ebook img

Developing Your Risk Appetite Definition of Enterprise Risk Management PDF

16 Pages·2017·0.86 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Developing Your Risk Appetite Definition of Enterprise Risk Management

1 Developing Your Risk Appetite Enterprise Risk Management Vendor Management Business Continuity William C. Hord IT GRC Internal Audit V.P. of Enterprise Risk Management Services Regulatory Compliance Manager Complaint Management March 26, 2017 Solutions Track 6: 4:00pm –5:00pm Definition of Enterprise Risk Management (ERM) The Committee of Sponsoring Organizations of the Treadway Commission (COSO): Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designedtoidentifypotentialeventsthatmayaffecttheentity,andmanagerisktobewithin its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. EnterpriseRiskManagement—IntegratedFramework,©[2004]CommitteeofSponsoringOrganizationsoftheTreadwayCommission (COSO).Allrightsreserved.http://www.coso.org/ermupdate.html Definition of Risk Capacity Risk Capacity working definition: The maximum level of risk at which a company can operate, while remaining within constraints implied by capital and funding needs and its obligations to stakeholdersinpursuitofitsobjectives. Definition of Risk Profile Risk Profile working definition: The company’s entire risk landscape reflecting the nature and scale of its riskexposuresaggregatedwithinandacrosseachrelevantriskcategory. Definition of Risk Appetite Risk Appetite working definition: The risk a company is willing to take in the pursuit of its strategic  objectives. Definition of Risk Tolerance Risk Tolerance working definition: The level of risk which, if breached by the company’s risk profile, would require immediateescalationandcorrectiveaction. Definition of Risk Appetite Trigger Risk Appetite Trigger working definition: The level at which escalation occurs to a committee or level of authority because the risk profile is sufficiently close to the risk tolerance that correctiveactionshouldbeconsidered. Definition of Risk Appetite Statement Risk Appetite Statement working definition: A company’s risk appetite should be articulated and communicated so that employees understand the need to pursue objectives within acceptablelimits. Risk Appetite Benefits • EnhanceReputation; • ImprovedCompliance; • ImprovedGovernance; • ShareholderProtections; • ImprovedBusinessPerformance; • PromoteRiskAwarenessCulture; • AligningRiskstoStrategicObjectives; • EnhancedRisk‐BasedDecisionMaking; • OptimizedSpendingforIncreasedValue; • MeetRegulatoryandAuditExpectations; • DeterminationofHowMuchRisktoTake; • GuideandInformStrategicPlanningandBudgetingand; • TranslateBoardStrategyintoBusinessUnitStrategyandObjectives. Risk Appetite Considerations COSOoutlines four that need to be taken when considering the risk appetite of the  company: 1. Existing Risk Profile: What are the current risks across the company in the various risk  categories? 2. Risk Capacity: How much risk is the company able to handle in order to achieve its objectives? 3. Risk Tolerance: What is the acceptable level of deviation the company is willing to accept in  achieving its goals? 4. Attitudes Towards Risk: What is the risk culture in the company?  EnterpriseRiskManagement:UnderstandingandCommunicatingRiskAppetite,2012,©Dr.LarryRittenbergandFrankMartens, researchcommissionedbytheCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO).Allrightsreserved. Risk Appetite – Qualitative & Quantitative MixtureofBOTH; Risk Acceptance Low Low‐Med Medium Med‐High High • Qualitative:  Compliance; $/% $$/% $$$/% $$$$/% $$$$$/%  Reputationand; Capital X  Strategic. Compliance X • Quantitative: Credit X  Capital; Interest Rate X  Credit; Liquidity X  InterestRateand;  Liquidity. Reputation X Strategic X Others could include: Concentration –Credit and/or Investments; Price/Market; Operational –General /  Technology / Third Party / Information Security, etc. Risk Appetite Process & Checklist DefineYourRiskCapacity:  Whatisyouroverallabilitytoabsorbpotentiallosses;  Whatareyourcashandcashequivalentstomeetliquiditydemandsandintermsofcapital andreservestocoverpotentiallosses.  Determinemaximumcapacitylimitforuseinriskappetiteprocess. Risk Appetite Process & Checklist DefineStrategicObjectives:  SampleStrategicObjectives: 1. EarningsGrowth; 2. ShareholderReturns; 3. MaintaintheReturnonEquity; 4. RetainSkilledandQualifiedWorkforceand; 5. CapitalAdequacy/ExternalCreditRatings.  Include business plan outlining how the business intends to meet its objectives and stakeholderexpectations;  Include capital management plans outlining capital requirements for achieving strategic objectives. Risk Appetite Process & Checklist DefineCurrentandProposedRisksWithinStrategicObjectives,BusinessandCapitalPlans:  RiskCategories: • Strategic; • Operational; • Complianceand; • Financial/Reporting.  