Leveraging ERM-ORSA for Strategic Value

Lou DiSerafinoFormer CRO Independent Health

Theme

“There is no security on this earth; there is only opportunity.”

Douglas MacArthur

Presentation Agenda• Why this matters• Increasing level of uncertainty• Changing business fundamentals

– increased need for integrated strategy and risk discipline

• ERM discipline to: reduce uncertainty & risk, understand opportunity– Capabilities maturity journey– Risk governance model– Risk Appetite Statement, supported by Risk Tolerance Guardrails (KRIs)– ERM model for risk assessment, treatment, reporting and monitoring

• ORSA: Links ERM to Capital planning, decision support, transparency– The ultimate risk management value proposition

• Use Test– “You were serious about that?”

CEB StudyCost of Inaction Energy Mismatch

PwC StudyHow risk management leads to increased profit margins

Companies that put a premium on risk management can cope with

ever-increasing business risks while seizing opportunities that present themselves.

By Thor Olavsrud

1. Risk management leaders understand how risks interconnect and impact business.

2. Risk management leaders have a strategic understanding of their risk appetite and are willing to take risks.

3. Risk management leaders are more aligned across business units.

4. Risk management leaders apply more sophisticated techniques.

http://www.cio.com/article/2910231/risk-management/how-risk-management-leads-to-increased-profit-margins.html

http://www.pwc.com/us/en/risk-assurance-services/risk-in-review/assets/executive-summary-

risk-management.pdf

http://www.cio.com/article/2910231/risk-management/how-risk-management-leads-to-increased-profit-margins.html http://www.pwc.com/us/en/risk-assurance-services/risk-in-review/assets/executive-summary-risk-management.pdf

Increasing Level of Uncertainty:Health Insurance Industry Example

Top Risks/Opportunities

• Unsustainable medical cost trend• Disruptive, uncertain regulatory environment

– Impact of the Affordable Care Act (ACA)• Implementation of Insurance exchanges

–Migration from employer based model to retail model (individual consumers)

• Increased reliance on web presence• Overhaul of reimbursement code model (ICD-10)• Fundamental changes in basic business model

–Care delivery integration • Aging population (increased utilization of medical care)• Alternate reimbursement methods - alignment of

incentives for member, provider, employer, broker• Increased cost transparency• Critical resource constraints

–Access vs. supply, especially primary care• Consolidation/M&A activity

Need Strong Risk Mgt. to Support Strategy

• Effective ERM discipline enables organization to:– Take the right risks needed for survival and value growth– Manage risk; reduce uncertainty of success– Transform the organization, focus on issues underlying reform effort

• Access, Affordability, Quality• Requires making bets, understanding and managing risks

– Strong link to strategic planning discipline; increased confidence in strategy• Requires confidence in risk management capabilities

– Risk identification– Resiliency, adaptability, rapid response capabilities– Contingency and scenario planning capabilities– Ability to absorb shock– Understanding of opportunity (Risk Aware)

– Enables risk taking to create value

• Strategy focused risk assessment aligns organizational direction– Identifies risks to future course, develops mitigations to reduce uncertainty– Increases relevance of ERM in daily strategic and business discussions

IH ERM Framework

ERM framework:

Designed to integrate risk management process with strategic, capital, and operational decision-making – for “risk-informed” decisions…

Supporting:

a) Sound Board risk governance

b) Risk intelligent business leader decision support process

Strategic planning “Risk aware” review of strategic

options Support acquisition and divestment

decisions Contingency planning

Performance measurement Risk-based metrics used to evaluate

performance, compensation Integrated into target setting

processes

Stakeholder communication Clear understanding of stakeholders’

risk appetite Communicate understanding of risk

exposure and inclusion of risk aware decision criteria

Operations management Consideration of risks in functional

operations

Integration and link to decision-making

Budgeting/Capital Expenditures• Risk-based review criteria in annual

budgeting Risk-return review for large capital

expenditure decisions

Risk management infrastructure

Appetite and tolerance

Governance and oversight

Measurement tools and techniques

Risk culture

Communication

Continuous improvement

Training, education and awareness

Risk management process

Analysis & measurement

Monitoring & reporting

Risk mgmt. strategies

Identification & assessment

Capital Impact Understanding

Capital Modeling

Stress Testing

Scenario Analysis

Enterprise Risk Management

Team – Cross functional

team led by CFO, no dedicated resources

– Individual issue risk assessments, prioritized by team

Hired dedicated CROCreated separate Board committee

–Consolidated operational risk areas into Risk Office

–Dedicated ERM function–Risk Governance Model created–Enterprise risk assessment (ERA) process established

• Outside-in view focused on universe of risk

• Results mixed… good for Risk Committee, but not relevant to daily strategic and business discussions

