12' Enterprise Risk Management

1
12. Enterprise Risk Management

• Dr. Jan-Juy Lin
• Dept. of Risk Management and Insurance
• ETP course, CNCCU

2
Introduction

• The evolution of enterprise risk management
• Risk management fundamentals
• The ERM framework
• The risk management process

3

• The Evolution

4
ERM Definition

• ERM can be defined as the process by which an
  entity identifies, assesses and implements
  decisions about the collective risks that can
  affect enterprises value.
• Goal how to holistically manage a corporations
  risk such that the overall risk profile is better
  positioned for maximizing firm value.

5
Chief Risk Officer

• CRO- a new type of risk manager whose span of
  control matched the now wider scope of risk
  management.
• CROs unique position at two aspects
• A senior executive position
• Responsible for a broad range of corporate
  risks
• Q Types of a corporate risk? Integration? (read
  insight 12.3 Bhopal loss control failure)

6
ERM Evolution (Figure 12.1)
7
Risk Management Fundamentals

• Purpose of risk management is to contribute to
  the maximization of the economic value of the
  firm.
• Often associated with attempts to manage those
  risks that entail the possibility of economic
  harm, where the harm can be
• A reduction in the value of existing wealth
• An increase in future expenditures
• A reduction in future income
• An increase in the discount rate

8
Risk Management Fundamentals

• The manager should identify all opportunities and
  threats, quantify and prioritize them with
  respect to potential economic benefits or harm,
  and find means to manage them collectively and
  effectively to enhance firm (shareholders)
  value.
• The manager should be indifferent whether a risk
  is financial, operational or strategic.
• The collective management approach is a
  departure from individual opportunity or risk
  specific approach commonly used in the past.

9
Goals of Enterprise Risk Management

• ERM deals with all risks critical to the
  maintenance and enhancement of firm value.
• Collectively all the risks should be thought of
  as a portfolio (risk portfolio)
• Goal of ERM is to maximize the value of the firm
  by ensuring that risk portfolio as aligned with
  the firms risk appetite.
• A firm can alter its risk portfolio in three
  ways
• Modify its operations
• Adjust its capital structure
• Employ targeted financial instruments

10
Goals of Enterprise Risk Management

• The Committee of Sponsoring Organizations of the
  Treadway Commission (COSO) An effective ERM
  approach should be oriented toward several
  sub-goals
• Ensure that the firms risk appetite is aligned
  with its overall strategy
• Enhance risk response decisions

11
Goals of Enterprise Risk Management

• Several sub-goals (continued)
• Reduce operational surprises and losses
• Identify and act on (new) business opportunities
  from successfully managing risks
• Allow management effectively to assess the firms
  capital needs and improve capital allocation
• Findings reading in p292,
• Figure 12.2 Less volatility by reducing the
  weight on the tails if the cash flow
  distribution.

12
Impact of RM on Cash Flow Volatility (Figure
12.2)
13
The ERM Frameworks

• The COSO Framework
• Internal environment analysis is the most
  important one.
• The Australian/New Zealand Standard
• AS/NZS 4360
• The U.K. Risk Management Standard
• The IRMAIRMICALARM standard

14

• The ERM Process

15
The ERM Process (Figure 12.3)
16
Environmental Analysis Internal

• Sources of information
• Financial statements
• Examination of production operations
• Questionnaires
• Brainstorming sessions with key personnel
• Scenario planning
• Risks
• Operational
• Financial

17
Environmental Analysis Internal

• Operational risks (Insight 12.1)
• Earnings can be affected by a host of risks.
• Assets can be damaged, destroyed and stolen, and
  some become obsolete over time.
• Employee-related risks such as injury or death,
  resignation (including being fired), strike or
  being the object of kidnappings and ransom.
• Legal liability is a major concern for businesses
  in several countries. (Table 12.1)
• Political risks are especially relevant for MNCs.

