Title: Enterprise Risk Management and Business Continuity
1Enterprise Risk ManagementandBusiness Continuity
- Rick Gorvett, FCAS, MAAA, ARM, FRM, Ph.D.
- Actuarial Science Professor
- Departments of Mathematics and Finance
- University of Illinois at Urbana-Champaign
- Crisis Management Business Continuity Seminar
- Bloomington, IL
- October 10, 2003
2Agenda
- About me
- A risky world
- Broadening our perspective
- Enterprise risk management (ERM)
- Evolution
- Current state
- Relationship to Business Continuity
- Conclusion
3Who am I? Why am I here?
- Admiral James Stockdale, 1992
- Currently
- Professor, Depts. of Mathematics and Finance
- University of Illinois at Urbana-Champaign
- Prior
- Senior Vice President
- Director of Internal Audit Risk Management
- Internal Audit
- Corporate Investigations
- Risk Management
- Enterprise Risk Management
- Business Continuity
4A Risky WorldAnd it just seems to be getting
riskier!
- Whats getting riskier about our world?
- What isnt ?
- Perhaps aspects of technology, medical care,?
- Evidence of riskiness
- Catastrophic events in a more crowded world with
greater vulnerabilities - Current events
- Books e.g., Safe Food Eating Wisely in a
Risky World - Financial markets
5Why Worry AboutInterest Rate Risk? (cont.)
Data per FRED II, St. Louis FRB, for 3-Month
T-Bills, Secondary Market
6Why Worry AboutInterest Rate Risk? (cont.)
Data per FRED II, St. Louis FRB
7Why Worry About FX Risk?
8Steps in theRisk Management Process
- Determine the corporations objectives
- Identify the risk exposures
- Quantify the exposures
- Assess the impact
- Examine alternative risk management tools
- Select appropriate risk management approach
- Implement and monitor program
9The Bottom LineIt All Boils Down to Capital
- Capital
- Assets less liabilities owners equity net
worth - Support for (riskiness of) operations
- Thus, supports profitability and solvency of firm
- Capital Management
- Determine need for and adequacy of capital
- Plans for increasing or releasing capital
- Strategy for efficient use of capital
10Why Do We Care About Managing Capital?
- Leads to solvency and profitability
- Benefits of solidity and profitability
- Higher company value
- Happy claimholders
- Better ratings
- Less unfavorable regulatory treatment
- Ability to price products competitively
- Customer loyalty
- Potentially lower costs
11The Problem With Capital
- A certain amount of capital is needed in order to
promote solvency - Thus, we need to be able to raise capital
-
- But.... If there is too much capital,
profitability (as measured by return on equity)
will suffer - Thus, we need to be able to efficiently deploy
capital
12What Does Capital Management Entail?
Product Pricing
Financial Risk Mgt.
Raising Capital
Capital Management
Setting Objectives
Strategic Planning
Liability Valuation
Risk Management
Asset Allocation
13Financial Theory andCapital Management
- Why bother to worry about financing or FRM (or
any risk management activity), in light of the
capital structure irrelevance proposition? - Modigliani-Miller (1958) if financing does
matter, it must be because of one or more of - Tax effects convex tax function
- Financial distress / bankruptcy costs
- Effects on future investment decisions
14Capital Structure - Reality
- Modigliani-Miller Proposition capital structure
decision is irrelevant to firm value, under
certain friction-free assumptions (e.g., no
taxes) - But in reality, there are taxes
- There are also costs associated with financial
distress - Different corporate situations may indeed lead to
different capital investment decisions
15Post-FRM
Pre-FRM
16Enterprise Risk Management
- Or Enterprise Risk and Assurance Management
- What is ERM?
