A Practical Approach to Enterprise Risk Management

Similar documents
Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

The COSO Approach to Enterprise Risk Management

Leveraging ERM to meet. and create business value. Management Flora Do, Senior Manager, Enterprise Risk Management

Implementing Authentic Enterprise Risk Management

Successful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)

Enterprise Risk Management. Focus on the Future June 2017

B U S I N E S S R I S K M A N A G E M E N T L T D

Asset Acceptance Capital Corp.

Enterprise Risk Management: Developing a Model for Organizational Success. White Paper

Practices in Enterprise Risk Management

SAMPLE BEC SuperfastCPA Review Notes

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

FMS New York/ New Jersey Chapter Meeting January 14, The Impact of Models. by: Scott Baranowski

ENTERPRISE RISK MANAGEMENT

Internal Financial Controls (IFC) ICAI Seminar October 8, 2016

Gleim CIA Review Updates to Part Edition, 1st Printing June 2018

Embedding Operational Risk

Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.

Enterprise Risk Management

Enterprise Risk Management

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

QCF Syllabus. Management of Financial Resources and Performance

Strengthening Your Enterprise Risk Management Process

State Street in the UK Pillar 3 Disclosure - Remuneration

The COSO Risk Framework: A reference for internal control? Transition from COSO I to COSO II

Introduction to ERM (Enterprise Risk Management)

Risk Management Culture: The Linkage Between Ethics & Compliance and ERM September 14, 2009

LEADING WITH GRC. The Return of the ERM Extending Beyond It s Past Scope. Brenda Boultwood, SVP Industry Solutions, MetricStream

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Role of Operational Risk in the Product Lifecycle Presented By: Chris Nestore, SVP Head of Operational Risk Management, TD Bank

Emerging Trends in Auditing ERM COSO ERM 2017

Internal Audit Solutions:

Proposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions

Session 7: Corporate Governance

Enterprise Risk Management (ERM) - Impact of 2017 COSO ERM Model

Transforming Internal Audit to Drive Business Performance. 21 June, 2011

Performance Risk Management Jonathan Blackmore, May 2013

CGEIT Certification Job Practice

CGEIT QAE ITEM DEVELOPMENT GUIDE

What s right for your business?

DUBAL s ISO based ERM Program

Road to Self Governance

Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director

Stress Testing & Capital Planning: Principles, Program Elements & Common Challenges

Finding your Privacy Pulse: How to Use KRIs to Measure Your Privacy Risk

It s All About Strategy!

Enterprise Risk Management

Pillar 2 - Supervisory Review Process

Gleim CPA Review Updates to Business Environment and Concepts 2018 Edition, 1st Printing March 2018

Treasury s Leading Role in Enterprise Risk Management

Pillar 3 Reporting Disclosures

ERM 101. Casualty Loss Reserve Seminar, Fall /5/ Practical Enterprise Risk Management (ERM) Agenda ERM 101 2

DFAST Stress Testing Conference Developing an Effective DFAST Audit Program October 28, :00 A.M.

Internal Control Integrated Framework. An IAASB Overview September 2016

Internal Control Integrated Framework. An IAASB Overview September 2016

Risk and Compliance Services

RISK AND COMPENSATION COMMITTEE TERMS OF REFERENCE

From Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance

The Ins and Outs: Audits Under FDICIA. Jennifer Gureckis and Kaylyn Landry BerryDunn February 27, 2018

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

Enterprise Risk Management 2016

Compliance, Internal Audit, and Risk Management: What do they look like at a Managed Care Plan?

