Enterprise Risk Management (ERM)
‘Integrated Framework’
IMPLEMENTATION
Enhancing Capabilities
Taking It To The Next Level


FUNDAMENTALS & ROLES
•
•
•
•
•
•
•

The Fundamentals
COSO Enterprise Risk Management
Role of Executive Management
Role of the Director
Role of the Chief Risk Officer
Risk Management Oversight Structure
Role of Internal Audit
2


IMPLEMENTATION
•
•
•
•

•
•
•
•

Risk Management Vision and Objectives
Conducting Risk Assessments
Getting Started – Set the Foundation
Building & Enhancing Capabilities
Building a Compelling Business Case
Making it Happen
Relevance to Sarbanes-Oxley Compliance
Other Questions
3


4


Enhancing Capabilities
Taking It To The Next Level
What steps does management take to enhance risk
management capabilities?
apply to those priority risks for which management has
decided to attain a “managed” or an “optimized”
state of capability - three steps:
quantify risk enterprise wide
improve enterprise performance
establish sustainable competitive advantage


5


Enhancing Capabilities
Taking It To The Next Level
How does management decide on the
appropriate enhancement capabilities?
Market/investment community expectations:
institutional investors
rating agencies
regulatory authorities
industry standards
6


Enhancing Capabilities
Taking It To The Next Level
What is a “portfolio view” of risks and how is it
practically applied?
Risks in different units may be within the risk
tolerances of the individual units
taken together, the risks might exceed the
enterprise wide risk appetite
risks may naturally offset across the entity

7


Enhancing Capabilities
Taking It To The Next Level

Portfolio view makes sense for activities directed at
achieving a common enterprise wide purpose
• Risks add up whether evaluated piecemeal or in total
• Increased efficiency and better decisions
• Improved reporting and capital allocation
• Simplicity

8


Enhancing Capabilities
Taking It To The Next Level
How does management quantify risks enterprise
wide? At what level are risks aggregated for
quantification purposes?
Centralized vs. decentralized
• aligning enterprise wide goals and operating
unit incentives
• delineating risk management tasks that must
be executed centrally from tasks that must be
executed locally
9


Enhancing Capabilities
Taking It To The Next Level
Ways to aggregate multiple risk measures
Risk-pooling approaches (hedging)
Enterprise wide risk appetite/specific risk tolerances
Hurdle rates (industry risk adjusted)

At risk frameworks (VaR, EaR, GMaR & CFaR)
Risk-adjusted performance measurement

10


Enhancing Capabilities
Taking It To The Next Level
Enhanced capabilities achieve four things
More robust risk reporting – aggregated at multiple
levels by specific investments and projects
Greater investment confidence
Greater integration and alignment of risk responses
Higher valuation - higher price/earnings multiples in
share valuations

11


Enhancing Capabilities
Taking It To The Next Level
How does management use ERM to improve business
performance? helps managers make better choices in
protecting and enhancing enterprise value
Evaluate the key underlying variables in the business plan that are
exposed to performance variability and that require specific
risk responses
Understand the loss exposures or drivers inherent in the
enterprise’s business model that require specific risk responses
Identify incongruities inherent in the business model where

management has, either knowingly or unknowingly, accepted
risks that should be avoided, given the entity’s risk appetite
12


Enhancing Capabilities
Taking It To The Next Level
Critical risk management tasks
• identify events
• assess risk
• formulate risk response
• implement control activities
• inform/communicate and monitor
provides a flexible framework for addressing these
three strategically important issues
13


Enhancing Capabilities
Taking It To The Next Level
Identify value drivers
value drivers are linked to the variables that
influence the achievement of the business
plan
they may be defined in terms of the key
underlying variables that cause revenues and
expenses to go up and down (increase and
decrease cash flow)
14



Enhancing Capabilities
Taking It To The Next Level
Key performance indicators are developed
metrics by which performance against plan is
evaluated and ultimately rewarded
converted into reports and are used to monitor
performance over time
managing and monitoring the business will surface
opportunities to improve processes, products
and services to enhance enterprise value (EVA)
15


Enhancing Capabilities
Taking It To The Next Level
EVA = NOPAT less WACC (NPV>0)
Create new opportunities - new business activities
Improve performance - policies, processes,
competencies, reporting, technology and/or
knowledge
Harvest existing value - withdraws from existing
business
Adjust and align cost of capital - reduce WACC and/or
ensure risks are consistent with risk appetite
16


Enhancing Capabilities
Taking It To The Next Level

EVA
Create new opportunities – change core business risk?
Improve performance – insights into soft spots in the
enterprise’s or unit’s business strategy as well as
opportunities to improve performance
Harvest existing value - understand “relative riskiness”
of different units, geographies, products or markets
Adjust and align cost of capital - specific WACC for
specific core businesses
17


Enhancing Capabilities
Taking It To The Next Level
Linkage of ERM to improved enterprise performance altering risk by increasing/decreasing:
enterprise’s net exposure (materiality)
variability of the enterprise’s expected returns caused
by specific sources of uncertainty (such as exposure
to fluctuating currency rates)
probability of financial distress in the event of realized
changes in key variables (such as changes in interest
rates for a highly leveraged company)
18


Enhancing Capabilities
Taking It To The Next Level
How should we integrate our ERM approach with our
strategic planning process?
integrate specific ERM capabilities with the various

phases of the strategy-setting process
Strategic assessment  Internal environment, event
identification and risk assessment
Strategy development  Risk response
Formulate plan  Control activities, information/
communication and monitoring
19


Enhancing Capabilities
Taking It To The Next Level

20


Enhancing Capabilities
Taking It To The Next Level
Determine critical value drivers and define the sources of
uncertainty associated with each of those drivers
Shareholder Value  cash flow  earnings
e.g. revenue drivers: predictable volume, price competitiveness,
customer liquidity, customer diversification, entry barriers and
growth industry
predictable volume sub drivers: segmented market, scalable
productive capacity and effectively functioning distribution channel
prioritize value drivers based upon their contribution
select the priority drivers for purposes of event identification and
risk assessment
21



Enhancing Capabilities
Taking It To The Next Level
Should we complete our strategic planning process
prior to conducting our first enterprise wide risk
assessment, or vice versa? NO
incorporate risk appetite and risk management into
strategy-setting

22


Enhancing Capabilities
Taking It To The Next Level
Is it possible to successfully merge together the risk
assessments that companies perform as a result of
ERM, Sarbanes-Oxley compliance, business
continuity planning, internal audit and various
compliance activities related to workplace,
environmental and other regulations? YES
Must develop common language and uniform process

23


Enhancing Capabilities
Taking It To The Next Level
How does management use ERM to establish a sustainable
competitive advantage?
Integrate risk management with business & strategic planning

Implement more rigorous risk assessment process
Improve management of common risks across the enterprise
Improve capital deployment and resource allocation
Configure the enterprise’s risk taking with its core competencies
Seize opportunities through rational assumption of risk

24