- Concerned with a broad financial and operating
perspective - Recognizes interdependencies corporate,
financial, and environmental factors - Strives to determine and implement an optimal
strategy to achieve the primary objective
maximize the value of the firm
17Goals of ERM
- Ensure business continuity
- Enhance opportunities for the company to achieve
its objectives - Create and increase company value
- Make risk management more cost-efficient
- Stabilize earnings
18Evolution of ERM
- Historically risk silo mentality
- Mid-1990s
- First Chief Risk Officer
- First use of ERM terminology
- Late-1990s
- Risk-related regulatory requirements (e.g.,
Turnbull) - Earnings protection insurance debuts
- 2001
- September 11
- Corporate scandals
- Beginning of efforts to improve corporate
governance
19Current State
- Findings from various surveys
- An acknowledged need to improve risk management
- A recognition that a holistic approach is
appropriate and preferable - ERM can improve overall capital management and
thus enhance corporate value and competitiveness - A variety of approaches to improving risk
management - There are still problems to overcome
20A Paradigm Shift
- Traditional
- Risks managed in silos
- Concentrates on physical hazards and financial
risks - Insurance orientation
- Ad hoc / one-off projects
- Emerging
- Centralized mgt., with exec-level coordination
- Integrated consideration of all risks, firm-wide
- Opportunities for hedging, diversification
- Continuous and embedded
21Types of Risks
- Operational
- Hazard
- Physical
- Strategic
- Capital / resource allocation
- Industry / competitors
- Technological
- Databases
- Security
- Confidential information
- Stakeholder
- Legal
- Compliance
- Regulatory
- Financial
- Capital markets
- Credit risks
- Taxes
- Human capital
- Retention
- Training
- Reputational
22Issues in ERM Implementation
- Different corporate cultures require different
ERM approaches - Who is going to be the ERM champion within the
company - Among senior executives
- Among departments / functions
- How to embed a risk management culture and
responsibilities throughout the firm
23Components of the ERM Process
- Determine corporate objectives
- Risk identification
- Goal comprehensiveness
- E.g., self-assessment
- Risk measurement
- Volatility measures
- Value at Risk (VaR)
Likelihood
Impact
Likelihood
Size of loss
24Components of ERM (cont.)
- Assessing the impact
- Stress or scenario testing
- Stochastic simulation
- Examine and select alternative risk management
tools and techniques - Traditional risk transfer
- Natural hedging / diversification
- Integration of risks
E.g., dynamic financial analysis
25An Analytic TechniqueDynamic Financial Analysis
- Dynamic
- Stochastic / variable not fixed / static
- Reflects uncertainty
- Financial
- Integration of financial, operational, etc.,
factors - Assets and liabilities
- Analysis
- An examination of a complex, its elements and
their relations - Complex a whole made up of complicated or
interrelated parts
26Definition of DFA
- Dynamic Financial Analysis is the process by
which an actuary analyzes the financial condition
of an insurance enterprise. Financial condition
refers to the ability of the companys capital
and surplus to adequately support the companys
future operations through an unknown future
environment. -
- The process of DFA involves testing a number of
adverse and favorable scenarios regarding an
insurance companys operations. DFA assesses the
reaction of the companys surplus to the various
selected scenarios. -- CAS DFA Handbook
27Key Ideas in this DFA Definition
- Financial condition
- Specifically, capital and surplus
- Future operations
- Going concern
- Unknown future environment
- Uncertainty / stochastic
- Testing a number of.... scenarios
- Analysis across different environments
- Assesses the reaction of.... surplus
- Analyze acceptability of results
28Types of DFA
- Scenario testing
- Projects results under specific conditions
- Catastrophe, interest rate shift
- Used for cash flow or stress testing
- New York Life Insurance Regulation 126
- Stochastic simulation
- Models uncertainty components by distributions
- Uses randomly selected values to calculate a
large number of outcomes - Evaluate risk by proportion of unacceptable
outcomes
29Sample DFA Model Output
30Keys to Success in ERM
- Senior management commitment and sponsorship
- Embed a risk management culture in the
corporation at the operational level - Provide for accountability, both specific and
widespread - Clearly defined responsibilities for coordination
and maintenance - Adequate communication
31Keys to Success inBusiness Continuity Planning
- Senior management commitment and sponsorship
- Provide for accountability, both specific and
widespread - Clearly defined responsibilities for coordination
and maintenance - Adequate communication
- Differentiate BCP from technology disaster
recovery
32Conclusion
- The revolutionary idea that defines the boundary
between modern times and the past is the mastery
of risk - - Peter Bernstein, Against the Gods