CAS Spring Meeting June 2007 Introduction to ERM …The Measurements, Quadrants, Tools, and Solutions Prof. Mark C. Vonnahme Fox Family Clinical Professor University of Illinois at Urbana-Champaign

ERM… Speaker background…. 31 years experience in surety and property casualty… President and CEO, CNA Surety Industry leader … pro-active on many fronts Changing environment ….

ERM… Practitioner meets academic life… Teaching  Corporate Finance  Property and Casualty  ERM  25% students … actuarial science

ERM… Appointed to CAS Board in March, 2007 First non-actuary member of Board… Learning … Adding value …

ERM… The combination of Academia and Practitioner…. Thinking about ERM … perspectives  Teaching RMI and ERM provided a deeper understanding of both…  ERM was always important to me …. even when it wasn’t in vogue …  Knowing what I do now, would do it better…  ERM is a long term commitment and process…

ERM Consider… ERM is a journey… not a one time event ERM is not just compliance … it needs to be embedded in the culture to be successful ERM starts at the top … and requires the commitment of management team… ERM must be customized to industry and company … one size does not fit all … ERM is multi-disciplinary… ERM takes time to develop… be flexible, be willing to make adjustments…

ERM…  Why the shift to ERM  Some trends that have impacted the process  Globalization  Continued integration of insurance  Increased regulation  Focus on corporate governance  Sarbanes Oxley

ERM… Definition of ERM….

ERM… Committee of Sponsoring Organizations of the Treadway Commission ( COSO ) Published Enterprise Risk Management-Integrated Framework in 2004  COSO has defined ERM as … A process, effected by an entity’s board of directors, management and other personnel,applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives.

ERM… Traditional risk management Six step process  Risk identification  Risk analysis  Development of alternative techniques to treat risks  Selection of best risk-treatment techniques  Implementation of selected techniques  Evaluation and monitor of effectiveness of risk management

ERM… So what’s different about ERM It expands the process to more fully integrate risk management into the organization’s structure  It is an interactive(pro-active) process not a reactive process

ERM… A Broader Framework … depicts the following attributes of the ERM process Effected by people Embedded into strategic goals Applied across the enterprise Designed to identify potential events Encourages risk to be managed within a determined appetite Provides reasonable assurance to key stakeholders Supports achievement of key objectives

ERM… Where does ERM reside in an organization…

ERM… ERM and Risk Manager CRO needs to have an expanded view of risk Opportunity for gain and loss Manage to take advantage of knowledge of risk Exploit the value of risk bearing operations Acknowledge that risk is an asset and risk producing activities can provide upside…value  Risk and opportunity  A competitive edge

ERM… Chief Risk Officer Functions  Create a risk aware culture  Oversight of risk assessment activities and risk appetite  Educating stakeholders about ERM program  Implementing an integrated risk management framework throughout the org  Managing the ERM framework with emphasis on operational risks  Developing ways to mitigate and finance risk within the organization’s larger business strategies

ERM… Risk categories or domains … relationships exist between risks Operational risks Financial risks Human capital risks Strategic risks Legal and regulatory risks Technological risks Others

ERM… Establishing an ERM Program Identify the ERM vision Develop a supporting business case Establish a cross-sectional implementation team Assess the current operating environment Quantify key risks Create SMART response plans  Specific,measurable,acceptable,realistic,time-limited Implement continuous monitoring and improvement

ERM… The ERM process Identification of organization’s risks  Internally Surveys, interviews,assessments across departments and divisions Multi disciplinary  Externally Industry benchmarks, economic and other data

ERM… ERM Process Assessment of risks for prioritization  Quantitative  Qualitative  Correlations  Interdependencies  Risk Mapping

ERM… ERM process Risk appetite  Tolerance for risk Risk treatment and control  Loss prevention techniques for reducing frequency and severity  Risk financing, retention or combination

ERM… ERM process Risk mitigation and measurement  Evaluation of risk mitigation strategies  Integration into operating planning and reporting

ERM… ERM process Monitor, adjust and continually evaluate progress  Be flexible…  Do not be afraid to adjust to change…  It is a constant process …. a journey

ERM… Benefits of Risk Management Practical Whys from James Lam … and others  Positives of Active Risk Management Managing risk is everyone’s job Managing risk can reduce earnings volatility Managing risk can maximize shareholder value Risk management promotes job and financial security

ERM… Practical Whys from Vonnahme Good companies want to stay that way…  Leading v following Staying competitive … or a competitive edge.. Dealing with change…

ERM… What would an ERM program accomplish … Increase recognition of the importance of capital to support risk Improve focus on risks of the organization More refined/better definition of risk appetite Impact/reduce cost of reinsurance or other risk management techniques Impact the capacity and cost of debt Assist in attaining /retaining higher AM Best and/or other ratings Improve Corporate Governance … transparency and disclosure Lead to higher value for all stakeholders

ERM… Final thoughts Prof. Mark C. Vonnahme Fox Family Clinical Professor University of Illinois