Transcript Document
Enterprise Cost of Risk (ECOR)
Presented by:
Scot Schwarting ERM002
Director of Risk Management Whirlpool
Linda Conrad
Director of Strategic Business Risk Zurich North America
Recording of this session via any media type is strictly prohibited.
•
Linda Conrad - Director of Strategic Business Risk; Zurich
Linda leads a global team responsible for delivering tactical solutions to strategic issues like business resilience, supply chain risk, Enterprise Risk Management, Total Risk Profiling. Linda addresses enterprise resiliency issues in print and television appearances, including CNBC and Fox Business News, and a Wall Street Journal Microsite. Linda is on the RIMS ERM Committee and Supply Chain Risk Leadership Council. Linda holds a Specialist designation in ERM, and serves on the Educational Board of the Institute of Risk Management in London. •
Scot Schwarting Director of Risk Management Whirlpool
Scot Schwarting joined Whirlpool Corporation as director of Risk Management in 2007. He is responsible for the company’s risk management activities, including actions to further embed Enterprise Risk Management into corporate strategy. Prior to joining Whirlpool, Schwarting held various progressive risk management positions at OSI Industries, Inc., including serving as assistant vice president of Insurance. Schwarting earned a master’s degree in management from North Park University’s School of Business and a bachelor’s degree from North Central College.
Recording of this session via any media type is strictly prohibited.
Page 2
ECOR Session Objectives
1. Define Traditional Cost of Risk (TCOR) and Enterprise Cost of Risk (ECOR) across entire organization – both insurable and uninsurable exposures 2. Understand risks that could cost the company money 3. Determine how a Risk Manager can address ECOR and establish a risk dashboard to identify and monitor risk expenses
Recording of this session via any media type is strictly prohibited.
Page 3
ECOR Background
• Scot Schwarting and Linda Conrad both serve on the RIMS ERM Committee led by Carol Fox • On a Q4 2013 call of RIMS ERM Committee, Linda objected to the use of the term TOTAL in TCOR, since it only includes costs of insurable risk. • Linda suggested that we redefine the term from an enterprise perspective, to include other costs of risks hidden in the organization • Linda proposed that we call this ECOR for Enterprise Cost of Risk
Recording of this session via any media type is strictly prohibited.
Page 4
ECOR in the media
Subsequently in 2014, Carol Fox began promoting this broader concept in an article for CFO.com article called ‘Total Cost of Risk’ Redefined Author Caroline McDonald writes: “Risk managers, often seen mostly as insurance buyers, have work to do in expanding their view of risk to match those of senior executives and board members….Today, senior executives and boards think of risk in much broader terms, and risk managers need to see themselves as more than insurance buyers.” Carol Fox, director, strategic and enterprise risk practice at the Risk and Insurance Management Society, agreed: “CFOs don’t think of total cost of risk as what we’re measuring.” While insurance remains important for transferring risk and protecting the balance sheet, Fox said, companies are trying to strengthen their overall risk-management capabilities with an eye to overcoming obstacles to reaching organizational goals. “They’re looking at what their strategic plans are and how those play into risk scenarios,” she said
Recording of this session via any media type is strictly prohibited.
Page 5
ECOR in the media
In the same article, we hear from Rich Sarnie, vice president of risk management at the Great Atlantic & Pacific Tea Co. “We need to expand it and make sure it includes all the risks and the costs associated with those risks, not just the insurable ones.” Mr. Sarnie says, “Executives are much more focused on risk management these days, but “it’s not the insurable risks that are keeping them up at night. It’s other risks,” said Sarnie. Such risks include the availability of affordable financing, reputational risk, supply-chain risk, and technology or social-media risk. Boards “want to know how we are identifying those risks and how we are managing them, plain and simple.” http://ww2.cfo.com/risk-management/2012/07/total-cost-of-risk-redefined/
Recording of this session via any media type is strictly prohibited.
Page 6
Evolution of Enterprise Risk and Resilience Management (ERM)
Recording of this session via any media type is strictly prohibited.
Source: 2013 The Corporate Executive Board Company Page 7
Session Objectives
1. Define ECOR across entire organization – both insurable and uninsurable – including “hidden”
2. Understand risk exposures that could cost the company money and how a Risk Manager can address them 3. Establish a risk dashboard to identify and monitor risk expenses
Recording of this session via any media type is strictly prohibited.
Page 8
Total Cost of Risk (TCOR)
• What is TCOR?
• It is a company’s Total Cost of Risk to insure its organization • What does TCOR include?
• Risk Transfer Premium • Retained Losses • Risk Management Admin (Staff) • Claims Costs (Internal and External) • Loss Control (Internal and External) • Collateral Costs • Risk management teams can also measure incidents and claims versus real operational yardsticks, such as employee hours worked, customer traffic in stores or miles driven for employees.
Recording of this session via any media type is strictly prohibited.
Page 9
Total Cost of Risk (TCOR)
• What is NOT in TCOR?
• Uninsurable and non-hazard risk • • What else does Senior Management and the Board need to manage?
What is the opportunity to redefine and expand our view of risk?
Recording of this session via any media type is strictly prohibited.
Page 10
Enterprise Cost of Risk (ECOR)
• What is ECOR?
