OVERVIEW OF

ENTERPRISE RISK
MANAGEMENT

Key definitions
ENTERPRISE
Any purposeful or industrial undertaking
created for business venture

RISK
Risk, in traditional terms, is viewed as a
negative.
Websters dictionary, for instance, defines
risk as exposing to danger or hazard.
The Chinese give a much better description
of risk
The first is the symbol for danger, while
the second is the symbol for
opportunity, making risk a mix of danger
and opportunity.
3

RISK MANAGEMENT
Risk management is an attempt to identify, to measure, to monitor
and to manage uncertainty.

Risk management

Risk management is present in all aspects of life

It is about the everyday trade-off between an expected reward and a

potential danger

It is universal, in the sense - it refers to human behaviour in the

decision making process

No Risk

No Gain!

Benefits of risk
management
increased
Supports strategic
And
Business planning

Quick grasp
of new
opportunities

Reassures
stakeholders

certainty
and fewer
surprises

Potential benefits

Helps focus
internal audit
programme

Better service
delivery

More efficient
use of
resources

Promotes
continual
improvement

Enterprise risk management

( ERM)
COSO (Committee of Sponsoring
Organizations of the Treadway
Commission) defines ERM as
a process, affected by an entitys board
of directors, management and other
personnel, applied in a strategy setting and
across the enterprise, designed to identify
potential events that may affect the entity,
and manage risk to be within its risk
appetite, to provide reasonable assurance
regarding the achievement of entity goals.
8

ERM is an ongoing process

ERM is an Integral part of how an organization operates

ERM applies to all organizations, not just financial

organizations.

Risk applies broadly to all things threatening the

achievement of organizational objectives

Risk is not limited to threats, but also refers to

opportunities.

The goal of an organization is not risk minimization, but

seeking an appropriate risk-return position.

RISKS vs.
OPPORTUNITIES

Risk is a possibility that an event will occur and adversely

affect the achievement of objectives

Opportunity is the possibility that an

event will occur and positively
affect the achievement of the
organizations objectives and creation of value

10

Developments in Enterprise
Risk Management
Understanding risks is not new at all
There has always been an inherent understanding of risk ;
e.g. health and safety risk

Risk management concept has been around in investment,

banking, insurance, artificial intelligence, and public policy
processes
11

ERM- history..
1974- Basel Committee on Banking Supervision
1988 - Basel Capital Accord setting forth a new framework for
minimum risk based Capital requirements
1985 - COSO formed an independent commission to undertake
a

private

sector study of factors that caused

fraudulent financial

reporting

1992- Following a series of high profile corporate frauds and

accounting scandals, the London Stock Exchange
introduced new regulations covering various aspects of
Corporate governance
12

1995- Development of national standards on Risk

Management began

with Aus/NZ Risk

Similar standards in Canada (Dey Report 1997) and

Japan, and in the UK (2000)
1996- NAIC (National Association of Insurance Commissioners
in

United

States) introduced risk based capital

requirement for

insurance companies.

2002 - A string of corporate accounting scandals has profound

implications in the US and worldwide and led to the
passage

of Sarbanes-Oxley Act

2004 COSO Enterprise Risk Management Integrated

Framework
13

Traditional risk
management vs. ERM

Traditional risk
management is more
related to financial and
hazard risks i.e.
transferable risks
Traditional risk
management requires
more accounting type skills

ERM stresses the

management of
operational and strategic
risks
ERM requires skill in
strategic planning, process
re-engineering, and
marketing

14

Scope of ERM

Aligning risk appetite and strategy

Enhancing risk response decisions

Reducing operational surprises and losses

Managing multiple and cross enterprise risks

Grabbing opportunities

Improving deployment of capital

15

Objectives of ERM

Improve risk-based decision making

More effective use of capital

Comply with regulatory changes

Improve shareholder value

Anticipating problems before they become a threat

Co-coordinating various risk management activities

16

Types of Risks
Top
managment

External
pressure from:
- Regulators
- Shareholders
- Trading
- partners
- Customers

RISKS

Market

Inherent

Static

Credit

Systematic

Residual
17

Market risk
It is the risk that the value
of on and off-balance sheet
positions of a financial
institution will be adversely
affected by movements in
market rates or prices such
as interest rates, foreign
exchange rates, equity
prices, credit spreads
and/or commodity prices
resulting in a loss to
earnings and capital.

18

Inherent risk
- A risk which it is impossible to managed or transferred
away

Static risk
-Risk which is unique to an individual asset

Credit risk
-Failure to meet the obligated payments of counter parties

on

time

Systematic risk
-The risk of holding Market Portfolio

Residual risk
-That remains after the action to mitigate risk is taken
19

Are You Prepared?

Too many businesses fail for the wrong reasons.

They don't fail because their products are inferior,

because they are bad at marketing, or because they are
bad at controlling costs.

They fail because they do not identify and manage risks.

When a disaster happens an incident they should

survive they aren't prepared. They didn't anticipate
what could happen, and they certainly didn't plan for it.

Unprepared businesses suffer badly or fail.

20

Risk Management and

Business Continuity
Risk management is simply a practice of

21

Implementation
The basic elements of an effective risk management program
Ofare:ERM
1.

Senior management and board level commitment

2.

Risk management policies and procedures established in

writing for the most prominent risks, with specific
objectives and targets

3.

Clearly defined responsibilities for managing and

controlling risk

4.

Ongoing employee training is essential

5.

Testing and monitoring of all programs and procedures

6.

Regular reports including independent audits prepared

for review by senior management and board directors
22

Limitations Of ERM
The inherent limitations include :

Realities that human judgment

in decision making can be faulty

23

Breakdowns
can occur
because of
human failures
such as a simple
error or mistake

24

Controls can

be
circumvented
by the collusion
of two or more
people

25

The management
has the ability
to override the
ERM
process

26

 Need

to consider the relative costs

and benefits of risk responses.

27

Role Of Various Authorities

ROLE OF THE BOARD

Provide insight to management

Understand key elements of
ERM.

Inquire the management about risks.

Concur on certain management

decisions

28

Role Of Risk Committee

Participate in risk strategy analysis.

Develop and refine risk
appetite/tolerance.

Evaluate material risk exposures.

Oversee the role and responsibilities
of the Internal Auditor.

Review semi-annual and annual

consolidated reports

29

Role of chief executive

officer

Provide direction to the senior managers.

Setting broad based policies reflecting the entitys risk

management philosophy and risk appetite

Role Of Chief Risk Officer

Establish Corporate-wide risk limit.

establish risk management standards

Review and approve policy exceptions

30

Role of management

Comply with risk

management policies.

Applying ERM techniques

and methodologies.

Ensuring risks are

managed on daily basis

Provide unit leadership

with complete and
accurate reports

31

Role of Internal auditor

Support management by
providing assurance on the
ERM Process function
.Effectiveness and
efficiency of risk
responses and control
activities.
Completeness and
accuracy of ERM
reporting
32

Risk management is a
Continuous Journey

33

Questions ???

34