ERM Processes &

structures
Contents
1. Introduction
2. Risk taking
3. Active RM
4. Organizational structure
5. Silo based approach
Introduction
RM Control cycle
 Control cycle: One way of developing & implementing strategies to manage risk
 The cycle should be capable of taking account of changes in risk

 ERM Process

 Identification: Define & record risks (in consistent way)

 Assessment: Quantify risks (in context of risk appetite); use computer model technology

 Evaluate risk: calculate the NPV of each risk & likelihood of risk

 Management: Ongoing treatment

 Monitoring: Recording, review, reporting, checking effectiveness, external audit

 Modification: Alterations (based on business & risk environment)

 Communication & consultations

4
ERM – not a linear process
 After evaluating risks, some require further analysis using stress testing or scenario analysis
 After treating the risks, analysis is required for dependent risks & connected risks
 Constant monitoring & reviewing, we may want to go back to previous changes and on basis of evidence
make changes to risk profile
 Add some more mitigation techniques after receiving additional information.

5
Corporate strategy
 Degrees to which risks are embraced /mitigated forms an important part of overall corporate strategy
 Involves assessing its value chain, core competencies & the risk/return economies of the overall
business to decide where in the value chain it ought to compete
 Strategy covers a wide range of different corporate decisions (e.g. sales growth, product choices, DCH,
target markets, borrowing, gearing etc.)

6
Risk taking
Risk taking
 Companies that takes on & retain more risk can achieve higher return but might find themselves in
difficulties more often

 Problems in one area can quickly disrupt operations in other areas, reducing future profits further

 Company that is in difficulty may take decisions that adversely affect some stakeholders. This reduces profit
and value of company

8
Risk taking
Financial distress – management of
 Actions that conflict with the interest of other stakeholders
 Poor quality goods
 Operating in unsafe environment
 Cutting back on long term I
 Exiting promising LoB
 Liquidating operations that was adequate
 Volatility in earnings
 Tax benefits

9
Active RM
Active RM
 Offer products with high added value (e.g. having high production quality)
 Offer products for which there are high costs of switching to another line
 Offer products for which the value to customers depends on complementary services or products
supplied by other independent companies
 Have high sales growth opportunities
 Managing uncertainty: Horizon Scanning & Flexibility

 Attention is increasingly being paid to the management of uncertainty in the widest sense

 Unexpected pressures may develop quite suddenly & have major impacts on organizations

11
Active RM – Systematic management
 Techniques (horizon scanning) to ensure potential problems are spotted early so that appropriate
mitigating actions can be taken

 Horizon scanning: Knowledge gathering to try to spot pressures at the earliest opportunity & to give the
organization time to adapt

 Resilience

 Deal with problems that aren’t spotted sufficient early to facilitate appropriate mitigation

 Adaptation may not be possible always, so structure change should occur for flexibility & stronger

 Financial robustness & ability to withstand pressures

12
Active RM – Systematic management
 Operational flexibility:

 Increase use of outsourcing

 Spread operations over various sites/countries

 Shift DCHs

 Move away from grouping individuals into specialist teams & operating more using multi-discipline project teams

13
Organizational structure
Organizational structure of ERM
Three Lines of Defense

1. Line management staff in the BU

 Measuring & managing risk in individual BUs on a daily basis
 Should be in line with company’s stated risk appetite & risk policies

2. CRO & RM team

 Centralized RM function & compliance team
 Accountable for establishing risk & compliance programs/policies
 Supporting & monitoring the line management & reporting to BAM

15
Organizational structure of ERM
3. Board & audit function
 Effective governance of the RM process & setting RM strategy
 Approving policies & ensuring that ERM is effective

The RM function (RMF) does not need to be one department

 Can be a virtual team comprising distinct functions from different parts of the business
 But it’s best to have a Central Risk Function headed by a CRO

16
Silo based approach
Silo based approach – reasons of existence
 If RM has never been considered holistically
 RM created on a ad-hoc basis
 Different approach by different departments
 Operations of company divided into departmental lines like staffing, reporting, budgeting
 Silo based RM fits in ways of doing things
 Managers of different departments – unwilling to have centralized RM (thinking this is loss of
responsibility or interference)
 During M&A, departments of company not integrated well and historic RM practices exist in the market.

18
Silo based approach – RM features
 Variety of classifications of risk being used
 Different documents being used to record risks in different departments
 Different tools to assess & measure risk in each silo
 No centralized record of risks faced by company as a whole
 No total risk faced, even after considering interactions
 No stated risk appetite
 Same risk being managed differently in different departments
 No account of diversifying effects of risks
 No senior member of staff with responsibility to consider risk as a whole.
 Lack of reporting to the Board on risk

19
Silo based approach – actions to get ERM
Have dedicated Central risk function
 Pull together RM practices of different departments
 Set out definitions & risk taxonomy
 Common documentation
 Common methods of assessing risks
 Assess overall risks (allow for hidden risks & correlations)
 Gather information from each department & quantify relationship b/w the risks
 Provide recommendations on dealing with risk e.g. one mitigation technique used to address multiple
risks of different departments
 CRF should work with other functions like marketing, IT
 Carry out risk training programs to make everyone understand RM activities & hierarchy
20
Silo based approach – actions to get ERM
 Responsibility of ERM lies with Board
 Set a risk appetite as a guidance as to how much risk company as a whole can take
 Receive regular reports on the risk & ways in which company deals with the risks
 Ensure that risk information is incorporated in business decisions

 At planning stage

 Understanding of risk adjusted return

21