Office of Strategy Management (OSM) implementation

– Opportunity for alignment of risk and strategy

ERA revised to focus on strategy, & reducing

uncertainty of success– Increased relevance in daily

strategic and business decision process

– Enable risk taking by offering some control over uncertainty

– Consistently engaged by the business in key decisions

2005-6 2007-8 2009-10 2011-2 2013-4 2014-5

Linked ERM to Business Planning, Capital

Modeling– Capital modeling, stress

testing matured to complex model

– Incorporated risk adjusted planning results into strategic decision process

“He that will not apply new remedies must expect new evils;

for time is the greatest innovator.“

Francis Bacon, British author and statesman

ERM Capability Development at IH

Risk Appetite Statement

– Developed Risk Appetite Statement

– Risk Tolerance Guardrails– Risk Governance Ground

rules– Risk Culture

Communications– Risk Appetite Integration

info business operations

ERM capabilities matured past compliance, to strategic advantage– Risk-aware decision making– Drives resource allocation toward risk top

treatment plans – Increased integration with planning/strategic

objectives– Focus on Risk Appetite and risk culture– Developed Stress testing, capital impact

modeling capability– Realized achievement of ORSA objectives,

ERM link to Capital Planning, Strategy, decision support tool

Risk Governance Model: 3 Lines of Defense; “Risk Office” Concept

Risk Appetite

• Focus on Strategy• Focus on fundamental

economics of business model

• Risk Appetite Statement• Risk Tolerance Guardrails

– KRIs compliments, not copy KPIs

• Governance Ground rules• Integrate into business

units• Communications and

Awareness

Strategy Focused Enterprise Risk Assessment Process

Identify risks to the strategic drivers of organizational value

Prioritize top risks to strategic value – what could cause failure

Analyze, develop risk mgt. strategy, measure, report on top risks list

Top Risk Dashboard – for risk governance dialog & alignment

Risk Analysis- Individual Risk Summary

Illustrative purposes only

Example Top Risk Treatment Tool

KRI Dashboard• Improved risk governance view, tied to real economic drivers of risk and business results• Complement, not duplicate, existing KPIs, balanced scorecard• Incorporate risk tolerance guardrails• Map to existing Top Risk Status reporting• Improved risk dialog, and understanding at all levels of risk governance

ORSA Background

• Integration of robust risk management function a basic regulatory expectation• Responsible to determine capital standing and adequacy, Stress testing capability for decision support

• Leverage for value• Meaningful capital behind risks to offset downside• Stress test, scenarios analysis• Track loss events

• ORSA supports strong ERM capability & decision supt. capability

• “Confidential internal assessment … of material and relevant risks … associated with… current business plan, and the sufficiency of capital resources to support those risks”

• “Goal to foster effective level of ERM, through which insurer identifies, assesses, monitors, prioritizes and reports on its material and relevant risks… appropriate to the nature, scale and complexity of the insurer’s risk, in a manner that is adequate to support risk and capital decisions.”

ORSA Example: Table of Contents – Steering Team

Executive Summary

Legal Entity Structure

ORSA Strategy

Risk Appetite

Risk Governance Model

Risk Dashboard

Cap. Solvency Model & Forward Looking Results

Stress Testing Results

Capital Liquidity Plan

Evidence of “Use Test”

ORSA Position During Period

Risk Process & Framework

Top Risks Independent Review

Chief Financial Officer

Chief Risk Officer

Chief Audit Executive

Chief Actuarial Officer

General Counsel

EVP Strategy

Controller

Chief Information / Data Officer

“Use Test”• “You were serious about dat?”

• Joe Pesci “My Cousin Vinny”

• “Own” Risk and Solvency Assessment• How did you use it?

• ERM, Capital modeling, Stress testing, Scenario analysis

• What key decisions were made based on risk adjusted data analysis?

• What evidence do you have that an understanding of risk was effectively considered in key strategic decisions?

• Model, stress test results• Risk governance meeting(s) presentations, actions, minutes• Strategic changes, alignment subsequent to decision• Budget funding changes supporting risk informed decisions

• Description of how risk and capital modeling capability is integrated into business operations

Evidence of “Use Test”

ORSA: Links Risk Management with Strategy and Capital Planning

• Links ERM (i.e. Risk Appetite, Identification, Assessment, Prioritization, Measurement, Treatment,

Monitoring & Communication) to both Capital, and Strategic planning• Regulator looking for Non-prescriptive “Own” assessment• Need to staff and train assessors

– Layout report plainly– Must meet differing interpretations: Strategy, Capital modeling, Insurance, BC/DR,

Information Security… It’s all of these +

• Many components may already be in place for ORSA Report• Don’t underestimate “the lift”

– Capital model complexity, – More prep than expected

• Value for the effort– Move to more complex capital models, better Financial Planning, Financial

Statement modeling– Improve operations– Improve risk vs. reward decision support

Take A-way’s:• Move past compliance to decision support, for strategic

advantage– “Use Test” Evidence

• Top down appreciation, of ERM-ORSA value proposition for strategic advantage, needed– Investment in capabilities, tools development

• ORSA completes the value proposition– Rigor for Risk & Opportunity information assurance

• Look for effective level of ERM in place• Culture change the hardest part

– Transparency– Process discipline

• CRO - People skills important

Contact Info:

Lou DiSerafinoInfinitive Insight(703) 872-9001

lou.diserafino@infinitiveinsight.com