18
Top 10 Class Action Settlements
19
Environmental Analysis Internal

• Financial risks
• Currency or foreign exchange rate risk
• Interest rate risk
• Input price risk (Oil, sugar)
• Output price risk (DRAM, Gold)
• Credit or counterparty risk (Default, country
  credit)

20
Environmental Analysis External

• Threats and opportunities external to the
  organization fall overwhelmingly into the
  strategic risk category.
• Strategic risks stem from macroeconomic and other
  primarily external influences and trends.
• Case Study Brent Spar offshore platform at sea
  1993, (Insight 15.5 p387)

21
Environmental Analysis External

• strategic risk category. (continued)
• Responsibility for managing strategic risks
  usually rests at the highest levels of the
  organization
• In some instances, what seems to be purely an
  operational risk issue can escalate into a
  disastrous reputational problem.
• The Royal Dutch/Shell case in Insight 15.5

22
Risk Quantification

• Quantitative risks
• Net present value (NPV) and internal rate of
  return (IRR) analyses
• The capital asset pricing model (CAPM)
• Value at risk (VaR)

23
Risk Quantification

• Qualitative risks
• Scenario planning
• Brainstorming
• Decision tree analysis
• Classification And Regression Trees (CART)
• Hazard and Operability (HAZOP) method
• Program and Evaluation Review Technique (PERT)

24
Decision Tree Analysis (Figure 12.4)
25
Risk Mapping

• Upon completion of the analysis process, the firm
  should be able to quantify all risks identified
  objectively or subjectively and then ranks the
  risks in the order of priority
• Two approaches
• The IRM-AIRMIC-ALARM approach (Table 12.2)
• Risk mapping (Figure 12.5)

26
The IRM-AIRMIC-ALARM approach (Table 12.2)
27
Risk Mapping (Figure 12.5)
28
Risk Response

• Risk control techniques
• Avoidance
• Loss prevention
• Loss reduction
• Risk-related management standards
• International Organization for Standardization
• ISO 9000 series
• ISO 14000 series

29
Risk Response

• Agenda 21(Table 12.3)
• Global corporate environmental management
• Environmentally sound production and consumption
  patterns
• Risk and hazard minimizations
• Full cost environmental accounting
• International environmental support activities

30
Risk Control and Financing (Figure 12.7)
31
Yearly Comparison of Development (Figure 12.6)
32
Risk Response

• Risk financing techniques
• Internal loss financing (retention)
• The organization relies on internal financial
  resources to cover its loss.
• External loss financing
• Contractual transfer
• Purchasing derivatives
• Purchasing insurance

33
Risk Response

• Risk financing techniques(continued)
• Contractual transfer
• Non-insurance transfer (e.g., hold harmless
  agreement)
• Indemnification agreement
• Hedging
• Protects against a decline in future cash flows
• Through derivatives
• Insurance
• Important in managing high-severity loss exposure

34
Plan Administration

• Implementing an international risk management
  program follows the same process as managing
  purely domestic risks.
• Recall that businesses can alter their risk
  profiles by changing operations, altering their
  capital structure and using targeted financial
  instruments.
• The techniques for addressing operational risks
  generally are universal in concept but differ
  substantially in their application
  internationally.

35
Plan Administration Decentralized Program

• Relies heavily on local operations or
  subsidiaries to make their own risk management
  decisions
• Concerns
• The MNC exercises little control over local risk
  management activities
• There can be a lack of coordination between the
  corporate and local offices, thus thwarting ERM
  efforts.

36
Plan Administration Decentralized Program

• Benefits
• Local office accountability is enhanced, and
  local management may show a strong interest in
  managing risk.
• Relying on local outside firms helps establish
  stronger ties with the local government and
  community.
• All contracts, including commercial transactions
  and insurance are issued in compliance with local
  regulations.

37
Plan Administration Centralized Program

• The corporate office exerts primary control over
  the risk management activities of remote
  operations and subsidiaries.
• Benefits
• Uniform approaches to risk, allowing stronger
  coordination internationally and consistency with
  the ERM approach
• Target financial instruments, such as insurance,
  being more consistent

38
Plan Administration Centralized Program

• Concerns
• Conflict between corporate and local offices over
  local autonomy
• Cost-of-risk allocations among subsidiaries
• The corporate office may fail to respond on a
  timely basis to changes in local conditions

39

• Discussion Questions

40
Discussion Question

• Briefly describe your idea about ERM? and provide
  a case to support your idea.
• Why is it important to have an effective
  communication channel involving (the most) senior
  management in ERM?
• Identify and discuss one risk that firms can
  easily quantify and another that cannot be
  objectively quantified.

41
Discussion Question

• Please read the Royal Dutch/Shell case in Insight
  15.5 and deliver your comment by using ERM
  concept.
• Identify the risks in NCCU, in your view, could
  cause (i) a significant reduction in the value
  of the existing wealth of the firm, (ii) an
  increase in future expenditures, and (iii) a
  reduction in future income?