Presented by Rolando C. Cabrera Risk Management Advisor Chairman of the Board, Risk and Insurance Management Association of The Philippines (RIMAP) An Element of Good Governance

Risk Management contributes to good Corporate Governance by providing reasonable assurance to boards and senior managers that the organizational objectives will be achieved within a tolerable degree of residual risk. Risk Management Creates Value

What are your Cooperative’s top 10 risks? Do you have a concise report that shows the key exposures and trends for strategic, financial, and operational risks? Are you in compliance with internal policies, laws, and regulations? Were the majority of your Cooperative’s actual losses and incidents identified by the risk reports? Are you managing businesses on a risk-adjusted profitability basis? Acid Test of Good Governance

Common Definition of Risk the likelihood of something undesirable happening in a given event the conditional probability of the event occurring times the consequence of the event given that it has occurred

SEC Code of Corporate Governance “The Board must identify key risk areas and key performance indicators and monitor these to ensure the effectiveness of internal control”

Why take ?

The Three components of Risk:  An event  A probability of occurrence  An impact

8 I. Basics of Risk Management A. Elements of Risk Management Risk Elements of Risk

9 B. Types of Risk Pure Loss Speculative Gain Loss (upside risk) ( downside risk) Types of

1. Property 2. Finance 3. Legal Liability 4. Personnel Areas of Exposure to Loss (Pure and BusinessRisk)

13 ERM Framework 1.Strategic 2.Financial 3.Legal and Compliance 4.Operational Basel 2 (BSP) 1.Credit 2.Market 3.Operational BSP Supervision and Examination 1.Credit 2.Market 3.Interest 4.Liquidity 5.Operational 6.Compliance 7.Strategic 8.Reputation BSP Supervision by Risk (Circular 510)

Financial Risk In the financial world, risk can be defined as “any event which can impair corporate earnings or cash flow over short/medium/long-term horizons.”

Credit Risk Credit risk is defined as loss exposures due to counterparties’ default on contracts.

Market Rate Risk Cooperatives investments may suffer a loss if there is a fall in the market value of an investment. – Equity risk – Currency risk – Interest rate risk

Risk of loss of: Properties Income Key personnel Exposure to liabilities Resulting from inadequate or failed: Process People System External events Operational Risk is…

T Today’s organizations are concerned about: Risk Management Governance Control Assurance (and Consulting)

Reputation Risk Reputation risk arises when a situation, occurrence, business practice or event has the potential to materially influence the public and stakeholder’s perceived trust and confidence in a cooperative. As with other risks, the board is responsible for overall management of reputational risks.

operations financials strategy development Traditional Risk Management Business Risk Management Enterprise Risk Enterprise RiskManagement Purchase of Insurance or self-insurance of risks affecting property, income, liability and people Assessment of financial risk: Credit Risk Market Risk Silo approach Assess risks which threaten objectives of Strategic Management Process Core Business Processes Develop ERM Framework COSO AS/NZS; AIRMIC; FERMA ISO Portfolio view of risks RBCA RBA RISK MANAGEMENT PERSPECTIVE V A L U E C R E A T I O N RISK MANAGEMENT VALUE CONTINUUM Key Issues: 1. What is the current location of the Cooperative along the continuum? 2. What is the desired location of the Cooperative along the continuum 3. How should the Cooprarative move from the current to the desired location?

What elements need to be put in place? Recognize that ERM is a journey not a destination and requires a change process What are the expected outcomes? How will we know we are successful? Where are we now? How do we get there? What are the obstacles along the way? Why do we need to begin our journey? Future State Drivers Constraints Current State INCREASING RISK MANAGEMENT CAPABILITIES “Achievable Goal”

Why ERM Is Important To a Cooperative Underlying principles: Every entity, whether for-profit or not, exists to realize value for its stakeholders. Value is created, preserved, or eroded by management decisions in all activities, from setting strategy to operating the enterprise day to day.y-to-day.

Why ERM Is Important to a Cooperative ERM supports value creation by enabling management to: Deal effectively with potential future events that create uncertainty. Respond in a manner that reduces the likelihood of downside outcomes and increases the upside.

Enterprise Risk Management (ERM) COSO has defined ERM as follows: a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The Enterprise Risk Management (ERM) Evolution What has changed? Treating the vast variety of risks in a holistic manner Elevating risk management to a senior management responsibility

focuses on ensuring that the enterprise manages the uncertainties that exists around the achievement of its corporate objectives Top Down Strategic Strategic RM Operational RM Operational RM is focused on managing the risks that appear during its day-to-day activities of actually executing the SBUs/BUs strategy. Bottom Up Tactical

The COSO Framework provides an understanding of the components of ERM Enterprise Risk Management: Is a process Is a process Is effected by people Is effected by people Is applied in strategy setting Is applied in strategy setting Is applied across the enterprise Is applied across the enterprise Is designed to identify potential events Is designed to identify potential events Manages risks with risk appetite Manages risks with risk appetite Provides reasonable assurance Provides reasonable assurance Supports achievement of objectives Supports achievement of objectives Source: COSO proposed ERM Framework

Risk Management Responsibility The Board is responsible for the total process of risk management, as well as forming its own opinion on the effectiveness of the process

The Risk Management Process The Board should set the risk strategy in liaison with management Management is accountable to the Board for designing, implementing and monitoring the process and integrating it into the activities of the company

31 Risk Management Structure BOARD of DIRECTORS RM Committee Risk Mgt. Team Risk Mgt. Team Risk Mgt. Team Internal Audit / Compli- ance RM Council RM Steering Committee MACROMACRO M ICROM ICRO Risk Management Teams (RMTs) riskWATCH INTERNATIONAL, INC.

