© Compliance Aid 2011 ADOPTING A SYSTEM OF CONTINUOUS RISK MANAGEMENT 1
What is ERM ? Why is ERM Important? Key components for ERM What Audit Committee should know Effective Risk Strategy/Continuous Risk Management Benefits Success Factors Questions © Compliance Aid
Enterprise risk management (ERM) includes the methods and processes used by businesses to manage risks and seize opportunities related to the achievement of their objectives. ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the businesses objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. © Compliance Aid
ERM can also be described as a risk- based approach to managing an enterprise, integrating concepts of internal control, Sarbanes-Oxley and strategic planning. © Compliance Aid
Risk is inherent to all functions of a business. Enterprise risk management (ERM) is for the measurement and the management of all significant risks of the business holistically irrespective of types and sources. © Compliance Aid
ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex businesses to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of business. © Compliance Aid
There are several checkpoints that drive the need for enterprise risk management, which include: Greater transparency Financial disclosures with more strict reporting and control requirements Security and technology issues Business continuity and disaster preparedness in a post-9/11 world Regulatory compliance Globalization in a continuously competitive environment © Compliance Aid
Uncertain economic future The uncertainty of the overall condition of the US and global economies increasingly emphasizes the need for risk management, and the achievement of strategic goals. Risk management is a top priority for Boards Poor risk management practices have been blamed for the credit crisis and ensuing global financial meltdown. Institutions and regulators suggest that risk previously was simply reported, rather than managed. Regulators mandate requiring enhanced disclosure regarding risk, compensation, and corporate governance for proxy and other informational statements. © Compliance Aid
Embedded within an organization's strategies and objectives, ERM's value is maximized when a balance is reached between growth, returns, risks, uncertainties, and opportunities. How much risk the entity is prepared to accept is inherent in ERM's capabilities, which encompass the following key components: Aligning risk appetite and strategy. Enhancing risk response decisions. Reducing operational surprises and losses. Identifying and managing multiple and cross-enterprise risks. Seizing opportunities. Improving deployment of capital. © Compliance Aid
Considering activities at all levels of the organization, the ERM framework views entity objectives at the entity, division, business-unit, and subsidiary levels, in four key categories: strategic, operations, reporting, and compliance. © Compliance Aid
At the same time, the framework focuses on eight interrelated components: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. © Compliance Aid
© Compliance Aid
Articulating and communicating the organization's objectives. Determining the organization's risk appetite. Establishing an appropriate internal environment, including a risk management framework. Identifying potential threats to the achievement of objectives. Assessing risks, including their impact and likelihood of occurring. © Compliance Aid
Selecting and implementing responses to risks. Undertaking control and other response activities. Communicating information on risks consistently at all levels in the organization. Centrally monitoring and coordinating the risk management processes and the outcomes. Providing assurance on the effectiveness with which risks are managed. © Compliance Aid
The concept of Enterprise Risk Management ("ERM") is becoming a common topic with boards and audit committees. Many businesses are actively deploying a more complete approach to managing risk under one large umbrella. ERM is based on the recognition that risk is pervasive, and the business can more effectively and efficiently manage risk by leveraging and integrating risk management activities, and by deploying responsibilities and accountabilities throughout the company. Moreover, it is becoming a recognized axiom that there exists a direct correlation between effective business process and financial management techniques, and effective risk management (i.e., ineffective business processes yield high risks.) © Compliance Aid
Audit committees should be able to generate real value for their companies by: Staying focused on the fundamental objectives and purpose associated with ERM Recognizing that ERM is a journey not a destination Develop risk awareness and consciousness at the audit committee. Understanding in your industry and how your business creates risk. (Financial, operational, compliance, reputation, etc.) Understanding whether your company has an approach to continuously assess and mitigate risks © Compliance Aid
Provide leadership to raise awareness of risk management and relate to advancement of the company's mission and objectives Deploy responsibility and accountability into line and staff roles, for risk management including: Continuous risk assessment (tied to change control) Continuous Monitoring Continuous improvement of controls Establish metrics to monitor risk management effectiveness and follow through regularly to reinforce accountability and reinforce success © Compliance Aid
