Posted tagged ‘ERM’

Key Ideas of ERM

July 24, 2014

For a set of activities to be called ERM, they must satisfy ALL of these Key Ideas…

  1. Transition from Evolved Risk Management to planned ERM
  2. Comprehensive – includes ALL risks
  3. Measurement – on a consistent basis allows ranking and…
  4. Aggregation – adding up the risks to know total
  5. Capital – comparing sum of risks to capital – can apply security standard to judge
  6. Hierarchy – decisions about risks are made at the appropriate level in the organization – which means information must be readily available

Risk management activities that do not satisfy ALL Key Ideas may well be good and useful things that must be done, but they are not, by themselves ERM.

Many activities that seek to be called ERM do not really satisfy ALL Key Ideas.  The most common “fail” is item 2, Comprehensive.  When risks are left out of consideration, that is the same as a measurement of zero.  So no matter how difficult to measure, it is extremely important to really, really be Comprehensive.

But it is quite possible to “fail” on any of the other Key Ideas.

The Transition idea usually “fails” when the longest standing traditional risk management practices are not challenged to come up to ERM standards that are being applied to other risks and risk management activities.

Measurement “fails” when the tails of the risk model are not of the correct “fatness“.  Risks are significantly undervalued.

Aggregation “fails” when too much independence of risks is assumed.  Most often ignored is interdependence caused by common counter parties.

Capital “fails” when the security standard is based upon a very partial risk model and not on a completely comprehensive risk model.

Hierarchy “fails” when top management and/or the board do not personally take responsibility for ERM.  The CRO should not be an independent advocate for risk management, the CRO should be the agent of the power structure of the firm.

In fact Hierarchy Failure is the other most common reason for ERM to fail.

Advertisements

Who should do ERM?

February 25, 2014

Risk Identification – don’t just mail it in

January 9, 2014

ERM programs all start out with a suggestion that you must identify your risks.

Many folks take this as a trivial exercize.  But it is not.  There are two important reasons why not:

  1. Everyone has risks in the same major categories, but the way that those categories are divided into the action level is important.  All insurers have UNDERWRITING RISK.  But almost all insurers should be subdividing their UDERWRITING RISK into major subcategories, usually along the lines that they manage their insurance business.  Even the very smallest single line single state insurers sub divide their insurance business.  Risks should also be subdivided.
  2. Names are important.  Your key risks must have names that are consistent with how everyone in the company talks.

Best practice companies will take the process of updating very seriously.  They treat it as a discovery and validation process.

To read more about Risk identification, see the WillisWire post

(This is the first of a 14 part series about the ERM practices that are needed to support the new ORSA Process)

and the RISKVIEWS post

Identifying Risks

Most Popular Posts of 2013

December 30, 2013

RISKVIEWS made 66 new posts in 2013.  You can visit all 66 using the links at the right of the page for Archives, which link to the new posts for each month.

For total traffic in 2013, posts from 2013, 2012, 2011 and 2010 were the most popular,  led by

  1. Getting Started in a Risk Management Career  from November 2012
  2. Avoiding Risk Management  from February 2012
  3. Five components of resilience – robustness, redundancy, resourcefulness, response and recovery  from January 2013
  4. REDUCING MORAL HAZARD  from July 2010
  5. Frequency vs. Likelihood  from June 2011

And here are ten posts that RISKVIEWS recommends that you may have missed:

Inflationary Expectations
Changing Your Attitude
Skating Away on the Thin Ice of the New Day
Full Spectrum Risk Management
Focusing on the Extreme goes Against the Grain
Maybe it is not as obvious as you think…
Capabilities
The World is not the Same – After
Uncertain Decisions
Murphy was a Risk Manager!

ERM on WillisWire

December 3, 2013

Risk Management: Adaptability is Key to Success

swiss-army-knife_645x400

There is no single approach to risk management that will work for all risks nor, for any one risk, is there any one approach to risk management that will work for all times. Rational adaptability is the strategy of altering … Continue reading →


Resilience for the Long Term

Resilient Sprout in Drought

In 1973, CS Holling, a biologist, argued that the “Equilibrium” idea of natural systems that was then popular with ecologists was wrong.He said that natural systems went through drastic, unpredictable changes – such systems were “profoundly affected by random events”.  … Continue reading →


Management is Needed: Not Incentive Compensation

Bizman in Tie

Many theoreticians and more than a few executives take the position that incentive compensation is a powerful motivator. It therefore follows that careful crafting of the incentive compensation program is all that it takes to get the most out of a … Continue reading →


A Gigantic Risk Management Entertainment System

game-controller-in-room_645x400

As video gaming has become more and more sophisticated, and as the hardware to support those games has become capable of playing movies and other media, video game consoles have now become “Entertainment Systems”.  Continue reading →


Panel at ERM Symposium: ERM for Financial Intermediaries

SS Meaning of Risk Mgmt  77408059 April 23 12

Insurance company risk managers need to recognize that traditional activities like underwriting, pricing and reserving are vitally important parts of managing the risks of their firm. Enterprise risk management (ERM) tends to focus upon only two or three of the … Continue reading →


ERM Symposium Panel: Actuarial Professional Risk Management

SS Risk Button - Blank Keys  53606569 April 23

In just a few days, actuaries will be the first group of Enterprise Risk Management (ERM) professionals to make a commitment to specific ERM standards for their work. In 2012, the Actuarial Standards Board passed two new Actuarial Standards of … Continue reading →


Has the Risk Profession Become a Spectator Sport?

The 2013 ERM Symposium goes back to Chicago this year after a side trip to DC for 2012. This is the 11th year for the premier program for financial risk managers. Continue reading →


What to Do About Emerging Risks…

snake-hatching_645x400

WillisWire has on several occasions featured opinions from a large number of our contributors about what might be the next emerging risk in various sectors. But what can be done once you have identified an emerging risk? Continue reading →


U.S. Insurers Need to Get Ready for ORSA

paperwork

Slowly, but surely, and without a lot of fanfare, U.S. insurance regulators have been orchestrating a sea change in their interaction with companies over solvency.  Not as dramatic as Solvency II in Europe, but the U.S. changes are actually happening … Continue reading →


Resiliency vs. Fragility

TREES_645_400(2)

Is there really a choice?  Who would choose to be Fragile over Resilient? Continue reading →

– See more at: http://blog.willis.com/author/daveingram/#sthash.xxAR1QAP.dpuf

Reviewing Risk Appetite

November 19, 2013

[The material below is the work of an ad hoc IAA working group.  It was produced in 2011 but never completed or published.  RISKVIEWS is sharing so that this good work can be viewed.]

Risk appetite setting and its implication on business strategy. 

Risk appetite is a high-level view of the risks the organization is willing to accept in pursuit of value. When an insurer defines the optimal level of risk, a common view of the ultimate priority is to serve shareholder’s benefits. This will facilitate the decision on the types of risks and magnitudes of the risks to be taken that are consistent with business strategies and market situation. At the same time, the desired risk profile should satisfy the explicit and implicit constraints set by other parties such as regulators, rating agencies, policyholders, debt holders, senior management, and employees. Some external changes have also expedited the process. S&P has required a clear statement of risk appetite as a foundation of “strong” or “excellent” ERM rating. Solvency II also requires insurers to explicitly consider their risk appetite.

Risk appetite framework normally includes three levels.

Enterprise risk tolerance: The aggregate amount of risk the company is willing to take, expressed in terms of

  1. capital adequacy
  2. earnings volatility
  3. credit rating target

It represents the company’s long term target and shall be revised only if there are fundamental changes to the company’s financial profile, market situation and strategic objective. Risk appetite helps prevent default by preserving capital position. This is required by regulators, rating agencies, policyholders, and debtholders. These stakeholders show little or no interest in the upside from risk taking. On the other hand, shareholders are interested in the upside resulted from risk taking and low earnings volatility.

Risk appetite for each risk category: Enterprise risk tolerance needs to be allocated to risk appetite for specific risk categories and business activities. For example, selling life insurance policies or underwriting property and casualty risks. Or taking more market risk versus credit risk. By doing this, the company’s resources, like capital, can be allocated to the areas that the company feels comfortable with, or has competitive advantages.  When determining or updating risk appetite for different risk categories, in addition to considering the constraints set by enterprise risk tolerance, it should aim to maximize the risk-adjusted return of risk-taking activities.

Risk limit: Risk limits are the most granular level which is used for business operation. It translates enterprise risk tolerance and risk appetite for each risk category into risk monitoring measures. The consistency between risk limit and enterprise risk tolerance help the company realize its risk objective and maximize risk adjusted return.

Risk appetite not only protects value, but also creates value for the business. It helps senior management make informed decisions to maximize risk adjusted return for the shareholder. Ensuring the consistency between risk appetite and risk limits is very important. Both rating agencies and investors are concerned about whether risk appetite is properly aligned with the risk limits being set for business operation. A sound risk management practice requires risk appetite being integrated into business strategy and corporate culture.

Desired actions/features of risks management by category:

Ad Hoc

1. Unsystematic description of the company’s willingness to take risk. This could possibly be by an answer to investors, regulators or rating agencies’ inquiry and not fully linked with the company’s ability to take risk.

Basic

  1. The company has a formal statement of enterprise risk tolerance which has been approved by Board of Directors (BOD). The statement should at least include target credit rating, capital adequacy, earnings volatility, and attitude to operational risk such as reputation risk and legal risk.
  2. Risk appetite statement is incorporated in the risk management policy and will be reviewed annually by risk management committee and BOD.
  3. When making a strategic decision, the impact is sometimes checked against enterprise risk tolerances to make sure they are not breached.

Standard

  1. The company has a well established risk appetite framework which includes enterprise risk tolerance, risk appetite for each identified risk category and risk limits. Those are reviewed and approved by BOD and updated at least annually or in market turmoil.
  2. The risk appetite framework considers all the constraints the company faces and reflects key stakeholders’ risk preference. They include regulators both at group level and local level, shareholders, debtors, and management.
  3. There exists a consistent framework to align risk limits with enterprise risk tolerance. This is essential to make sure all the business decision is made within the company’s tolerance of risk.
  4. Integration of risk appetite and strategic planning. Risk appetite framework plays an active role in providing information about risk exposures of business activities and risk reward trade off. Asset allocation and product mix are the two key areas.
  5. The whole company is involved in risk appetite framework to facilitate risk identification and foster a healthy risk culture.

Advanced

  1. Risk appetite framework is integrated with all the business decision, including business operation constrained by risk limits and strategic decision to fit into enterprise risk tolerance. Strategic decisions include, but are not limited to strategic asset allocation, tactic asset allocation, new business planning, capital allocation, and risk management strategies.
  2. Performance measurement of management is linked to risk adjusted return or risk adjusted value.
  3. Effective and company wide education and communication of risk appetite framework are in place and regularly scheduled.
  4. Back testing of risk appetite framework is conducted to identify new risks, key assumption errors, and model errors.
  5. Risk appetite framework is considered more of strategic risk management than risk limit system.
  6. Risk appetite framework puts more efforts on emerging risks or risks hard to identify and quantify. Qualitative analysis becomes critical in corporate strategic decision.

Capital Allocation – Different Questions

November 18, 2013

RISKVIEWS has been confused by the vehemence of some people about the topic of capital allocation.

Some people feel that capital MUST be allocated to facilitate proper management.

Other feel that capital MUST NEVER be allocated because it leads to incorrect decisions.

But RISKVIEWS suspect that they may be talking about two different questions.

Those who think that they MUST allocate capital are trying to answer the question “How DID we do?”

Those who think that they MUST NEVER allocate capital are focused on the question “What SHOULD we do?”

Of course, the two questions often get mixed up.  But one is about the past and the other one is about the future.  The problem that folks who object to capital allocation are afraid of is that if capital is allocated for the purposes of answering the “How DID we do?” question, then the same sort of allocation will be used to answer the “What SHOULD we do?” question.

And that IS a problem.  The “What SHOULD we do?” question needs to be answered with projections of the future.  Many decisions that are worth worrying about do not settle within a single year, so the projections need to be multi year.

But the problem that they are worried about is the problem of making a multi year decision with a single year projection.  Whether capital is allocated or not, that is a poor way to go.

Multi year decisions need multi year projections.  The multi year capital impact needs to be included.  That can be done with a cost of capital factor or be a carefully constructed model that reflects capital inflows and outflows and then implicitly charges a cost for capital held.   The multi year calculation usually needs to be discounted at an appropriate risk adjusted discount rate.

RISKVIEWS rule of thumb for selecting a discount rate is that all risks should be included ONCE and only ONCE in the entire calculation.  So if the calculation is a stochastic one that includes scenarios that reflect the possible adverse effects of a risk, then the discount rate should not also include a charge for that risk.  If your projection includes ALL possible risks, then a risk free rate is an appropriate discount.  Remember that the market charges a risk premium for its perception of emerging risks.  And for the risk of strategic failure.

So RISKVIEWS concludes that there is no harm from allocating capital.  There is a harm from making multi year decisions with a one year projection.  Whether or not capital is allocated.  And multi year decisions need to include the effect of capital usage.


%d bloggers like this: