10 ERM Questions from an Investor – The Answer Key (2)

Riskviews was once asked by an insurance sector equity analyst for 10 questions that they could ask company CEOs and CFOs about ERM.  Riskviews gave them 10 but they were trick questions.  Each one would take an hour to answer properly.  Not really what the analyst wanted.

Here they are:

  1. What is the firm’s risk profile?
  2. How much time does the board spend discussing risk with management each quarter?
  3. Who is responsible for risk management for the risk that has shown the largest percentage rise over the past year?
  4. What outside the box risks are of concern to management?
  5. What is driving the results that you are getting in the area with the highest risk adjusted returns?
  6. Describe a recent action taken to trim a risk position?
  7. How does management know that old risk management programs are still being followed?
  8. What were the largest positions held by company in excess of risk the limits in the last year?
  9. Where have your risk experts disagreed with your risk models in the past year?
  10. What are the areas where you see the firm being able to achieve better risk adjusted returns over the near term and long term?

They never come back and asked for the answer key.  Here it is:

2.  One of the large banks that is no longer with us had, on paper, a complete ERM system with a board risk committee that they reviewed their risk reports with every quarter.  But in 2007, when the financial markets were starting to crack up, their board risk committee had not met for more than six months.  The answer to this question is the difference between a pretend ERM system and a real risk system.  The time spent should be proportionate to the complexity of the risk positions of the firm.  For the banks with risk positions that are so complex that they feel that they cannot possibly find enough paper to disclose them, there needs to be much more board time spent, since investors are relying on board oversight rather than market discipline to police the risk taking.  Ask Bernie what you can get away with if there is no disclosure and no oversight.

Many CEOs will tell you that the board has always spent plenty of time talking about risk.  This might be true.  But the standard now is for boards to have a formal risk committee.  Boards that have simply added risk to the Audit committee’s agenda ends up short changing either audit or risk or both.  The Audit Committee had a full plate before the Risk responsibility was added.

And for a larger complex firm, a single annual risk briefing on risk is definitely not sufficient.  For a firm with an ERM program, the board needs to review the risk profile, both actual and planned for each year, approve the risk appetite, approve the ERM Framework and policies of the firm, review the risk limits and be informed of each breach of the limits or policies of the firm.  If the firm has an economic capital model, the model results need to be presented to the board risk committee each year and updated quarterly. Risks associated with anything new that the company is doing would be presented as well.

Does that sound like anything other than a full committee?  So your follow up question, if the CEO gives a vague answer is to ask about whether the board reviewed each of the items listed in the preceding paragraph in the past year.

Back to that former bank.  Their risk reports showed a massive build up in risk in violation of board approved limits.

And the board risk committee saved time by not meeting during the period of that run up in risk.

Advertisements
Explore posts in the same categories: Economic Capital, Enterprise Risk Management, Financial Crisis, Governence, Risk Management System

Tags:

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: