Transcript Handout 1

ERM 57 Review
Mike Elliott, CPCU, AIAF, MBA
Rich Berthelsen, JD, CPCU, AIC, ARM, AU, ARe,
MBA
RIMS – April 2014
Recording of this session via any media type is strictly prohibited.
Page 1
Overview
• Exam Basics – What to Expect
• Test-Taking Tips
• Review of Sections Students Find the
Most Challenging
Recording of this session via any media type is strictly prohibited.
Page 2
What to Expect on the Exam
• Educational Objectives
• Balanced Exam
• Pretest Items
Recording of this session via any media type is strictly prohibited.
Page 3
Test-Taking Tips
•
•
•
•
•
Get the easy ones
Don’t get bogged down early
Use the “mark for later review” feature
Eliminate the obviously wrong answers
Use your scratch paper to keep track
Recording of this session via any media type is strictly prohibited.
Page 4
Assignment 1
Introduction to Enterprise Risk Management
Recording of this session via any media type is strictly prohibited.
Page 5
ERM Definition
RIMS
A strategic business discipline that supports the achievement
of an organization’s objectives by addressing the full spectrum
of its risks and managing the combined impact of those risks
as an interrelated risk portfolio.
Recording of this session via any media type is strictly prohibited.
Page 6
Traditional Risk Management Department
Recording of this session via any media type is strictly prohibited.
Page 7
ERM Governance Model
Recording of this session via any media type is strictly prohibited.
Page 8
Classifications of Risk
Recording of this session via any media type is strictly prohibited.
Page 9
Risk Quadrants
Recording of this session via any media type is strictly prohibited.
Page 10
Risk quadrants differ from risk classifications. While risk
classifications focus on specific characteristics of the
risk itself, risk quadrants focus on
A: pure and subjective risks.
B: subjective and objective risks.
C: risk diversification.
D: sources of risk.
Recording of this session via any media type is strictly prohibited.
Page 11
Assignment 2
Enterprise Risk Management
in an Organization
Recording of this session via any media type is strictly prohibited.
Page 12
Purpose and Types of Maturity Models
The purpose of a maturity model is to evaluate
or improve a business process.
Two types of particular interest are:
• Capability Maturity Model
• RIMS Risk Maturity Model
Recording of this session via any media type is strictly prohibited.
Page 13
Capability Maturity Model (CMM) and Capability
Maturity Model Integration
Has five levels:
• Ad hoc
• Initial
• Defined
• Managed
• Optimizing
Recording of this session via any media type is strictly prohibited.
Page 14
Based on the Capability Maturity Model (CMM)
developed by Carnegie Mellon, an organization that has
basic risk management processes with no attempt at
enterprise-wide risk management is at which one of
the maturity levels?
A: Managed
B: Initial
C: Ad hoc
D: Defined
Recording of this session via any media type is strictly prohibited.
Page 15
RIMS Risk Maturity Model
Uses 5 maturity levels based on CMM applied
to 7 attributes:
• Adoption of ERM-based approach
• ERM process management
• Risk appetite management
• Root cause discipline
• Uncovering risks
• Performance management
• Business resiliency and sustainability
Recording of this session via any media type is strictly prohibited.
Page 16
A risk maturity model that uses five maturity levels
based on the Capability Maturity Model, determining
the maturity level for each of seven attributes by
evaluating the degree to which key drivers are present,
is known as the
A: Capability Maturity Model
B: Standard and Poor’s (S&P) Risk Maturity Model
C: RIMS Risk Maturity Model
D: Aon Risk Maturity Index
Recording of this session via any media type is strictly prohibited.
Page 17
Organizational Functions Related to ERM
Recording of this session via any media type is strictly prohibited.
Page 18
Assignment 3
Enterprise Risk Management
Framework and Process
Recording of this session via any media type is strictly prohibited.
Page 19
Framework and Process
Recording of this session via any media type is strictly prohibited.
Page 20
ISO 31000 Framework and Process
Source: ISO
31000:2009
Recording of this session via any media type is strictly prohibited.
Page 21
COSO ERM
Source: COSO – Enterprise Risk Management – Integrated Framework
Recording of this session via any media type is strictly prohibited.
Page 22
Applying Risk Management Framework
The main purpose of the framework is to
integrate risk management throughout the
organization. The framework has 4 components
1. Lead and establish creditability
2. Align and integrate
3. Allocate resources
4. Communicate and report
Recording of this session via any media type is strictly prohibited.
Page 23
Assignment 4
Risk Oversight
Recording of this session via any media type is strictly prohibited.
Page 24
Recording of this session via any media type is strictly prohibited.
Page 25
The European Corporate Law Directive on Auditing has
produced a recommended framework that defines the
corporate governance roles. Under this framework,
which one of the following is responsible for converting
strategy into operational objectives?
A: Board of directors
B: Chief executive officer
C: Operational management
D: Senior management
Recording of this session via any media type is strictly prohibited.
Page 26
Recording of this session via any media type is strictly prohibited.
Page 27
Which statement describes one of the responsibilities
of an executive-level risk committee?
A: Assist the board in establishing risk appetite and
risk tolerance levels
B: Monitor the organization’s compliance with
established risk limits
C: Approve the organization’s risk management
strategies, including their design and implementation
D: Oversee exposures of the organization’s critical
risks and advise the board on risk strategy
Recording of this session via any media type is strictly prohibited.
Page 28
Assignment 5
Strategic Planning and Enterprise
Risk Management
Recording of this session via any media type is strictly prohibited.
Page 29
Strategy Implementation
Some organizations apply a balanced scorecard
approach to implement strategy and to provide a
foundation for strategy evaluation. The balanced
scorecard approach translates an organization’s
strategy into specific goals and actions assigned to
each department within the organization.
Recording of this session via any media type is strictly prohibited.
Page 30
SWOT Analysis Table
Recording of this session via any media type is strictly prohibited.
Page 31
Organizational Levels
Recording of this session via any media type is strictly prohibited.
Page 32
Which one of the following types of strategy
determines how individual departments within an
organization direct their activities?
A: Functional strategy
B: Business strategy
C: Corporate strategy
D: Operational strategy
Recording of this session via any media type is strictly prohibited.
Page 33
Assignment 6
Risk-Based Performance and Process
Management
Recording of this session via any media type is strictly prohibited.
Page 34
Key Performance Indicators
A key performance indicator (KPI) measures progress
toward an organization’s goals, provides an
attainable standard for a specific activity, and gives
the focus or direction the activity is to take.
Recording of this session via any media type is strictly prohibited.
Page 35
Successful organizations have goals and objectives. A
financial or nonfinancial measurement that defines
how successfully an organization is progressing toward
its long-term goals is referred to as
A: an operating standard (OS).
B: a critical success factor (CSF).
C: a key performance indicator (KPI).
D: an objective gauge (OG).
Recording of this session via any media type is strictly prohibited.
Page 36
Purpose of Key Risk Indicators (KRIs)
Effective KRIs provide objective, quantifiable
information about emerging risks and trends in existing
risks that can affect an organization’s success. A KRI can
reveal an upward trend in the level of a risk that, if it
continues, will exceed the designated risk threshold for
that risk.
Recording of this session via any media type is strictly prohibited.
Page 37
Which one of the following is an example of an external
key risk indicator (KRI) that a manufacturer might
monitor?
A: Number of employee injuries
B: Age of accounts payable
C: Amount of budget variances
D: Cost of raw materials
Recording of this session via any media type is strictly prohibited.
Page 38
Assignment 7
Internal Audit and Control
Recording of this session via any media type is strictly prohibited.
Page 39
Internal Control and Risk Management
Internal control – a system or process that an
organization uses to achieve its operational goals,
internal and external financial reporting goals, or
legal and regulatory compliance goals.
Recording of this session via any media type is strictly prohibited.
Page 40
COSO Internal Control Framework
Source: COSO Internal Control – Integrated Framework
Recording of this session via any media type is strictly prohibited.
Page 41
Three Lines of Defense Model
Source: FERMA/ECIIA
Recording of this session via any media type is strictly prohibited.
Page 42
According to the Three Lines of Defense Model,
internal audit’s role in risk assessment techniques
is to
A: design them.
B: implement them.
C: provide assurance on their effectiveness.
D: perform a control risk self-assessment (CRSA).
Recording of this session via any media type is strictly prohibited.
Page 43
Evolution of Internal Audit
Transaction
Approvals
Assurance of
Internal Controls
Risk-based
Approach
Recording of this session via any media type is strictly prohibited.
Page 44
Risk-Based Auditing
Aligns audit resources with the areas that
pose the greatest organizational risk.
Recording of this session via any media type is strictly prohibited.
Page 45
The modern approach to internal auditing differs
from the traditional approach by focusing on
A: the effectiveness of internal controls.
B: the relative riskiness of various activities.
C: transaction approvals.
D: systems-based compliance.
Recording of this session via any media type is strictly prohibited.
Page 46
Assignment 8
Regulation and Compliance
Recording of this session via any media type is strictly prohibited.
Page 47
Regulation
Rules-Based
• More certainty and
predictability
• Less responsive to change
• Inflexible
• Often circumvented
Principles-Based
• More flexible and focuses
on outcomes
• Responds more quickly in a
changing environment
• Requires more
communication between
the regulator and the
regulated
Recording of this session via any media type is strictly prohibited.
Page 48
NAIC ORSA
Risk
Management
Framework
Assessment of
Risk Exposure
Prospective
Solvency
Assessment
• Principles-based (guidelines)
• Applies ERM to insurance companies
Recording of this session via any media type is strictly prohibited.
Page 49
The NAIC Own Risk and Solvency Assessment
(ORSA) model law represents a change from past
NAIC directives because it is
A: specific in terms of reporting.
B: retrospective.
C: voluntary.
D: principles-based.
Recording of this session via any media type is strictly prohibited.
Page 50
Assignment 9
Risk Assessment and Treatment
Recording of this session via any media type is strictly prohibited.
Page 51
Risk Identification Tools
•
•
•
•
•
Facilitated workshops
Delphi technique
Scenario analysis
HAZOP
SWOT
Recording of this session via any media type is strictly prohibited.
Page 52
Which one of the following team approaches to
risk identification involves a select group of experts
in question-and-response cycles until a consensus
is achieved?
A: HAZOP
B: Scenario analysis
C: Delphi technique
D: SWOT
Recording of this session via any media type is strictly prohibited.
Page 53
Risk Treatment Techniques
Recording of this session via any media type is strictly prohibited.
Page 54
Assignment 10
Risk Modeling
Recording of this session via any media type is strictly prohibited.
Page 55
Influence Diagrams and Probabilities
GEV Industries hires inexperienced and experienced
workers to operate simple and complex machines.
Accident rates vary by worker experience and
complexity of machine.
GEV would like to estimate accident rates if it (a)
assigns workers randomly to machines or (b) assigns
workers to machines based on experience.
Recording of this session via any media type is strictly prohibited.
Page 56
Influence Diagram
Worker assignment to machines
Worker
Experience
?
Machine
Complexity
Accident
Rate
Cost of
Risk
Recording of this session via any media type is strictly prohibited.
Page 57
Machine and Worker Data
Simple
machines
Complex
machines
Inexperienced
workers
Experienced
workers
40
160
60
140
Random Worker Assignments Probabilities
Inexp. worker (30%)
Exp. Worker (70%)
Simple machine (20%)
6%
14%
Complex machine (80%)
24%
56%
Accident Conditional Probability
Inexperienced
Experienced
Simple Machine
5%
0%
Complex Machine
40%
10%
Recording of this session via any media type is strictly prohibited.
Page 58
Random Worker Assignments Probabilities
Inexp. worker (30%)
Exp. Worker (70%)
Simple machine (20%)
6%
14%
Complex machine (80%)
24%
56%
Accident Conditional Probability
Inexperienced
Experienced
Simple Machine
5%
0%
Complex Machine
40%
10%
Accident Probability
Inexp. worker
Exp. worker
Simple machine
.3%
0.0%
Complex machine
9.6%
5.6%
Total accident probability = 15.5%
Recording of this session via any media type is strictly prohibited.