Evolving Risk Management: Risk-Enabled Performance Management. GHBER July 17, 2014

Appendix A. Simplified Sample Entity-Level Control Matrices

Enterprise Risk Management Survey 2011

Taking ERM to a. 6 GRC Today / October 2015

Risk Management With an Enterprise (Wide) Focus

RSA Archer Compliance Management 5.2 Webcast

pwc.co.uk Enterprise Risk Management

Outsourcing banking processes: The question is no longer if, but how to effectively manage extended enterprises

Risk Appetite Framework Linking Risk to Strategy Joseph A. Iraci Managing Director, TD Ameritrade

Community Bankers Conference

CGMA Competency Framework

SMALL & MEDIUM BUSINESSES

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

ISACA. The recognized global leader in IT governance, control, security and assurance

A Strategic Approach to Bank Fraud

Third Party Risk Management ( TPRM ) Transformation

9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in

Efficiency First Program

PROMONTORY, AN IBM COMPANY QUANTITATIVE SOLUTIONS CASE STUDY: Stress-Test Model Development

Blueprint. Uniform CPA Examination Business Environment and Concepts (BEC)

Risk and Compliance Services

BCBS 239 Alignment with DCAM (Data Management Implications related to the Principles of Risk Data Aggregation) July 2015

Enterprise Risk Management Aligning Risk With Strategy and Performance

Risk Management Developing an Effective Audit Plan

Michael Lammie Director, PricewaterhouseCoopers

Comments to be received by 31 January 2008

OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT

Charter for Enterprise Risk Management

Deloitte Governance Framework and Maturity Model

NATIONAL SUSTAINABILITY FRAMEWORK - Financial Planning & Reporting + Asset Planning & Management

Table of Contents. Preface xi. Acknowledgments xv. Chapter 1: What We All Share 1. Need for Control Criteria 1

e. inadequacy or ineffectiveness of the internal audit program and other monitoring activities;

The Role of the Chief Risk Office and the Board s Role in Risk Oversight

Risk Management in the 21 st Century Ameren Business Risk Management

Building a Better Business Using Financial Statement Analysis

Business Plan

9/21/2017. ERM = integrated picture of all key risks ENTERPRISE RISK MANAGEMENT. ERM process cycle

Risk management is changing. Act now.

Transcription:

A Practical Approach to Enterprise Risk Management Presented by: Amit Govil Managing Partner, P&G Associates John McIsaac President, McIsaac Risk Solutions

Today s Agenda I. Defining ERM II. Implementation Challenge III. Framework for Practical Implementation IV. Three Phases for Implementation V. Benefits of ERM 2

Defining Enterprise Risk Management ERM - Confusion over what to measure and how Measuring the potential for loss of assets Measuring the potential for loss of future earnings and capital Measuring risks for accidental losses Strategic, operational risks 3

Defining Enterprise Risk Management COSO Definition: A process, affected by an entity s Board of Directors, management and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives 4

Defining Enterprise Risk Management In search of the Definition of ERM How to apply the concept, in a practical way, to a community financial institution What is the benefit of developing one? 5

Defining Enterprise Risk Management In 1964, a Supreme Court Justice, having difficulty explaining pornography, simply said: I can t explain it...but I know it when I see it. 6

Defining Enterprise Risk Management A warning system 7

Defining Enterprise Risk Management RED ALERT 8

Defining Enterprise Risk Management Three Prong Approach Understanding our risks, internal and external environment Method to validate that the various processes and controls in place are working (Is everyone doing what they are supposed to be?) Method to ensure that the business strategy in place is generating the right results (Is our strategy adequate?) 9

Hurdles for Implementation No clear regulatory guidance/road map COSO/BASIL standards that define measurement and quantification of risk are geared for large institutions Centralizing data needed to measure and identify risk is difficult Lack of Institution wide Support or Deemed Value of Implementation 10

Framework for Practical Implementation Holistic Approach Enterprise wide A mechanism that is understood and useful at the Board of Directors level 11

Framework for Implementation DEFINE MEASURE MANAGE 12

Framework for Implementation Phase One Perform an Enterprise wide Assessment of: 1. Internal Environment Set Framework 2. Objective Settings Identification of Risk Settings 13

Framework for Implementation Phase One 1. Internal Environment Set Framework a) Document Risk Management Philosophy b) Perform and Document Risk Culture Survey c) Develop Risk Management Policy Define Board Oversight Identify Risk Committee Identify CRO Identify the Organization Structure 14

Framework for Implementation Phase One Internal Environment Document Risk Management Philosophy: The Organization's risk culture How risks are identified and managed (i.e., written policies, performance indicators, meetings with managers, exception reports, etc.) 15

