’s all Eat, Pray, Love risks.
 Drive Effective Risk Communications.
 Conduct Rigorous ERM trainings.
 Groom in-house risk experts.
 Continuously improve ERM framework.

25. # 1. HAVING A RIGHT
RISK CULTURE
 Let’s all
Eat, Pray, Love risks.

26. # 1. HAVING A RIGHT
RISK CULTURE
 Effective
Risk Communication

27. # 1. HAVING A RIGHT
RISK CULTURE
 Conduct Rigorous ERM trainings.

28. # 1. HAVING A RIGHT
RISK CULTURE
 Groom
in-house risk experts.
 You need to start
somewhere…..

29. # 1. HAVING A RIGHT
RISK CULTURE
 Continuously
improve ERM
framework.

30. IF YOU HAVE TROUBLE SLEEPING
OVER ENTERPRISE RISK MGMT…
http://sg.linkedin.com/pub/andrew-koh/11/687/4b6/
andrewkohmw@yahoo.com.sg
@KohWee