enterprise risk management its meaning and import jerry a. miccolis, fcas, maaa tillinghast - towers...
Post on 18-Dec-2015
219 views
TRANSCRIPT
Enterprise Risk Management
Its Meaning and Import
Jerry A. Miccolis, FCAS, MAAATillinghast - Towers Perrin
Enterprise Risk Management
Its Meaning and Import
Jerry A. Miccolis, FCAS, MAAATillinghast - Towers Perrin
3
The “ERM movement” has many driving forces
Reactive: Company calamities Investor concern Corporate governance guidelines Regulatory oversight Rating agency activity
Proactive: “Beating the odds” Informed decision-making under certainty Competitive advantage
4
“Any sufficiently advanced technology is indistinguishable
from magic”
Arthur C. Clarke
risk
management
system
with
apologies to
5
Companies are managing a number of separate, but related, activities...
Product andDistribution
Product mix
Distributionstrategy
Pricing
Customerservice
Investments
Asset/liability
management
Liquidity
Market risktolerance
Tax profile
Organization
Hiring/training
HR policies
Pay andbenefits
Communication
CapitalStructure
Equity vs. Debt
Managingexcess capital
Reinsurance
Securitization
6
...ERM brings these activities together in a coherent conceptual framework...
…for the purpose of increasing the value of the enterprise
Pro
du
ct
an
dD
istr
ibu
tion
Investm
en
ts
Org
an
izati
on
Cap
ital
Str
uctu
re
7
...ERM brings these activities together in a coherent conceptual framework...
…for the purpose of increasing the value of the enterprise
Pro
du
ct
an
dD
istr
ibu
tion
Investm
en
ts
Org
an
izati
on
Cap
ital
Str
uctu
re
8
What profession is -- or will be -- leading the ERM movement?
In 2000, the Institute of Internal Auditors commissioned a study of “Trends and Best Practices in Enterprise Risk Management” to: Complete a literature search and bibliography Perform a survey across multiple industries Interview “best practices” organizations Prepare a definitive monograph Outline the necessary changes in the auditor’s role
In 2000, the CAS Board created an Advisory Committee on Enterprise Risk Management to: Identify research and education needs of CAS members Recommend methods, priorities and timetables to the
Executive Council for implementing the needed research and education
9
Where are the Chief Risk Officers coming from?
Source:
IIA/Tillinghast - Towers Perrin 2000/ 2001 survey of finance and audit officers in 130 companies across various industries (including 11% insurance industry, 11% other financial services)
Source:
Tillinghast - Towers Perrin 1999/ 2000 survey of finance and actuarial officers in 66 life, health and P/C insurers and mutual funds
Insurance Industry
Internal
External
All Industries
Internal
External
10
Where are the internal CRO appointments coming from?
Internal Audit
Finance
RiskManagement
Treasury
Other
Insurance IndustryAll Industries
Internal
11
Where are the Chief Risk Officers coming from?
Internal Audit
Finance
RiskManagement
Treasury
Other
Insurance Industry
Internal
External
All Industries
Internal
External
12
The CAS ERM Advisory Committee has developed a working definition of ERM
ERM is:
The process by which
organizations in all industries
assess, control, exploit, finance and monitor risks
from all sources
for the purpose of increasing the organization’s short and long term value to its stakeholders
13
The committee has created a frameworkfor identifying research and education needs...
Risk TypeRisk Type
Strategic
Operational
Financial
Hazard
Strategic
Operational
Financial
Hazard
Risk ManagementProcess Step
Risk ManagementProcess Step
Establish context
Identify risks
Analyze/quantify risks
Integrate risks
Assess/prioritize risks
Treat/exploit risks
Monitor and review
Establish context
Identify risks
Analyze/quantify risks
Integrate risks
Assess/prioritize risks
Treat/exploit risks
Monitor and review
14
The committee has created a frameworkfor identifying research and education needs...
Risk TypeRisk Type
Strategic
Operational
Financial
Hazard
Strategic
Operational
Financial
Hazard
Risk ManagementProcess Step
Risk ManagementProcess Step
Establish context
Identify risks
Analyze/quantify risks
Integrate risks
Assess/prioritize risks
Treat/exploit risks
Monitor and review
Establish context
Identify risks
Analyze/quantify risks
Integrate risks
Assess/prioritize risks
Treat/exploit risks
Monitor and review
15
...And is now analyzing the gap between the current and the desired state of ERM knowledge
Risk Type
Establish
ContextIdentify
Risks
Analyze/ Quantify
RisksIntegrate Risks
Assess/ Prioritize Risks
Treat/ Exploit Risks
Monitor and
Review
Risk Management Process Step
Operational
Financial
Hazard
Strategic
Enterprise Risk Management
Its Meaning and Import
Jerry A. Miccolis, FCAS, MAAATillinghast - Towers Perrin