Framework for Implementation Phase One Internal Environment Perform and Document Risk Culture Survey: How well does everyone in the organization understand: Code of conduct Work Environment People/Resources Risk Management Access to Information 16

Framework for Implementation Phase One Internal Environment Develop Risk Management Policy: Goals Roles and Responsibilities Board, CEO, CRO, Management, Employees, Internal Audit, Compliance Definition of types of Risks Inherent, Residual, Risk categories (i.e., Reputation, Market, IT, etc.) ERM Process Frequency of updates, surveys, benchmarking, KPI indicators, risk assessments, etc. 17

Objectives Framework for Implementation Phase One a) Define Functional Areas in the Bank b) Define Key Risks to measure c) Define measurable Key Performance Indicators ( KPI ) for each area (Internal And External) d) Define tolerances for each Key Performance Indicator e) Overall assessment of objectives for each functional area based on the level of tolerance accepted for each KPI 18

Functional Areas Examples of areas to consider: Lending Financial Regulatory Compliance Retail/Branch Administration Human Resources Internal Audit Marketing Operations Board/Corporate Governance 19

Risk Categories Financial Reporting Operational Credit Information System Reputation Strategic and Governance Legal and Compliance Liquidity Fraud Market 20

Building the ERM Phase II 21

P'32G Associates Whafo your 1U8k? Enterprise Risk Domains " ~""_ ""-" o.,... f'",...,,''''''''' "'." ~ ''"'''~" ~..... """.F,;><"i <0.- t - --, ~"" '---!Il!'\ c_ ;;:;. I ;;:;.,,~-,-,.-.-. -- --. '. "-... ---< tii!.. 22

9 Steps to an ERM Program Build Gather Existing Information Organization Profit Centers Programs and Assessments Portfolio Composition Information Gathering and Strategy Establish Current Performance Objectives Growth Retention Performance Qualitative /Quantitative Metrics Use for KPI Peer and Competition Groups Concerns in Operations Risk Management Material Concerns (Cost, Accuracy, Efficiency) Workforce Compliance Financial Controls Workforce Profile Infrastructure Customer Composition Enterprise /Environment Factors Consider ORM initiatives 23

Risk Assessment Buildout Risk Profile Risk Appetite Risk Tracking & Reporting Profit Center Focus Risk Scenario Considerations CAMELS Baseline Ratio Model Workforce Model Int, Ext, Counterparty Effects of Change Scenarios against Baseline Performance Metrics Available (UBPR, FID, Other) Review Comparative Trends and Set Thresholds Scenarios /PIR Factors Growth / Loss / Forecast Confirm Risk Baseline with Management and set KRI Define processes for support to ERM review and adjustment Align Risk Scenarios to Objectives Combine Risk Scenarios into Risk Weighted Profiles Combine Risk Profiles into Risk Weighted Composites Review and consider results and commentary Prepare and organize management reporting 24

Risk Mitigation and Adjustment Review and Conclusions Business Strategy Adjust Expand and Refine ERM Program Establish review processes for each Profit Center Identify appropriate metrics to monitor against objectives Monitor and Review Program Effectiveness and Performance Prepare Management and Board Reporting Identify operational programs to effect changes Apply decision making to identify risk mitigation opportunities Review and approve performance objectives and program changes Identify risk avoidance changes based on trends and forecasts Identify workforce, operations, financial changes Incorporate changes into business plans and ERM model Adjust Program and Expand in concert with operations, enterprise or business environment changes Establish new KPI and KRI 25

Operations Risk Contributors Risk Risk Profile Composite Risk Profiles Objectives Metrics Accuracy Error Rates Policy/Customer Operations Credit Efficiency Time to Close Competitiveness Enterprise Environment Cost Effectiveness Employee Expense / Revenue Infrastructure Expense / Revenue 26

Enterprise Risk Contributors Risk Composite Risk Profiles Objectives Metrics Operations Growth Bus. Plan / Velocity Retention Credit Enterprise Operations Quality Safety & Soundness CAMELS ILR Environment Portfolio Quality UBPR Ratios 27

