ERM Flashcards — Part 1 FINAL

Foundations of ERM

JJ
JJ
Aug 25, 2017 · 10 min read

Final versions: [Pt.1] [Pt.2] [Pt.3] [Pt.4] [Pt.5] [Pt.6]

  • [01] Risk management process (3): 1. identify risks faced by organisation; 2. assess likelihood and impact of risks; 3. decide how to respond to each risk and take appropriate action
  • [01] Elements of an ERM holistic approach (5): 1. apply risk management consistently across whole enterprise; 2. led by Board, co-coordinated through a central risk management function led by CRO; 3. incorporated into the day-to-day operations of all personnel; 4. recognize that risks interact (concentration/diversification); 5. recognize that risks are dynamic (ongoing concern)
  • [01] Elements of ERM value creation (2): 1. integrate risk management and measurement into business processes and strategic decision making; 2. consider both upside and downside risks
  • [02] Key arguments for risk management (5): 1. can benefit society (reduce contagion); 2. part of the job of management; 3. reduce earnings volatility; 4. maximize shareholder value; 5. enhance job security and rewards
  • [02] Benefits of reduced earnings volatility (4): 1. increase market value; 2. improve credit rating; 3. reduce cost variability; 4. reduce capital requirements
  • [02] Pressures leading to ERM adoption (5): 1. previous management failures; 2. near miss within own organization; 3. high profile disaster in similar organization; 4. demands from regulatory body or auditor; 5. concerns from other stakeholders
  • [02] Benefits of ERM over traditional RM (3): 1. better risk reporting, transparency, understanding; 2. improved organizational effectiveness; 3. improved business performance
  • [02] Benefits of risk transparency (3): Better alignment of business strategy with risk appetite and a more accurate assessment of the risk/return trade-offs if management can better understand; 1. risk exposure; 2. links between risk and return; 3. impact of changing external factors
  • [02] Ways ERM improves business performance (6): 1. more efficient allocation of capital; 2. minimize losses and unpleasant surprises; 3. better pricing, managing and/or transferring of risks; 4. optimize risk mitigation strategies (allow for natural hedges between business units); 5. react more quickly; 6. derive value from risk management (instead of box-ticking)
  • [02] Ways ERM improves operational effectiveness (4): 1. coordinate risk management activities across all parts of organization; 2. encourage and facilitate sharing of risk information; 3. identify and assess links between risks managed by various teams; 4. improve efficiency (management time and business resources)
  • [02] Empirical evidence for ERM value add (5): 1. many investors avoid entities with poor governance standards; 2. investors willing to pay 12%-30% premium for well-governed companies; 3. companies with strong governance structures outperform those with weaker governance, effect is amplified for larger companies; 4. insurance companies with ERM have lower volatility of returns, improved shareholder value, financial stability and 16% equity premium; 5. stock performance for companies with “excellent” S&P ERM rating was better than those of “weak” ERM ratings during 2008 crash
  • [03] Types of financial risks (4): 1. market; 2. credit; 3. business; 4. liquidity
  • [03] Types of non-financial risks (2): 1. operational; 2. external
  • [03] Elements of market risk (3): 1. trading risk; 2. asset and liability mismatch; 3. liquidity risk
  • [03] Examples of economic risk (5): 1. aggregate supply and demand; 2. government policies; 3. unemployment levels; 4. inflation, interest, exchange rates; 5. accommodation costs
  • [03] Ways to interpret liquidity risk (3): 1. funding liquidity (risk that markets are not able to supply funding to business when required); 2. more broadly, management of short term cashflow requirements; 3. market liquidity (insufficient capacity in market to handle asset transactions when deal is required)
  • [03] Define operational risk: Risk of losses resulting from inadequate or failed internal processes, people and systems, or from external events
  • [03] Advantages of outsourcing (5): 1. increased capacity; 2. reduced costs; 3. reduced time to market; 4. better quality; 5. transfer operational risks to third party
  • [03] Disadvantages of outsourcing (2): 1. legal risks from contract; 2. loss of direct control over risks
  • [03] Situations leading to financial contagion (4): 1. shared financial infrastructure; 2. funding liquidity risk (2008 crash); 3. common market positions; 4. exposure to common counterparty
  • [04] Components of ERM (7): 1. corporate governance (establish organisational processes and controls, create positive risk culture); 2. line management (integrate risk management into business strategy); 3. portfolio management (aggregate risk exposures and identify diversification effects and concentrations of risk); 4. risk transfer (mitigate excessive risk exposures cost-effectively); 5. risk analytics (measure, analyse and report on risk); 6. data and technology (support analytics); 7. stakeholder management(communicate risk information)
  • [04] Risk management responsibilities of the Board (3): 1. risk governance; 2. guide and approve ERM policies; 3. determine risk compensation
  • [04] Aspects of risk governance (3): 1. set vision, strategy, risk culture; 2. establish framework for measuring, managing and monitoring risks; 3. review outcomes and lessons learned from risk management process