RisksThatAreAcceptable;  RisksThatAreUn‐Acceptable;  DetermineTotalAggregateRiskProfile;  PotentialRiskstoAchievingStrategicObjectives;  CurrentRiskBeingTakenRelatedtoRiskCapacity;  Determine Total of unexpected losses that the company is willing to accept in the event a risk materializes.  Determine available capital between the risk capacity and the aggregate risk profile; including provisionforunexpectedlosses.  Theriskappetiteofthecompanywilldeterminethesizeofthecapitalrequired.Thecompanyhasto balance between its availability of capital versus cost of capital. The strategic objectives if clearly articulatedshouldprovideastrongguidelineforthelevelofanticipatedriskappetite. Risk Appetite Process & Checklist DetermineandCreateRiskTolerances:  Having determined the capital available to withstand risks and the current level of risk exposure,thenextstepistheidentificationoftolerancerangesforspecificrisks(toensurethe appetiteremainswithintheboundsofthecapitalmanagementand/orbusinessplan).  Risktolerances,arethetypicalmeasuresofriskusedtomonitorexposurecomparedwiththe statedriskappetite.Inpracticetheyenablethehigh‐levelriskappetitetobebrokendownand communicatedintomeasuresthatareactionableatthebusinessunitlevel.  Developingrisktoleranceshelpstoensureappropriatereportingandmonitoringprocessescan beputinplacefortheeffectivemanagementoftheserisks.Assuch,thesethresholdsshould beclearlyarticulatedandmeasurable. Risk Appetite Process & Checklist CreateandApproveRiskAppetiteStatement:  Create a formalized Risk Appetite Statement utilizing the information determined from the process;  ProvidetoBoardforfinalapproval. Risk Appetite Process & Checklist CommunicateRiskAppetiteStatement:  Determinethebestwaytocommunicateriskappetite;  Threemainapproachesforcommunicatingriskappetite: 1. Expressingoverallriskappetiteusingbroadstatements; 2. Expressingriskappetiteforeachmajorclassoforganizationalobjectives,and; 3. Expressingriskappetitefordifferentcategoriesofrisk.  Specificenoughthatoperationalleaderscanmonitorwhetherrisksarebeingmanagedwithin riskappetite. EnterpriseRiskManagement:UnderstandingandCommunicatingRiskAppetite,2012,©Dr.LarryRittenbergandFrankMartens, researchcommissionedbytheCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO).Allrightsreserved. Risk Appetite Process & Checklist MonitoringandUpdatingRiskAppetite:  Management,withboardsupport,mustrevisitandreinforceRiskAppetite;  Cannotbesetonceandthenleftaloneforextendedperiods;  Reviewedandincorporatedintodecisionsabouthowthecompanyoperates.(Especiallyimportantifthe company’sbusinessmodelbeginstochange);  Management should monitor the company’s activities for consistency with risk appetite through the specificsidentifiedwithrisktolerances;  Use key performance risk metrics to measure performance by integrating risk tolerances into the monitoringprocessusedtoevaluateperformanceand;  Internalauditingcanprovideindependentinsightontheeffectivenessofmonitoringprocesses. EnterpriseRiskManagement:UnderstandingandCommunicatingRiskAppetite,2012,©Dr.LarryRittenbergandFrankMartens, researchcommissionedbytheCommitteeofSponsoringOrganizationsoftheTreadwayCommission(COSO).Allrightsreserved. Risk Appetite Example Risk Profile is within  Risk Profile is within  Low Tolerance limit:  High Tolerance limit:  Risk Profile is less  Corrective action  Corrective action  Risk Profile is more  than Low Tolerance  discussions required.  “Sweet Spot” discussions required.  than High Tolerance  limit: Corrective  Risk Profile functioning as  limit: Corrective  action must be taken  action must be taken  expected.   immediately.  immediately.  ACTION Low Tolerance Risk Appetite High Tolerance ACTION Risk Capacity Low Tolerance Risk  High Tolerance Risk  Appetite Triggers Appetite Triggers Board and Management Responsibilities 1. Managementestablishesriskappetite; 2. Boardoverseesriskappetite; 3. Appliesthroughoutorganization; 4. Alignswithstakeholdersandmanagers; 5. Managesrisksandriskappetiteovertime; 6. Monitorstoensureadherencetoriskappetite; 7. Supportsculture; 8. Considersresources; 9. Communicatesthroughstrategiesandobjectivesand; 10.Clearlycommunicateshowmuchrisktheorganizationiswillingtoacceptatalllevels. Enterprise Risk Management: Understanding and Communicating Risk Appetite, 2012, © Dr. Larry Rittenberg and Frank  Martens, research commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). All  rights reserved.

Description:
Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to .. On-going Development: The implementation of new technologies creates new opportunities, but also new risks.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.