Finance 590
Enterprise Risk Management
Lecture 3
Mark C. Vonnahme
Department of Finance
University of Illinois at Urbana-Champaign
ERM
• What is Enterprise Risk Management– A quick review of our prior discussions– Industry analysis v individual firm analysis
• Organization’s risk profile is unique
• Similarities and differences to others
ERM
• An organization’s risks by their nature– Dynamic– Fluid– Highly interdependent– Cannot be broken into components– Need to be managed in an integrated approach
ERM
• Integrated approach v silos– Personal experiences
• Property casualty
• Surety
ERM
• Enterprise risk management –a definition– A comprehensive and integrated framework for
managing credit risk,market risk,operational risk,economic capital,and risk transfer in order to maximize firm value.
James Lam
ERM
• Enterprise risk management is all about integration
• To be successful it requires– An integrated risk organization– The integration of risk transfer strategies– The integration of risk management into the
business processes of the company
ERM
• Risk Organization– Centralized risk management unit reporting to
the chief executive officer and the board• Broad policy setting across risk taking activities
• May have CRO position
ERM
• Risk transfer strategies– Integration of risk transfer strategies
• A portfolio view of all types of risk
• Rationalize use of various strategies including derivatives,insurance and alternative risk transfer products to hedge/reduce risk deemed undesirable
– Balanced approach
ERM
• Risk management into the business processes of the company– Offensive v defensive mechanism
• Proactive v reactive management approach
– Optimize business performance • Influence on pricing , resource allocation and other
business decisions
ERM
• The benefits of ERM– Increased organizational effectiveness– Better risk reporting– Improved business performance
ERM
• Increased organizational efficiency– CRO plus enterprise risk approach provides top
down approach for coordination– Address both individual risks plus the
interdependencies
ERM
• Better risk reporting– Provides timely and relevant info to management
• Info that allows them to manage the risks
– Silo v integrated approach• Which is more effective
– Increase risk transparency
– Provide the appropriate detail to • Management
• CEO
• Board
ERM
• Improved business performance– Companies that have implemented ERM show
improved results and ongoing support from CEO and Board to continue
– What does that mean• Some examples
– Market value improvement– Loss reduction– Insurance premium reduction– Reinsurance premium savings– Regulatory capital relief
ERM
• Improved performance plus– Pressure from outside for ERM plus
performance• Rating agencies
• Boards
• Shareholders
• Employees
ERM
• The CRO– Today and in the future
• Will every company have a CRO
• Is it necessary
ERM
• Components of ERM– Corporate Governance
• Ensure organizational processes and controls to measure and manage risk
– Line Management• Risk management into the revenue generating activities
including business development, pricing and relationship management
– Portfolio Management• Aggregate risk exposures, incorporate diversification effects
and monitor risk concentrations against established risk limits
ERM
• Components of ERM continued– Risk Transfer
• Mitigate risk exposures that are too high or more cost effective to transfer v hold
– Risk Analytics• Risk measurement, analysis,and tools to quantify
and track risk exposures
ERM
• Components of ERM continued– Data and Technology Resources
• Support analytics and reporting processes
– Stakeholder Management• Communicate and report the company’s risk
information to key stakeholders
ERM
• Risk Analytics– Started to discuss last class– Will continue as we move forward
• Corporate Governance – Will begin discussion today– Will continue throughout class
• Line Management – Will start to share thoughts on it today– Share some experiences with you
ERM
• Questions
Finance 590
Enterprise Risk Management
Mark C. Vonnahme
Department of Finance
UIUC
ERM
• Corporate Governance– Ensures board of directors and senior
management have established “appropriate” organizational processes and corporate controls to measure and manage risk
– Mandate is worldwide in business• Regulatory agencies and legislative bodies are
calling for stronger controls
ERM
• Corporate Governance – From ERM perspective, responsibilities of boards and
senior management include• Defining the org’s risk appetite…risk policies, loss tolerance,
risk to capital leverage and target debt rating• Ensuring they have the risk management skills and risk
absorption capability to support business strategy• Establishing org structure and defining roles and
responsibilities for risk management• Shaping the org’s risk culture …setting the tone from top and
reinforcing with incentives• Providing opportunities for learning…from problems and
ongoing training
ERM
• Corporate Governance– Commissions and reports have made
recommendations for greater corp controls and emphasized responsibilities of board and senior management
• Treadway Report – U.S.• Turnbull Report-U.K• Dey Report-Canada• Sarbanes-Oxley-U.S
ERM
• Codes of Conduct– Codes of Best Practices
• Number of sources or sponsors– Stock exchanges
– Exec associations
– Individual companies
– It continues to grow and develop in importance
– Many call for voluntary compliance
– Public v private companies
ERM
• Corporate Governance – Best Practices• Common areas of focus from various
reports …will share experiences in each of these– Stakeholder communication– Board independence– Board performance assessment– Executive and Board Compensation
ERM
• Corp Gov Best Practices…Stakeholder Communication– Communication in annual reports on corporate
governance practices and how org is doing in meeting guidelines
• More emphasis after Sarbanes Oxley – NYSE and Nasdq have adopted more explicit reqs
ERM
• Corp Gov Best Practices … Board Independence– One of key changes …recommend independence of