Page 59
Worker Assignments by Experience
Inexp. worker (30%)
Exp. Worker (70%)
Simple machine (20%)
20%
0%
Complex machine (80%)
10%
70%
Accident Conditional Probability
Inexperienced
Experienced
Simple Machine
5%
0%
Complex Machine
40%
10%
Accident Probability
Inexp. worker
Exp. worker
Simple machine
1%
0%
Complex machine
4%
7%
Total accident probability = 12%
Recording of this session via any media type is strictly prohibited.
Page 60
Twenty percent of PDQ Transport’s trucks have advanced
safety equipment and 80% do not. Thirty of PDQ’s drivers are
inexperienced and 90 are experienced. Assuming drivers are
assigned randomly to trucks, what is the probability that an
inexperienced driver is assigned to a truck without advanced
safety equipment?
A: 18%
B: 20%
C: 24%
D: 60%
Recording of this session via any media type is strictly prohibited.
Page 61
Correlation
• Relationship between two variables
• Number between +1 and -1
• 0 means no correlation
Recording of this session via any media type is strictly prohibited.
Page 62
Two variables are perfectly positively correlated.
If one of the variables increases, the other will
A: increase in direct proportion.
B: decrease in direct proportion.
C: increase at half the rate.
D: decrease at half the rate.
Recording of this session via any media type is strictly prohibited.
Page 63
Value at Risk (VaR)
Recording of this session via any media type is strictly prohibited.
Page 64
A $500,000, 2 percent VaR means losses are
expected to be
A: $10,000.
B: less than $500,000 2 percent of the time.
C: $490,000.
D: greater than $500,000 2 percent of the time.
Recording of this session via any media type is strictly prohibited.
Page 65
Assignment 11
Risk-Based Capital Allocation
Recording of this session via any media type is strictly prohibited.
Page 66
Cost of Equity
KE = rf + ß (rm – rf )
Where:
ß = Beta of security
rm = Expected return on the market
rf = Risk-free rate
Recording of this session via any media type is strictly prohibited.
Page 67
Cost of Debt Equation
Cost of debt KD = (risk free rate of return rf +
risk premium) × (1 – tax rate)
Recording of this session via any media type is strictly prohibited.
Page 68
Polytech Company
Tax rate
40%
Risk-free rate
4%
Current Debt
$10 million
Polytech credit spread
2.10%
Curent Equity
$100 million
Expected market return
10%
Market risk premium
6%
Polytech Beta
1.20
Recording of this session via any media type is strictly prohibited.
69
Page 69
Polytech Company
• Estimate the cost of debt
• Estimate the cost of equity
• Optimal capital structure = weighted average of the
cost of debt and the cost of equity
Recording of this session via any media type is strictly prohibited.
70
Page 70
Polytech Company – Cost of Debt
(Risk-free rate of return + credit spread) X (1 – tax
rate)
(4% + 2.10%) X (1-.40)
3.66%
Recording of this session via any media type is strictly prohibited.
71
Page 71
Polytech Company – Cost of Equity
Risk-free rate of return + Beta X (Market rate of return – risk-free
rate of return)
4% + 1.20 (10% - 4%)
11.20%
Recording of this session via any media type is strictly prohibited.
72
Page 72
Polytech Company – Weighted Average Cost of Capital
$10 mil. debt divided by $110 mil. (debt + equity) = .091
.091 weight of debt; .909 weight of equity
(3.66% X .091) + (11.20% X .909)
.333% + 10.181%
10.514%
Recording of this session via any media type is strictly prohibited.
73
Page 73
Market Value Surplus (MVS)
Recording of this session via any media type is strictly prohibited.
Page 74
Economic Capital
Recording of this session via any media type is strictly prohibited.
Page 75
Market Value Surplus Example
Autumn Assurance Group has assets at fair value of $100
million. The present value of Autumn’s liabilities is $85
million. The market value margin is $5 million. Using
probability models, Autumn determines that its VaR is $8
million because it expects to incur an $8 million or greater
loss of capital at a .5 percent probability over a one-year
period.
1. What is Autumn’s MVS?
2. What is Autumn’s economic capital?
3. Does Autumn have excess capital or a deficiency in
capital?
Recording of this session via any media type is strictly prohibited.