Enterprise Risk Management (ERM) - Manage risk by leveraging and integrating risk management activities Strategic Dimension of Enterprise Risk Management (ERM) for Audit Committees Organizational structure and Strategic relationships Business processes improvement and Information systems Audit committees: Stay focused on objectives of Enterprise Risk Management Develop risk awareness (financial risk, operational risk, compliance risk) Understand your company's risk assessment approach Deploy risk management responsibility into staff roles Establish metrics to monitor risk © Compliance Aid
Effective ERM integrates with strategic planning in the following areas: Financial/Operational – Defines how much and what type of value the company must create to satisfy shareholders and stakeholders. Customer – Describes the value proposition the company promises to deliver to its customers and why customers should buy from the company, rather than rival competitors. Process – Describes how the business will efficiently and effectively deliver value promised to customers. Learning and Growth – Identifies the resources required to enable the company’s employees to achieve strategic objectives. © Compliance Aid
Utilizes all disciplines within an organization Too often the responsibility of risk management is placed upon a few individuals within an organization. ERM assigns risk management responsibilities to all departments within an company, and empowers all employees to consider the likelihood and impact of both internal and external risks. © Compliance Aid
Focuses on Continuous Improvement Continuous improvement challenges company to constantly evaluate the effectiveness of its processes and provide value to its customers. A successful ERM framework will promote continuous improvement by regularly reviewing key risks and key risk mitigation actions/strategies. © Compliance Aid
First and foremost benefit is it avoid risks, all types of risks such as Credit risks ( this risk can happen internally or externally ), Market Risks ( due to market factors ) and operational risks can be foreseen and tackled through Enterprise Risk Management. Any ERM program in place will certain attract investors to invest on your organization, because they know that the risk factors are less when there is ERM in place. It helps protect the shareholder value and the interest of stake holders in the company/organization. © Compliance Aid
Help organization make correct investment decision analyzing all the facts and figures through ERM. Organization or companies can stay head of competitors who does not have ERM in place, by taking bold decisions and get results from it. Although some of the benefits of ERM cannot be measured, as in the long run it will certainly yield positive results to the company/organization. © Compliance Aid
Other benefits of an Enterprise Risk Management (ERM) include: More effective strategic and operational planning Planned risk-taking and the proactive management of risks Greater confidence in decision making and achieving operational and strategic objectives Greater stakeholder confidence Enhanced capital raising and risk-based capital efficiency Enhanced company’s resilience © Compliance Aid
Dealing effectively with disruptions and losses, minimizing financial impact on the business Providing for forward planning, avoid surprises Evidence of a structured / formalized approach in decision making Regulatory compliance and director protection © Compliance Aid
© Compliance Aid
Align and integrate risk management practices Reduce unacceptable performance variability Build confidence of investment community Enhance corporate governance Successfully respond to changing business environment Align risk taking strategy with corporate culture © Compliance Aid
Understand the Organization’s Expectations and Strategic Objectives Understand the company’s strategic direction Analyze common industry risks and competitors Identify or analyze key performance indicators, drivers, and processes associated with strategic plans Define impact and likelihood profile factors © Compliance Aid
Define Key Risks and Risk Environment Assessment Identify specific goals, objectives, and drivers to the strategic plans Identify the risks to achieving the specific goals, objectives, and drivers Develop risk indicators for each risk identified Perform a management assessment of the risk universe © Compliance Aid
Develop/Assess Key Risk Mitigation Link key risks to the company’s current activities, processes, and locations Align key risks to the appropriate risk indicators Evaluate mitigation strategies and recommend improvement as needed © Compliance Aid
Communication and Continuous Monitoring Develop continuous organization-wide monitoring program over identified risks Develop risk management and reporting model consisting of: Responsible personnel (“risk owners”) for monitoring risks and risk indicators Monitoring timeline which defines the frequency of assessment and reporting Reporting requirements, includes the methods of gathering information from all risk owners and adjusting mitigation strategies as needed © Compliance Aid
Ensure ERM approach and infrastructure match the company’s structure and style Educate continuously Align with strategy of the organization Establish executive and board commitment Assemble the strongest team possible © Compliance Aid
Continuously improve risk management by focusing on business performance Develop quantification process to measure risk impact to value Coordinate enterprise-wide response to the most significant risks Sustain risk management and use it to create business value © Compliance Aid
© Compliance Aid
If you have any questions, do not hesitate to contact us! Michelle N Martin, CAMS, ACA President Telephone: Miami, Florida, U.S.A. +1 (305) St. John's Antigua, W.I. +1 (268) Michelle N Martin, CAMS, ACA Partner Website Telephone: Miami, Florida, U.S.A. +1 (305) St. John's Antigua, W.I. +1 (268) © Compliance Aid
CAACM & Compliance Aid © Compliance Aid