Risk Composite Environment Risk Contributors Risk Profiles Objectives Metrics Operations Peer Group Performance UBPR Ratio Analysis Credit Enterprise Rate Changes Thresholds Appraisal Valuations Change Fed / Local Rates Forecast Inventory Change Real Estate Market / Sales Environment Infrastructure Expense / Revenue New Construction 28

Building a Risk Profile Credit Management 29

Operations Risk Profile 30

Key Performance Indicators KPI Ratings 1 Exceeded Positive Performance Threshold 2 Advancing in Positive Direction 3 No Change 4 Advancing in Negative Direction 5 Exceeded Negative Performance Threshold 31

Enterprise Composite By the Numbers Credit Risk Management 3.18 3.13 32

Enterprise Regulatory Sanctions Restriction on Business 33

Risk Assessment Probability / Impact / Readiness 34

Risk Scenario Scorecards 35

Scenario Regulatory Sanction Risk Probability Factor Non Current ASSETS as Percent of Total 5 @ 60% Provisions Loan Receivables / Avg Assets 5 @ 15% Loans and Leases Allowances to Total Ln&LS 4 @ 25% Impact Factor 4.75 Community / Customer 3 @ 40% Reputation 4 @ 60% Controls / Readiness 3.6 Regulatory / Legal Management 2 @ 100% Exposure / Risk 3.088 / 3.6 36

Non Current ASSETS as Percent of Total Probability Factor 37

Provisions Loan Receivables / Ave Assets Probability Factor 38

Loan Loss Allowances / Total Loans Probability Factor 39

Controls Risk Mitigation / Readiness Factor 40

Credit Risk Loan Portfolio 41

Building Risk Appetite Identity Peer Group Benchmarking / Savings > $1B Similar Style and Region 42

Enterprise Risk / Performance Ratios Baseline Key Ratios for using CAMELS Analysis Capital Earnings Tier 1 Leverage Capital / Average Total Assets Tier 1 Risk-based Capital / Risk Weighted Assets Total Risk-based Capital / Risk weighted Assets Retained Earnings / Average Total Equity Asset Growth Rate Cash Dividend / Net Income Net Income (After Tax) / Average Assets Net Interest Income (TE) / Average Earning Assets Total noninterest Expense / Average Assets Asset Quality Liquidity Loans and Leases Securities Real Estate Contingent Liabilities Special Mention Adversely Classified Items Coverage Ratio Total Adversely Classified Assets / Total Assets Past Due and Nonaccrual Loans and Leases / Gross Loan and Leases ALLL/ Total Loans and Leases Net non-core Funding Dependence Net Loans and Leases / Assets 43

Average Assets per Employee Institution versus Selected Peer Group 44

Total Equity Capital Institution versus Selected Peer Group 45

Net Income Institution versus Selected Peer Group 46

Putting It Together / Risk Analysis Key Performance Indicators, Risk Thresholds and Metrics Management Key Performance Data KPA ERM Financial Impact Data SRS ORM Program Controls Assessments Reporting 47

Phase III - Monitoring Ongoing Monitoring Update ERM Data to Provide Direction of Risk - Dynamic Separate Evaluations Provide Drilled Down Reporting at Functional Area Level Reporting Deficiencies Negative Trends are Identified to Help Develop Strategy to Achieve Established Objectives 48

Phase III Source - COSO - Enterprise Risk Management Framework 49

Phase III Benefits of identifying Direction of Risk Modify Strategies Transfer the risk to another party Avoid the risk Reduce the negative effect of the risk Accept some or all of the consequences of a particular risk Continuous evaluation of processes to identify efficiencies throughout product lines 50

Information Flows Within Enterprise Risk Management 51

A Practical Approach to Enterprise Risk Management Questions/Comments? Amit Govil 732-651-1700 agovil@pgcpa.com P&G Associates John McIsaac (610) 291-5065 jmcisaac@rcn.com McIsaac Risk Solutions LLC www.mcisaacrisksolutions.com 52

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback