1

ENTERPRISE RISK MANAGEMENT A COMPETITIVE EDGE FOR THE COMPANYANDHOW IT ADDS VALUE TO ITS SHAREHOLDERS

Presented by:Anu Damodaran, MBA G 2nd Sem, AUD0260Amity University, Dubai

2

OBJECTIVE

To understand what Enterprise Risk Management is, why it is important for any business and how it can be measured.

To know whether by measuring and managing the risks consistently and systematically can a company strengthen its ability to carry out its strategic plan.

To understand the methods/ tools used by firms to manage Enterprise Risk.

To study the processes and challenges in implementing Enterprise Risk Management and to identify how much risk can be retained and how much should be laid off.

3

DEFINITION OF ERM

“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Source: COSO Enterprise Risk Management – Integrated Framework. 2004. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)

4

EVOLUTION OF ERM

Historically: “risk silo” mentality Mid-1990s:

First “Chief Risk Officer” First use of ERM terminology

Late-1990s: Risk-related regulatory requirements (e.g., Turnbull) Earnings protection insurance debuts

2001: September 11 Corporate scandals Beginning of efforts to improve corporate

governance

5

THE COSO ERM FRAMEWORK

6

WHY IS ERM IMPORTANT?

Integrated strategy Consistency Communication Clear and concrete measures of

performance

7

8

GOALS OF ERM

Create and increase company value Ensure business continuity Stabilize earnings Enhance opportunities for the company

to achieve its objectives Make risk management more cost-

efficient

9

TYPES OF RISKS

Operational Hazard Physical

Strategic Capital / resource

allocation Industry / competitors

Technological Databases Security Confidential information

Stakeholder

Legal Compliance Regulatory

Financial Capital markets Credit risks Taxes

Human capital Retention Training

Reputational

10

THE ERM PROCESS

Identify Risk

Analyze Risk

Identify Requirements

Identify Controls

Risk Registry

11

IMPACT VS. PROBABILITY

Control

Share Mitigate & Control

Accept

High Risk

Medium Risk

Medium Risk

Low Risk

Low

High

High

IMPACT

PROBABILITY

12

Low

High

High

IMPACT

PROBABILITY

High Risk

Medium Risk

Medium Risk

Low Risk

• Loss of phones• Loss of computers

• Credit risk• Customer has a long wait• Customer can’t get through• Customer can’t get answers

• Entry errors • Equipment obsolescence• Repeat calls for same problem

• Fraud• Lost transactions• Employee morale

EXAMPLE: CALL CENTER RISK ASSESSMENT

13

KEYS TO SUCCESS IN ERM

Senior management commitment and sponsorship

Embed a “risk management culture” in the corporation at the operational level

Provide for accountability, both specific and widespread

Clearly defined responsibilities for coordination and maintenance

Adequate communication

14

ERM PREDICTIONS

1. ERM will become an industry standard2. CRO position will be prevalent3. Audit committees will become risk committees4. Economic capital will replace VaR5. Enterprise-level transfer of risk6. Impact of advanced technology7. Measurement standard for operational risk8. Mark-to-market accounting9. Risk education will grow10. Salary gap between risk professionals will widen

15

CONCLUSION

However, let’s not underestimate how big a challenge it is

Even in a “frictionless” world, quantifying and codifying a holistic approach to risk management is an enormous task

Real-world realities make it even more difficult

But it’s worth the effort

16