Upload
shannon-carr
View
213
Download
1
Embed Size (px)
Citation preview
Who is Responsible for Risk Management?
ORIMS Building Blocks Session
April 16, 2013
Susan Meltzer
VP, Enterprise Risk Management
Aviva Canada
Who is responsible for risk management?
Stakeholder Responsibility
Regulators Stock Exchanges
Board of Directors
Boards of Directors Chief Executive
Chief Executive Senior Management
Senior Management Front Line
Internal AuditExternal Audit
Front Line
Academia Front Line
Douglas Barlow: “All management is risk management”
re•spon•si•bil•i•ty (rɪˌspɒn səˈbɪl ɪ ti)
n., pl. -ties. 1. the state, fact, or quality of being responsible. 2. an instance of being responsible: The responsibility for this mess is yours! 3. a particular burden of obligation upon one who is responsible: the responsibilities of authority. 4. a person or thing for which one is responsible.
ac•count•a•bil•i•ty (əˌkaʊn təˈbɪl ɪ ti)
n. 1. the state of being accountable, liable, or answerable. 2. a policy of holding public officials or other employees accountable for their actions and results: a need for greater accountability in the school system.
What does it mean to be responsible?
Are they synonyms?
Responsibility versus accountability
Responsible / Accountable
Actions
Board of Directors Accountable Ensure that a risk management framework is in placeSet and approve the organization’s risk appetite
Chief Executive Accountable Operate the business within the risk management framework and risk appetite as defined by the Board
Senior Management Responsible Manage their activities within the requirements of the risk management framework
Front Line Responsible Operate the controls and limits that are defined to support the risk management framework
What about the risk manager?
• Advisor to the Board of Directors by designing the risk management framework and the risk appetite framework and limits for their approval
• Author risk policies for approval by the Board of Directors to ensure management knows “what” the Board intends by its risk management framework
• Design the tools, techniques and processes that support the risk management framework and work with senior management and the front line to implement effective and efficient risk management practices
• Develop monitoring and reporting protocols to ensure that management is operating within the framework
• Report to the Board on position against risk appetite
• Recommend (and/or execute) mitigation strategies to bring risks within appetite, for example, insurance and hedging programs
• Support the business in finding ways that they can accept risks to achieve competitive advantage
Risk Management Framework
IdentifyMeasure
Manage
Monitor
Report
Risk Appetite
• Management is responsible to implement and embed the framework
• The risk team supports and provides oversight to management during the implementation and embedding of the framework
• Review and refresh the framework to ensure that it continues to be fit-for-purpose
Risk Aware Culture
Governance
7
Three Lines of Defence for the Management of Risk
1st Line of Defence
Categorize RiskIdentify & Measure
• Risk identification based on drivers to Aviva’s economic capital, liquidity and franchise value and changes in the environment• Risk registers• Likelihood/Impact (risk maps)• Operational loss data• Stress and scenario testing• Key risk indicators• Internal model outputs
Management Actions
• Risk taking /transfer decisions• Contingency plans• Control effectiveness• Operational effectiveness
including business standards and performance management objectives
• Capital management activities• Re-planning as needed
2nd Line of Defence
3rd Line of Defence Independent assurance of the risk and control environment
Credit
Market
Liquidity
Insurance
Assurance
Custodianship of Risk Policies Challenge
Reporting
• Dynamic, focused on material risks and trends
• Performance and the impact on the risk profile, historical and prospective
• Decisions, taking in to account risk reward trade-offs
• Mitigating actions• Risk vs. Appetite
Measure Monitor Manage Report
Effectiveness of the RM Framework View on the risk profile
Bu
sin
ess
Man
agem
ent
Operational
Identify
Ris
k F
un
ctio
nIn
tern
al A
ud
it
Adding value to the discussion of risk:Risk Manager’s perspective of risk
Management
Key Risk Indicator/Risk Measure
Pro
bab
ility
TargetToleranceVAR/EC
Risk Management Governance
a
bc
You'll always miss 100% of the shots you don't take. ~Wayne Gretzky
Business people focus on upside and quantification
• When we focus on expected losses we miss the tail and the extreme catastrophe
• When we focus on the tail, we miss managing the opportunities within the expected volatility and we miss the potential for extreme catastrophes
• We need to stand back and understand all of the dimensions of risk in order to make appropriate decisions
• The risk manager can play an invaluable role in leading and facilitating discussions that uncover the risks that can occur beyond the tail
The more frequently you look at data, the more noise you are disproportionately likely to get (rather than the valuable part, called the signal)Nicholas Taleb, “Antifragile”
Presentation title here 00.00.00 page 10
Three dimensions of risk
Various Risk Types /CategoriesProbability Analysis
Catastrophe ModellingAssessment of Tail Scenarios
Qualitative Assessment(includes the upside risks ofmissed opportunities)- High, Medium, Low- Risk Maps- Risk Workshops- Ranking of priorities
All three types of anlaytical tools must be applied to each risk category in order to perform complete analysis. Risk to reputation has aspiral effect on risks. When a seemingly minor incident is analyzed through these processes, the risk to reputation may far outweighfinancial/operational consequences.
Business judgement includingconsideration of 3 types ofconsequences- Financial- Operational- Reputation
- Accumulation of tail events- One time occurrences
- High frequency- Credible data-Misestimation of probabilitycould lead to accumulationand catastrophe