Page 76
Questions?
Recording of this session via any media type is strictly prohibited.
Page 77
Evolution of Risk Management
Insurance
Management
Risk
Management
Enterprise Risk
Management
Recording of this session via any media type is strictly prohibited.
Page 78
ERM Value Proposition
•
•
•
•
•
Identify key risks
Employ risk-based decision making
Improve internal control
Improve risk governance
Comply with legal and regulatory
requirements
Recording of this session via any media type is strictly prohibited.
Page 79
Solvency I and II (Insurance Cos)
Solvency I
• Early 1970s
• Focused on capital
adequacy
Solvency II
• 3 pillars
• 1 – Risk-based capital
• 2 – Risk management and
governance
• 3 – Transparent reporting
• Includes an own risk and
solvency assessment (ORSA)
Recording of this session via any media type is strictly prohibited.
Page 80
Basel II and III (Banks)
Basel II
• Issued in 2004
• Minimum capital
requirements using weights
for different types of credit
risk
Basel III
• Response to the Great
Recession
• Operational risk added
• Risk management
framework
• Board of directors role
(approve framework, risk
appetite, governance)
Recording of this session via any media type is strictly prohibited.
Page 81
ERM Process Model
Recording of this session via any media type is strictly prohibited.
Page 82
Risk Identification Tools – Risk Register
Public University
Event
ID
Risk Scenario
Likelihood
Impact
Risk Level
Risk Treatment
(present)
Proposed
improvement
action
Next Review
Date
1
Loss of personal
computer
3
1
None
None
Remove from
list
2
Damage to
reputation
2
4
Review policy
Implement …
2 months
Loss of state
funding
3
5
None
3
•Increase lobbying
•Step up giving
campaign
1 month
….
Recording of this session via any media type is strictly prohibited.
Page 83
Risk IdenficationTools - Risk Map
Public University
3
2
1
Loss of a personal computer
2
Damage to reputation
3
Loss of state funding
1
Recording of this session via any media type is strictly prohibited.
Page 84
Inherent and Residual Risk
Inherent
Treat
Residual
Treat
Optimum
Recording of this session via any media type is strictly prohibited.
Page 85
A risk map showing a large difference between
inherent and residual risk indicates that the
A: current risk treatment is ineffective.
B: risk does not need to be treated.
C: current risk treatment is effective.
D: risk exceeds the organization’s risk tolerance.
Recording of this session via any media type is strictly prohibited.
Page 86
Decision Tree
Recording of this session via any media type is strictly prohibited.
Page 87
X
X
X
Risk Appetite
Expected Value of the Return
ERM Tools - Modern Portfolio Theory
X
Risk – standard deviation (variability)
Recording of this session via any media type is strictly prohibited.
Page 88
The efficient frontier consists of portfolios that
A: are riskless.
B: provide the average market return.
C: provide the highest return at different risk
levels.
D: return the risk-free rate of return.
Recording of this session via any media type is strictly prohibited.
Page 89
Earnings at Risk
Recording of this session via any media type is strictly prohibited.
Page 90
Earnings at risk of $200,000 with 90 percent
confidence are projected to be
A: $180,000.
B: less than $200,000 10 percent of the time.
C: $200,000 90 percent of the time.
D: greater than $200,000 10 percent of the
time.
Recording of this session via any media type is strictly prohibited.
Page 91
Assignment 12
Risk Management Environment and Culture
Recording of this session via any media type is strictly prohibited.
Page 92
Risk Centers and Owners
Risk center – unit within an organization at
which level a risk (or risks) is most effectively
managed
Risk owner – individual accountable for
identification, assessment, treatment, and
monitoring of risks in a specific environment
Recording of this session via any media type is strictly prohibited.
Page 93
Advantages of Risk Centers
Reduces the scope of risk analysis
Allows for the involvement of operational
managers
Helps focus on the organization’s strategic goals
and operational objectives
Ensures that risks are managed at the most
appropriate level in the organization
Recording of this session via any media type is strictly prohibited.
Page 94
Risk Attitude
Risk Avoiding
Risk
Optimizing
Risk Seeking
Recording of this session via any media type is strictly prohibited.
Page 95