  • [04] Aspects of setting ERM policies (4): 1. define risk appetite; 2. establish necessary skills for successful implementation and training program to obtain skills; 3. guide decisions on ERM approach, including roles and responsibilities; 4. approve suitable internal controls and ERM policies
  • [04] Goals of internal controls (5): 1. ensure accurate and adequate record-keeping; 2. prevent fraud and safeguard company assets; 3. guarantee accuracy of financial statements; 4. respond appropriately to risk; 5. ensure compliance with laws
  • [04] Key content of a risk subcommittee charter (6): 1. purpose; 2. responsibilities; 3. membership; 4. frequency of meetings; 5. performance assessment; 6. resources available
  • [04] Role of the audit subcommittee (3): 1. monitor integrity of financial statements; 2. monitor and review internal assurance functions (financial control, RM, internal audit); 3. recommend, monitor and review external auditor
  • [04] Cadbury Code-UK-1993 recommendations (6): 1. there should be a full Board meeting at regular intervals; 2. Board should be made aware of significant activities; 3. non-executive directors should have key responsibility for certain control and monitoring functions; 4. shareholders should approve director contracts in excess of three years; 5. director remuneration should be subject to review by a majority NED committee; 6. company reports should be balanced and understandable
  • [04] Walker Review recommendations (5): 1. “comply or explain” is still the best route to better corporate governance; 2. need more challenge in Board discussions; 3. Board involvement in risk oversight should be materially increased; 4. need better engagement between fund managers and Boards of investee companies; 5. remuneration committees should also cover influential employees, remuneration should be aligned with medium- and long-term goals and be publicly available on a banded basis
  • [04] Characteristics encouraged by good risk culture (4): 1. consultation / participation; 2. communication / openness / sharing; 3. accountability; 4. organisational learning
  • [04] Ways to change company culture (3): 1. from the top; 2. on an incremental basis; 3. as the profile of new recruits changes the views of the staff
  • [05] Categories of supervisors (4): 1. professional bodies; 2. professional regulators; 3. industry bodies; 4. industry regulators
  • [05] Role of professional bodies (2): 1. ensure members are adequately trained (exams); 2. ensure members maintain competence (professional development)
  • [05] Role of professional regulators (3): 1. set standards (to maintain public confidence); 2. monitor standards; 3. discipline in cases of non-adherence
  • [05] Purpose of industry bodies: Promote member interests through lobbying, shared research projects, etc.
  • [05] Purpose of industry regulators: Protect the public on behalf of government
  • [05] Advantages of unified regulation (6): 1. easier to regulate conglomerates; 2. consistent across various financial service activities; 3. limits incentives for regulatory arbitrage; 4. economies of scale; 5. ideas shared among regulatory staff; 6. improved accountability for regulators
  • [05] Benefits of proactive engagement with regulators (2): 1. may reduce level of risk regulators place on a company and thus reduce the supervisory burden on the company; 2. best practice advice from regulators based on seeing a wide range of risk management practices
  • [05] Aims of each Basel accord: Basel I (1998) set minimum capital requirements for banks; Basel II (2004) intended to supersede Basel I; Basel III was developed in response to 2008 crisis and focuses on liquidity, systemic and counterparty risks
  • [05] Three pillars of Basel II: Pillar 1 — minimum regulatory capital for credit, market and operational risks; Pillar 2 — supervisory review of internal processes; Pillar 3 — disclosure requirements
  • [05] Criticisms of Basel II (10): 1. too much emphasis placed on a single number that aggregates a wide variety of risk; 2. some risks are difficult to quantify; 3. some risks (e.g. liquidity) are only given cursory consideration; 4. complex calculations do not imply reliability; 5. costly to implement, especially if using internal credit and market models; 6. banks all measure risks and protect themselves in the same way at times of crisis; 7. market may under value certain assets; 8. implied levels of confidence could be spurious for new securities; 9. assets need to be sold when market value falls (pro-cyclicality); 10. complexity of risk model may lead to overconfidence in risk control
  • [05] Changes in Basel III that address prior criticism (4): 1. strengthen capital requirements (limit cross holding in other financial firms); 2. introduce conservation buffer to provide breathing space in times of financial stress; 3. change minimum ratios of Tier 1 and Tier 2 capital; 4. allow flexibility in capital requirements in times of financial crisis to limit pro-cyclicality
  • [05] Three pillars of Solvency II: Pillar 1 — quantitative requirements (SCR, MCR); Pillar 2 — qualitative requirements; Pillar 3 — supervisory reporting and disclosure
  • [05] Requirements of ORSA (3): 1. identify risk exposure; 2. identify risk management processes and controls; 3. quantify ongoing ability to meet solvency capital requirements (MCR, SCR)
  • [05] Similarities between Basel II and Solvency II (4): 1. both have three pillars, each dealing with similar aspects of company risks; 2. both are largely risk-based and allocate capital to areas running the highest risk; 3. suitable for multi-national firms; 4. similar regulation for banking and insurance arms
  • [05] Differences between Basel II and Solvency II (2): 1. Basel II assumes significant contagion risk and Solvency II considers contagion unlikely for insurance companies; 2. Basel II is more prescriptive and Solvency II is more principles based
  • [05] Key features of SOX (5): 1. formation of a Public Accounting Oversight Board (PAOB) to inspect published accounts and prosecute accounting firms in breach of regulations; 2. increased accountability of CEO and CFO of public companies; 3. each published report must contain an internal control report (ICR); 4. external auditors are required to report on management assessment; 5. illegal for management to interfere with audit; 6. illegal to destroy records with intent to influence investigation
  • [05] Principles of COSO (5): 1. risk represents opportunity and potential downside; 2. ERM is a parallel and iterative process; 3. everyone has a role in RM; 4. any RM process is imperfect; 5. implementation of RM must balance costs with benefits
  • [05] Three dimensions of the COSO cube: 1. ERM components and processes; 2. in each business objective covered by the framework; 3. at each business level of application
  • [06] Key principles in The Orange Book-UK (6): 1. importance of linking risks to objectives; 2. distinction between risk and impact; 3. need to distinguish inherent and residual risk; 4. prioritization of risk is more important than quantification; 5. risk appetite should be subdivided into corporate, delegated and project; 6. dedicated risk committee is recommended
  • [06] Elements of the Canadian Integrated Risk Management Framework (4): 1. develop corporate risk profile; 2. establish an integrated risk management function (RMF); 3. practice integrated risk management; 4. ensure continuous RM learning
  • [06] Elements of the AS/NZS 4360 process (7): 1. establish context (SWOT); 2. identify risks; 3. analyze risks; 4. evaluate risks; 5. treat risks; 6. monitor and review; 7. communicate and consult
  • [06] Differences between AS/NZS 4360 and RAMP (2): 1. RAMP process includes a project launch and a project close analysis; 2. RAMP process has a go/no-go decision step
  • [06] Principles of the IRM/AIRMIC/Alarm standard (4): 1. methodical and structured approach, similar to COSO; 2. in-house risk management is preferable (need internal risk champion); 3. internal audit is an important control; 4. clarity over stakeholder roles is important
  • [07] Risk elements of S&P’s rating framework (3): 1. sovereign risk — taxation, currency; 2. business risk — industry prospects, competitive strength, management quality, operational risks; 3. financial risk — profit level, cashflow, capital structure and flexibility
  • [07] Features affecting the significance of ERM in an insurance company’s overall rating (2): 1. complexity of risk; 2. amount of available capital and ease of access
  • [07] Practices assessed in S&P’s ERM rating (5): 1. capabilities to consistently identify, measure and manage risk exposures; 2. optimization of risk-adjusted returns; 3. unexpected losses; 4. consideration of risk and risk management in insurer’s corporate decision making; 5. risk tolerance guidelines
  • [07] Main areas of S&P’s ERM assessment (5): 1. risk management culture; 2. risk control; 3. extreme event management; 4. risk models and capital models; 5. strategic risk management
  • [07] S&P’s review of risk management culture (2): 1. look for indicators of positive risk culture; 2. evaluate governance structure, risk tolerance statements and individual risk manager capabilities
  • [07] S&P’s review of risk control (4): 1. risk identification process; 2. risk monitoring on an ongoing basis; 3. limits set for retained risk, adherence to limits, consequences when limits are not met; 4. execution of risk management process
  • [07] S&P’s review of extreme event management (3): 1. various possible events are considered; 2. potential impacts are measured (stress testing, scenario analysis); 3. events are prepared for (early warning indicators, cat insurance)
  • [07] S&P’s review of risk and capital models (4): 1. model usage / formula; 2. inputs / assumptions; 3. consistency across business units; 4. appropriate modifications to standard formula
  • [07] S&P’s review of strategic risk management (7): 1. clear decision making on retained risks; 2. clear strategy for investing assets; 3. product pricing reflects risks and returns; 4. clear standards set for what is acceptable based on risk appetite; 5. appropriate capital allocation; 6. appropriate dividend policy, influenced by risk-adjusted return on retained capital; 7. incentives for good risk-adjusted returns
  • [07] Key strength of S&P ERM framework: Encourages good ERM practices (analyse risks holistically, link strategic decisions to risk management, transparency)
  • [07] Key weakness of S&P ERM framework: Limited application (only to insurance and reinsurance companies and represents only the opinion of S&P)
  • [07] Categories of the S&P ERM rating (6): 1. excellent; 2. strong; 3. adequate; 4. weak; (5. adequate with strong risk controls; 6. adequate with positive trend.)
)

Thinker and Tinkerer. Figuring out a storyline. http://yahwes.github.io/

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade