A Wide-Angle View of Bank Performance

Presented by:Jack R. Salvetti, CPAPrincipal, S.R. Snodgrass, P.C.

2018 OBL Annual Meeting

Enterprise Risk Management is a process for the measurement of risk

associated with achievement of strategic objectives

Enterprise Risk Management – Integrated Framework; COSO September 2004

2

Enterprise Risk Management –Integrated Framework

Uncertainty presents both risk and opportunity, with the potential to erode or enhance value. ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value.

Enterprise risk Management –Integrated Framework

Enterprise Risk Management – Integrated Framework; COSO September 2004

3

Strategy

4

The Choices we make in the pursuit of Value Creation…

Strategy

5

© 2018 S.R. Snodgrass, P.C. All Rights Reserved

© 2018 S.R. Snodgrass, P.C. All Rights Reserved

6

Enterprise Risk Management

7

From a supervisory perspective, risk is the potential that events will have an adverse effect on a bank’s current or projected financial condition and resilience.

RISK…

OCC Comptroller’s Handbook July 2016

8

RISK…

ERM is designed to address the evolving needs of all organizations to improve their approach to managing new and existing risks as a way to help create, preserve, sustain, and realize value—ultimately leading to better performance.

Enterprise Risk Management – Aligning Risk withStrategy and Performance; COSO June 2016

9

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a

voluntary private sector organization comprised of the following organizations

dedicated to guiding executive management and governance participants towards

the establishment of more effective, efficient, and ethical business operations on a

global basis.

• American Accounting Association

• American Institute of Certified Public Accountants

• Financial Executives International

• Institute of Management Accountants

• The Institute of Internal Auditor

10

Developed in 2004, COSO’s ERM – Integrated Framework is one of the most widely recognized and applied risk management frameworks in the world.

11

A decade later COSO decided to update the ERM – Integrated Framework

“The complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting”

Robert B. Hirth Jr., COSO Chair

12

Enterprise Risk ManagementIntegrating with Strategy and Performance

13

June 2017

Our understanding of the nature of risk, the art and science of choice, lies at the core of our modern economy. Every choice we make in the pursuit of objectives has its risks. From day-to-day operational decisions to the fundamental trade-offs in the board room, dealing with uncertainty in these choices is a part of decision-making.

Enterprise Risk Management – Aligning Risk withStrategy and Performance; COSO June 2016

14

Enterprise Risk Management – Aligning Risk withStrategy and Performance; COSO June 2016

Mission, vision, core values Strategy development Business objectives formulation Implementation and performance Enhanced value

ERM Components:

15

Risk Management Framework

16

RiskAppetite

Strategy &

Performance

RiskProfile

RiskResponse

© 2018 S.R. Snodgrass, P.C. All Rights Reserved

Governance & Culture

17

Risk Governance –Regulatory View

18

Comptroller’s HandbookSafety and Soundness

Corporate and Risk GovernanceJuly 2016

Risk governance, which is part of the corporate governance framework, is the bank’s approach to risk management. Risk governance applies the principles of sound corporate governance to the identification, measurement, monitoring, and controlling of risks. Risk governance helps ensure that risk-taking activities are in line with the bank’s strategy and risk appetite. Key components of risk governance include the risk culture, the risk appetite, and the bank’s risk management system.

OCC Comptroller’s Handbook July 201619

Risk Culture

Risk Appetite

Risk Management SystemFirst

Line of DefenseSecond

Line of DefenseThird

Line of DefenseFrontline units, business units, or functions that create risk

IRM, loan review, compliance officer, chief credit officer

Internal audit, including independent assurance

Risk Governance Framework

OCC Comptroller’s Handbook July 201620

21

Risk culture is the shared values, attitudes, competencies, and behaviors throughout the bank that shape and influence governance practices and risk decisions. As a subset of corporate culture, risk culture pertains to a bank’s risk approach and is critical to a sound risk governance framework.

OCC Comptroller’s Handbook July 2016

22

The bank’s risk appetite is another essential component of an effective risk governance framework and reinforces the risk culture. The bank’s risk appetite is the aggregate level and types of risk that the Board and management are willing to assume to achieve the bank’s goals, objectives, and operating plan…

OCC Comptroller’s Handbook July 2016

OCC Bulletin 2017-43New, Modified, or Expanded Bank Products and Services

October 20, 2017

Due Diligence and Approvals Bank management and the Board should clearly understand the rationale for engaging in new activities and how proposed new activities meet the bank’s strategic objectives. Management should conduct due diligence to fully understand the risks and benefits before implementing new activities. Due diligence should include assessing whether the risks associated with the proposed new activities are consistent with the bank’s strategic plan, risk profile, and risk appetite.

23

Key Risk Indicators

24

Key Risk Indicators are metrics used to provide an early signal of increasing risk exposure in various areas of the organization. In some instances, they may be key ratios that the Board and senior management track as indicators of evolving problems, which signal that corrective or mitigating actions need to be taken.

The Development and Use of Key Risk Indicators

COSO – Strengthening Enterprise Risk Management for Strategic Advantage

25

Performance Leadership

26

© 2018 S.R. Snodgrass, P.C. All Rights Reserved

27

SRSNODGRASS.COM 800.580.7738 28

Jack R. Salvetti is a Principal with S.R. Snodgrass, P.C., a regional accounting and consulting firm specializing in service to the banking industry. Jack assists banks throughout the United States by formulating successful strategies, improving financial performance, and implementing dynamic enterprise risk management frameworks. Jack is a frequent speaker, writer, and instructor at bank management schools and bank director programs.