the evolution of risk management and enterprise risk ... · – rm committee and crorm committee...

The Evolution of RiskManagement and Enterprise RiskManagement

Sojung Park

Seoul National University

July 2014

2

The views expressed in the following material are the

author’s and do not necessarily represent the views of

the Global Association of Risk Professionals (GARP),

its Membership or its Management.

The Evolution of Risk Management: b fbefore 1960s

Insurance and insurance management Insurance and insurance management

Referring New York City,Re err ng ew ork y, “This has only been made possible by insurers. They are the ones who really built this city. With no insurance, there

ld b k N i twould be no sky-scrapers. No investor would finance buildings that one cigarette butt could burn down to the ground.” – Henry Ford g y

The Evolution of Risk Management: 1960s-

From insurance management to RiskFrom insurance management to Risk management – by Robert Mehr and Bob Hedges y g

– Four step risk management Risk identification, risk evaluation, risk management

h i itechnique, monitor

– Risk management technique Risk avoidance risk reduction risk transfer risk Risk avoidance, risk reduction, risk transfer, risk

retention

– Pure risk

3

The Evolution of Risk Management : f l kfinancial risk in 1970s

Exchange rate riskExchange rate risk – End of Bretton Woods agreement in 1972

Commodity price risk Oil shock– Oil shock

Interest rate risk Interest rate risk – Federal Reserve Board (US) policy shift – late

70s70s

Exchange rate riskExchange rate risk

5Source: “The Collapse of the Bretton Woods Fixed Exchange Rate System”, Garber (1993)  

Oil price riskOil price risk

6

Source: http://en.wikipedia.org/wiki/File:Oil_Prices_1861_2007.svg#file 

Interest rate riskInterest rate risk

1-Year Treasury Bill Yield

12%

14%

8%

10%

2%

4%

6%

0%

2%

1900 1910 1920 1930 1940 1950 1960 1970 1980 1990 2000 2010

7Source: http://www.crestmontresearch.com/interest‐rates/

Derivative market development- 1980sDerivative market development 1980s

1970s: Black & Scholes option pricing model 1970s: Black & Scholes option pricing model

“Ri k ” ll “Risk management”at wall street

Failures -1990sFailures 1990s

Derivative failuresGibson Greetings– Gibson Greetings

– Proctor and Gamble– Barings Bank– Orange County– Orange County

Model failuresLong Term Capital– Long Term Capital Management

Accounting failuresAccounting failures– Enron– WorldCom– Arthur Andersen

Emerging risks– 2000s and afterEmerging risks 2000s and after

CAT risks CAT risks

Terrorism

E i l i k Environmental risks

Cyber risks

Reputational risks

10

Catastrophic events 1970-2012Catastrophic events 1970 2012

11

NamyangNamyang

12

Private information leakagePrivate information leakage

13

S&P 500 firms average time in index ( )(unit :10 years)

10

8

9

5

6

7

3

4

0

1

2

1928 1938 1948 1958 1968 1978 1988 1998 2008 2018

자료: Richard Forster and Sarah Kaplan, Creative Destruction, McKinsey & Company 2001 

Risk

Insurance  Risk  Enterprise Risk Management Management Risk 

Management

15

Enterprise Risk ManagementEnterprise Risk Management

“The process by which organizations in allThe process by which organizations in all industries assess, control, exploit, finance and monitor risks from all sources for theand monitor risks from all sources for the purpose of increasing the organization’s short and long term value to itsshort and long term value to its stakeholders.”

16

Traditional approach – Silo approachTraditional approach Silo approach

Hazard riskRi k  d  f t   t d t t – Risk and safety management department 

Financial risk– Derivative traders– Chief Financial Officer (CFO)

Operational risk– Line managers

Strategic risk– Chief Executive Officer (CEO), board of directors( ),

ERM – new risk managementERM (Enterprise Risk Management) : Integrate all risks business faces, treat the risk as one risk portfolio, and manage the firm risk.

St Op Fi

Risk RiskRiskRisk

Silo Approach

Strategy

Hazard

Operational

Financial

Integrated

Risk Portfolio

Enterprise Risk ManagementgApproach

Enterprise Risk Management

18

Risk and return

Zone 1 Insufficient 

Zone 2 Optimal Risk 

Zone 3 Excessive 

Risk Takingp

Taking Risk Taking

Risk‐Adjusted Return

Risk

19

Accelerator recall in 2009 9

20

Consumer complaints, unintended acceleration per 312,000 hi l ld 2008 MYvehicles sold, 2008 MY

21Source: http://en.wikipedia.org/wiki/2009%E2%80%9311_Toyota_vehicle_recallsPlease do not cite.

YouTube video in 2009: YouTube video in 2009:

http://www.youtube.com/watch?v=03m7fmnhO0IO0I

22

23

Operational risk (product defect and recall)

legal charges (the criminal charges! Very unlucky – during the recession) and reputational cost

demand shock (used car price goes down as demand shock (used car price goes down as well)

and.. Hyundai smiles

The result: stock price plummet – over 20 percent within 20 days.

24

Toyota  recall

Hyundai

25

http://wwwnpr org/2012/04/18/150502434/r

26

http://www.npr.org/2012/04/18/150502434/rough‐patches‐behind‐it‐toyota‐tries‐to‐accelerate

Problems of Silo approachProblems of Silo approach

1 Unclear risk boundaries1. Unclear risk boundaries

– Domino effect, gray risks, multiple categories

2. Risk does add up – portfolio effect ignored (e.g. BHP Billiton) ( g )

3 Difficult communication – different terms3. Difficult communication different terms

4 Inconsistent risk strategies4. Inconsistent risk strategies

27

ERM components

1. Corporate Governance: – RM committee and CRORM committee and CRO

– Set risk appetite

– Build risk culture (e.g. A blaze in AlbuquerqueBuild risk culture (e.g. A blaze in Albuquerque desert in 2000)

2. Business strategy alignment and line gy gmanagement (communication and communication!)

3. Portfolio management

4. Measure – VaR, CFaR, EaR

5. Data and Technology 28

ERM organization example

Board of DirectorsDirectors

CEO

Enterprise Risk Enterprise 

Management Committee

Enterprise Risk 

Manager (CRO)

Business Unit

Business Unit

Business Unit

Business Unit

Business UnitUnit Unit Unit Unit Unit

ResultsResults

Ericsson lost $2 billion Ericsson lost $2 billion

S k i l b 14% i f h Stock price plummet by 14% in a few hours, 50% in a few days

Nokia market share 27% 30%

Motorola market share 9% 12%

30

Heinrich TriangleHeinrich Triangle

運七技三

“Whatever you do, something unprepared will happen ”will happen.

세월호: The worst crisis of this d ddecade

vs.

33

ERM 6 – Systemic response to risk

Crisis management

– NOT ad-hoc

– Develop best practices and provide guidelines

34

Johnson and Johnson TylenolJohnson and Johnson Tylenol

7 dies from taking Tylenol capsule in 1982 7 dies from taking Tylenol capsule in 1982

Response“How do we protect the people?” How do we protect the people?

“How do we save this product?”

35

“Johnson & Johnson has effectively demonstrated how a major business ought to handle a disaster”

‐The Washington Post  October 11, 1982 (first death: September 29, 1982) 

37

Does your organization have an integrated ERM program orintegrated ERM program or

equivalent?

38Source: Deloitte Global Risk Management Survey, Sixth Edition (2009)