board from senior management• Objectivity in acting in best interests of company• Separate their oversight role from day to day operations• Chairman and CEO
– Same individual v separate
• Lead Director• Committees
– Audit– Compensation
ERM
• Corp Gov Best Practices…Board Performance Assessment– Recommendation to assess individual and
overall board performance• Will develop over time
– Not universally in place today
• Board positions are “hard work”– Difficult to find board members for public companies
ERM
• Corp Gov Best Practices …Executive and Board Comp– Performance evaluation of CEO
• Set goals and objectives
• Comp structure ... salary, bonus, LT incentives
– Director Compensation• “Avoid overpayment”
– Theory v reality
• Should comp include stock in company– Most would say yes
ERM
• Linking Corporate Governance and ERM– Why is it important– What is the linkage
ERM
• Corp Gov and ERM– Impetus for change in corp governance has
changed corp risk management practices– Similar focus on strategic direction, corporate
integration, and motivation– Good board practices and corp governance are
crucial for effective ERM
ERM
• Corp Governance and ERM– Areas of ERM allied to boards
• Risk appetite and policy
• Organizational structure
• Risk culture and corporate values
ERM
• Questions
• Discussion
Finance 590
Enterprise Risk Management Line Management
Mark C. Vonnahme
Department of Finance
UIUC
ERM
• Line Management – Key revenue producing activities– Structure generally involves SBUs
• My experiences as head of SBU
– Account for majority of assets and employees– Risks are/ or can be significant
• Property casualty insurance
• Surety
ERM
• Interaction of Line with Risk Management• Alignment of Line with RM strategies is crucial
– Impact on new business development• Relationship between line and RM can impact customer
relationships
– Line managers need to understand pricing implications• Losses
• Cost of capital
• Other
ERM
• Key risk issues involving Line and RM– Relationship between line units and RM– Key challenges for line risk management– Best practices for line risk management
ERM
• Relationship between Line and RM– Adversarial relationship v a working
partnership– Structural issues
• Offense v defense
• Policy and policing
• Partnership
ERM
• Line management and RM– Structure
• Offense v defense– Objectives may not be aligned
– HO v Field
– We v they
» Some personal experiences in credit extension
ERM
• Line management and RM– Structure
• Policy and policing– The government v citizenry model
– Policy set
– Line can operate unless exceptions
– But RM is not involved on day to day
– Policies become outmoded
– No real incentives to report outsiders to policy
ERM
• Line Management and RM– Partnership
• RM fully integrated into business
ERM
• Line management and risk management alignment – Key challenges
• Conflict resolution
• Role of line risk management
• Incentive alignment
• Non-financial risk management
ERM
• Line Management-Best Practices• ERM program should integrate risk
management processes into business management processes– Business strategy and planning– New product and business development– Product pricing– Business performance measurement
ERM
• Summary
• Questions
Finance 590Enterprise Risk Management
Steve D’ArcyDepartment of Finance
Lecture 3
Hazard Risk Analytics
April 5, 2005
Reference Material• Chapter 8 – Enterprise Risk Management by
Lam
• Risk and Insurance by Anderson and Brown
http://www.soa.org/ccm/cms-service/stream/asset/?asset_id=8027034
Overview
• Characteristics of Hazard Risk
• Insurance Terminology
• Examples
Characteristics of Hazard Risk
• Loss/no loss situations (pure risk)
• Independence of individual exposures– Important for risk to be insurable
• Types of hazard risk– Persons– Property– Liability
Insurance Terminology• Exposures• Deductibles or retentions• Policy limits• Coinsurance• Claims or losses
– Incurred– Paid– Loss adjustment expenses
• Loss frequency and severity • Triggers
Alternative Risk Transfer (ART) Terminology
• Captives
• Finite insurance or reinsurance
• Insurance-linked bonds
• Insurance securitization
• Cat-E-Puts (Catastrophe equity put options)
• Contingent surplus notes
Loss Frequency
• Number of losses during policy period
• Often modeled as a Poisson distribution
Pr(k) = e-λλk/k!
where Pr = probability
k = number of claims per year (0,1,2,...)
λ = expected number of claims per year
Loss Severity• Size of loss given a loss has occurred• Variety of potential severity distributions
– Empirical– Exponential (Gamma)– Lognormal– Pareto
• Distribution characteristics– Non-negative– Positively skewed– Variance positively correlated with mean
Hazard Risk Example• Assume independent losses• Loss frequency
– 0 80%– 1 15%– 2 5%
• Loss severity– $1,000 40%– $10,000 30%– $25,000 20%– $100,000 10%
Hazard Risk Example (2)Probability of losses Total Losses Prob. Expected Losses1 loss 0 0.8000 0
1000 0.060 1000 0.0600 6010000 0.045 2000 0.0080 1625000 0.030 10000 0.0450 450
100000 0.015 11000 0.0120 13220000 0.0045 90
2 losses 1000 10000 25000 100000 25000 0.0300 7501000 0.0080 0.0060 0.0040 0.0020 26000 0.0080 208
10000 0.0060 0.0045 0.0030 0.0015 35000 0.0060 21025000 0.0040 0.0030 0.0020 0.0010 50000 0.0020 100
100000 0.0020 0.0015 0.0010 0.0005 100000 0.0150 1500101000 0.0040 404
Total value of two losses 110000 0.0030 3302000 11000 26000 101000 125000 0.0020 250
11000 20000 35000 110000 200000 0.0005 10026000 35000 50000 125000 1.0000 4600
101000 110000 125000 200000
Analysis of Potential Losses
• Expected losses = 4,600
• Maximum possible loss = 200,000
• Maximum probable loss (.2%) = 125,000
• Expected losses excess of a $100,000 retention = 1,084
Conclusion• Insurance industry has developed a high level of
mathematical sophistication for valuing hazard risks
• Alternative market has also developed for dealing with hazard risks
• Key questions for organizations involve amount of risk to retain (deductible) and how much coverage to purchase (policy limits)
• These questions begin to tie hazard risk into enterprise risk management