ERM Roles & Responsibilities Management The board of directors Risk officers Internal auditors

Example: ERM Organization ERM Director Vice President and Chief Risk Officer Corporate Credit Risk Manager Insurance Risk Manager ERM Manager Staff FES Commodity Risk Mg. Director FES Commodity Risk Mg. Director

34 Basic Risk Management Process PROCESSS T E P S DESCRIPTION Risk Assessment Risk Treatment Monitoring and Control Risk Identification Risk Analysis Risk Administration Risk Control Risk Finance

Risk assessment is the identification and analysis of risks to the achievement of business objectives. It forms a basis for determining how risks should be managed. Assess Risk

Event Identification Involves identifying those incidents, occurring internally or externally, that could affect strategy and achievement of objectives. Addresses how internal and external factors combine and interact to influence the risk profile.

Formal Risk Assessment The Board should ensure that a formal risk assessment is undertaken at least annually for the purpose of making its public statement on risk management Risk assessment should address : ! Physical and operational risk ! Technology Risk ! Credit and Market Risk

Risks should be assessed on an ongoing basis and control activities should be designed to respond to risks throughout the company Companies should develop a system of risk management and internal control that builds more robust business operations

How OFTEN will the loss occur? How BIG will the loss be? Will it THREATEN our FINANCIAL STABILITY? Will they INTERFERE with our basic OBJECTIVES? Risk Analysis

WHAT CAN GO WR N G ? The process of determining what, where, when, why and how something could happen. Risk Identification

Risk, Peril, or Hazard?

Impact vs. Probability Control Share Mitigate & Control Accept High Risk Medium Risk Low Risk Low High IMPACTIMPACT PROBABILITY

Risk Mapping High S e v e r i t y FrequencyFrequency Moderate High LowModerate Low

Significance / Impact Likelihood / Probability

Significance / Impact Likelihood / Probability

Prioritizing Risks Establish the risks to be eliminated due to potential impact. Establish the risks which require regular management attention. Establish the risks that are sufficiently minor to avoid detailed management attention.

Risk Prioritization

X HIGH LOW R I S K HIGH REWARDREWARD X

RISK CONTROL Stops Losses from Happening

Risk Control Mitigate Risks Plan for Emergencies Measure and Control Elements of Risk Control

RISK CONTROL TOOLS: A. Risk Avoidance RIVER WAREHOUSE

RISK CONTROL TOOLS: B. Loss Prevention

RISK CONTROL TOOLS: C. Loss Reduction Fasten your seatbelt

RISK CONTROL TOOLS: D. Segregation of Risk 1. Separation Production Warehouse

RISK CONTROL TOOLS: D. Segregation of Risk 2. Duplication Head Office’s Computer Back-up System at Branch Office

Risk Response Identifies and evaluates possible responses to risk. Evaluates options in relation to entity’s risk appetite, cost vs. benefit of potential risk responses, and degree to which a response will reduce impact and/or likelihood. Selects and executes response based on evaluation of the portfolio of risks and responses.

59 AVOID Divest Prohibit Stop Target Screen Eliminate RETAIN Accept Re-price Self- Insure Offset Plan REDUCE Disperse ControlTRANSFER Insure Allocate Hedge Indemnity Securitize Share Outsource EXPLOIT Allocate Diversify Expand Create Redesign Reorganize Price Arbitrage Renegotiate Influence Development of Risk Strategies

RISK FINANCING Provides Funds for Losses that do Occur (Risk-Based Capital Adequacy)

RISK FINANCING A. Risk Retention Scheme - Current Expense - Unfunded Reserve - Funded Reserve - Borrowing Funds to Pay for Losses B. Risk Transfer Scheme - Insurance - Contractual Transfer of Risk

Monitoring Effectiveness of the other ERM components is monitored through: Ongoing monitoring activities. Separate evaluations. A combination of the two.

Internal Control A strong system of internal control is essential to effective enterprise risk management.

Embedding Risk Management in A Cooperative A risk aware culture Senior Management Commitment A common business risk language Risk management structure Risk management process

The Road Beyond 2015 for a Cooperative Business Continuity Planning (BCP) Corporarte Resiliency: your inner strength

Management theorist Peter Drucker has pointed out that the only way to increase the yield from a given amount of world resource is to introduce risk. To run away from risks is to miss the point: You need to take the right risks and to be aware that that’s what you’re doing.

It is only when one has put all the risks to bed, that one can have a quiet night’s sleep!

End of Presentation Thank You! E Contact details: Rolando C. Cabrera Mobile No

Q&A