Enterprise Risk Management and Business Continuity,

Download Report

Transcript Enterprise Risk Management and Business Continuity,

Enterprise Risk Management
and
Business Continuity
Rick Gorvett, FCAS, MAAA, ARM, FRM, Ph.D.
Actuarial Science Professor
Departments of Mathematics and Finance
University of Illinois at Urbana-Champaign
Crisis Management & Business Continuity Seminar
Bloomington, IL
October 10, 2003
Agenda
•
•
•
•
About me
A risky world
Broadening our perspective
Enterprise risk management (ERM)
– Evolution
– Current state
– Relationship to Business Continuity
• Conclusion
“Who am I? Why am I here?”
- Admiral James Stockdale, 1992
• Currently
– Professor, Depts. of Mathematics and Finance
– University of Illinois at Urbana-Champaign
• Prior
– Senior Vice President
– Director of Internal Audit & Risk Management
•
•
•
•
•
Internal Audit
Corporate Investigations
Risk Management
Enterprise Risk Management
Business Continuity
A Risky World
And it just seems to be getting riskier!
• What’s getting riskier about our world?
• What isn’t ?
– Perhaps aspects of technology, medical care,…?
• Evidence of riskiness
– Catastrophic events in a more crowded world
with greater vulnerabilities
– Current events
– Books – e.g., Safe Food: Eating Wisely in a
Risky World
– Financial markets
Why Worry About
Interest Rate Risk? (cont.)
Change in Annualized
Return (Percentage
Points)
Monthly Change in U.S. T-Bill
(Annualized) Returns
4
2
0
-2
-4
-6
Month (Jan 1934 through June 2003)
Data per FRED II, St. Louis FRB, for 3-Month T-Bills, Secondary Market
Why Worry About
Interest Rate Risk? (cont.)
Historical Term Structure
U.S. Treasuries
18
16
Percentage Rate
14
12
3-month
10
1-year
8
5-year
10-year
6
4
2
0
1977
1983
Calendar Month (1977 to 1983)
Data per FRED II, St. Louis FRB
Why Worry About FX Risk?
Time Series of Annual Percentage Changes in Exchange Rates
Japanese Yen / U.S. Dollars
(Data per FRED, St. Louis FRB)
Percentage Change
30.0%
20.0%
10.0%
0.0%
-10.0%
-20.0%
-30.0%
1971
1975
1979
1983
1987
Year
1991
1995
1999
Steps in the
Risk Management Process
•
•
•
•
•
•
•
Determine the corporation’s objectives
Identify the risk exposures
Quantify the exposures
Assess the impact
Examine alternative risk management tools
Select appropriate risk management approach
Implement and monitor program
The Bottom Line:
It All Boils Down to Capital
• “Capital”
– Assets less liabilities; owners’ equity; net worth
– Support for (riskiness of) operations
– Thus, supports profitability and solvency of firm
• “Capital Management”
– Determine need for and adequacy of capital
– Plans for increasing or releasing capital
– Strategy for efficient use of capital
Why Do We Care About
Managing Capital?
• Leads to solvency and profitability
• Benefits of solidity and profitability
–
–
–
–
–
–
–
Higher company value
Happy claimholders
Better ratings
Less unfavorable regulatory treatment
Ability to price products competitively
Customer loyalty
Potentially lower costs
The “Problem” With Capital
• A certain amount of capital is needed in order to
promote solvency
– Thus, we need to be able to raise capital
• But.... If there is too much capital, profitability
(as measured by return on equity) will suffer
– Thus, we need to be able to efficiently deploy capital
What Does Capital
Management Entail?
Raising
Capital
Setting
Objectives
Risk
Management
Product
Pricing
Capital
Management
Asset
Allocation
Financial
Risk Mgt.
Strategic
Planning
Liability
Valuation
Financial Theory and
Capital Management
• Why bother to worry about financing or FRM
(or any risk management activity), in light of
the “capital structure irrelevance proposition”?
• Modigliani-Miller (1958): if financing does
matter, it must be because of one or more of:
– Tax effects – convex tax function
– Financial distress / bankruptcy costs
– Effects on future investment decisions
Capital Structure - Reality
• Modigliani-Miller Proposition: capital
structure decision is irrelevant to firm value,
under certain “friction-free” assumptions (e.g.,
no taxes)
• But: in reality, there are taxes
• There are also costs associated with financial
distress
• Different corporate situations may indeed lead
to different capital investment decisions
Likelihood
Impact of Financial Risk Management
on Cash Flow Volatility
Post-FRM
Pre-FRM
Cash Flow
Enterprise Risk Management
• Or “Enterprise Risk and Assurance
Management”
• What is ERM?
– Concerned with a broad financial and operating
perspective
– Recognizes interdependencies corporate,
financial, and environmental factors
– Strives to determine and implement an optimal
strategy to achieve the primary objective:
maximize the value of the firm
Goals of ERM
• Ensure business continuity
• Enhance opportunities for the company to
achieve its objectives
• Create and increase company value
• Make risk management more cost-efficient
• Stabilize earnings
Evolution of ERM
• Historically: “risk silo” mentality
• Mid-1990s:
– First “Chief Risk Officer”
– First use of ERM terminology
• Late-1990s:
– Risk-related regulatory requirements (e.g., Turnbull)
– Earnings protection insurance debuts
• 2001:
– September 11
– Corporate scandals
– Beginning of efforts to improve corporate governance
Current State
• Findings from various surveys
– An acknowledged need to improve risk
management
– A recognition that a holistic approach is
appropriate and preferable
– ERM can improve overall capital management and
thus enhance corporate value and competitiveness
– A variety of approaches to improving risk
management
– There are still problems to overcome
A Paradigm Shift
Traditional
Emerging
• Risks managed in silos
• Concentrates on
physical hazards and
financial risks
• Insurance orientation
• Ad hoc / one-off
projects
• Centralized mgt., with
exec-level coordination
• Integrated consideration
of all risks, firm-wide
• Opportunities for
hedging, diversification
• Continuous and
embedded
Types of Risks
• Operational
– Hazard
– Physical
• Strategic
– Capital / resource allocation
– Industry / competitors
• Technological
– Databases
– Security
– Confidential information
• Stakeholder
• Legal
– Compliance
– Regulatory
• Financial
– Capital markets
– Credit risks
– Taxes
• Human capital
– Retention
– Training
• Reputational
Issues in ERM Implementation
• Different corporate cultures require different
ERM approaches
• Who is going to be the ERM champion within
the company
– Among senior executives
– Among departments / functions
• How to embed a risk management culture and
responsibilities throughout the firm
Components of the ERM Process
• Determine corporate objectives
Likelihood
• Risk identification
– Goal: comprehensiveness
Impact
– E.g., self-assessment
– Volatility measures
– Value at Risk (VaR)
Likelihood
• Risk measurement
Size of loss
Components of ERM (cont.)
• Assessing the impact
– Stress or scenario testing
– Stochastic simulation
• Examine and select alternative risk
management tools and techniques
– Traditional risk transfer
– Natural hedging / diversification
– Integration of risks
E.g.,
“dynamic
financial
analysis”
An Analytic Technique:
Dynamic Financial Analysis
• Dynamic
– Stochastic / variable – not fixed / static
– Reflects uncertainty
• Financial
– Integration of financial, operational, etc., factors
– Assets and liabilities
• Analysis
– “An examination of a complex, its elements and
their relations”
– Complex: “a whole made up of complicated or
interrelated parts”
Definition of “DFA”
“Dynamic Financial Analysis is the process by which
an actuary analyzes the financial condition of an
insurance enterprise. Financial condition refers to
the ability of the company’s capital and surplus to
adequately support the company’s future operations
through an unknown future environment.
:
The process of DFA involves testing a number of
adverse and favorable scenarios regarding an
insurance company’s operations. DFA assesses the
reaction of the company’s surplus to the various
selected scenarios.” -- CAS DFA Handbook
Key Ideas in this DFA Definition
• “Financial condition”
– Specifically, capital and surplus
• “Future operations”
– Going concern
• “Unknown future environment”
– Uncertainty / stochastic
• “Testing a number of.... scenarios”
– Analysis across different environments
• “Assesses the reaction of.... surplus”
– Analyze acceptability of results
Types of DFA
• Scenario testing
–
–
–
–
Projects results under specific conditions
Catastrophe, interest rate shift
Used for cash flow or stress testing
New York Life Insurance Regulation 126
• Stochastic simulation
– Models uncertainty components by distributions
– Uses randomly selected values to calculate a large
number of outcomes
– Evaluate risk by proportion of unacceptable
outcomes
Sample DFA Model Output
P R O B A B IL IT Y
Distribution for SURPLUS /
Ending/I115
0.16
0.13
0.10
0.06
0.03
0.00
6.8
13.9
21.1
28.2
Values in Hundreds
35.4
42.5
49.7
Keys to Success in ERM
• Senior management commitment and
sponsorship
• Embed a “risk management culture” in the
corporation at the operational level
• Provide for accountability, both specific and
widespread
• Clearly defined responsibilities for
coordination and maintenance
• Adequate communication
Keys to Success in
Business Continuity Planning
• Senior management commitment and
sponsorship
• Provide for accountability, both specific and
widespread
• Clearly defined responsibilities for
coordination and maintenance
• Adequate communication
• Differentiate BCP from “technology disaster
recovery”
Conclusion
“The revolutionary idea that defines the
boundary between modern times and the past
is the mastery of risk”
- Peter Bernstein, Against the Gods