• It is a company’s Enterprise Cost of Risk to manage its organization • What does ECOR include?
• Risk expenses that derive from other business activities which are ‘less insurable” but no less costly to the organization • Sound risk stewardship now demands an enterprise risk management approach that addresses exposures and opportunities from all angles • Risk managers can search for emerging issues, risk costs and unexpected interconnections – concentration and correlations – which may not be as visible from a decentralized viewpoint.
Recording of this session via any media type is strictly prohibited.
Page 11
• • • •
How to determine ECOR
Break the cost into buckets to see what we do and do not yet know • • • What might these buckets include and their sources: Hazard Total Cost of Risk – insured and non insured insurable losses Financial risks – Balance sheet reserves – Liabilities – short & long term Shareholder risks – 8K reportable events, they are material and unexpected • • • What are we left with?
Drivers of risk that are part of strategy and are soft measures Example HR – open positions, by level, by band, by discipline Can we put a number to these? Department’s contribution to Sales example or profit?
• • What are the opportunities to measure Enterprise Cost of Risk CEB and other studies show strategy is biggest risk? How quantified?
68% of risk to shareholder value is therefore the opportunity space for risk management
Recording of this session via any media type is strictly prohibited.
Page 12
ECOR wheel
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 13
Enterprise Resilience Challenges
Source: Gary Larson
Recording of this session via any media type is strictly prohibited.
Page 14
Session Objectives
1. Define ECOR across entire organization – both insurable and uninsurable – including "hidden“
2. Understand risk exposures that could cost the company money and how a Risk Manager can address them
3. Establish a risk dashboard to identify and monitor risk expenses
Recording of this session via any media type is strictly prohibited.
Page 15
Risks that matter the most
Market capitalization loss of 50% at top 20% of Fortune 1000
Source: CEB Audit Leadership Council
Recording of this session via any media type is strictly prohibited.
Page 16
Share price declines in 1mo.
Frequency of contributing causes on value losses
Recording of this session via any media type is strictly prohibited.
Deloitte –The Value Killers Revisited, 2014 Page 17
Change in causation demands a change in risk management
Recording of this session via any media type is strictly prohibited.
Source: Deloitte –Disarming the Value Killers, 2005 Source: Deloitte –The Value Killers Revisited, 2014 Page 18
Looking back with hindsight
In 62 days WHR lost $4.4B Shareholder Equity 19 Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Page 19
Why does it matter?
Time required for share price to recover
Recording of this session via any media type is strictly prohibited.
Source: Deloitte –Disarming the Value Killers, 2005
Page 20
Looking back with hindsight
1 ½ Years to return share price 21 Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Page 21
What Does ECOR Include?
• • • • • • • • Results from discontinued operations Mergers, acquisitions & divestitures - in notes to financial statement and balance sheet and income statement S&P rating reviews - example: extreme event management - could impact rating and cost of capital Gains & losses from Foreign currency - line item on Profit & Loss Statement Intellectual capital –copyright infringement HR and key executive management - talent risk - could be on lots of line items on balance sheet and income statements: level of premium you write / sales, amount of losses because of bad pricing. Also difficult to attract people, finders fees - cost of operations or Human Resources Simulating how different risks may happen at different times (multiple lines occur at different times across calendar year) Goodwill - calculated but not reflected
Recording of this session via any media type is strictly prohibited.
Page 22
What Does ECOR Include?
• • • • • • Legal costs - settlements, judgments - in operating costs (whether HR related, trade sanctions, bad faith, D & O etc.) - what are the counter measures, actions to mitigate have costs Fines, penalties - OFAC, Foreign Corrupt Practices Act (FCPA) - may go as operations expense to company or a business unit Manual workarounds – how to estimate costs Project risk and initiatives - project budget, cost overruns, opportunity cost if not ready on time, Concentration risk (Letters of credit to secure assets, diversify banks, have limits and use highly rated risks) - purchase fee and recovery shown in bad debt expense line item on income statement) Concentration risk by country, by category of investment, by banking, by counterparty, by asset classes (like mortgage backed security), etc. how much foreign securities you can hold (ex 10% of net worth as set by NY insurance code)- if some investments permanently lose value it will show as investment loss on income statement
Recording of this session via any media type is strictly prohibited.
Page 23
What Does ECOR Include?
• Opportunity cost? - income statement shows what did happen but does • • • • • not show what could happen. When we do project proposals, we try to anticipate opportunity cost as Cost Benefit Analysis (CBA), and it is implicit in our prioritization of initiatives / projects. Every project we don’t do, we lose the potential benefit. Do you validate project assumptions and benefit "promises"? Do you go to quantify success?
Example: remote workspace can be purchased for 100K /year for 10 years. Business Interruption (BI) could be impact on inability to do business (at x $ per day) Example: TCOR willing to spend a million per year to reduce WC costs by 25 mil, and cost is recovered. Defense costs, medical cost containment, prescription controls Claims settlement : Marine example of value of goods shipped, but do you capture the administrative time to process? Strategic planning - missed targets, EPS, sales Ways to be green: fleet or light bulbs - loss of customers if you are not?
Recording of this session via any media type is strictly prohibited.
Page 24
Whirlpool – negative events
Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Page 25
Whirlpool – positive events
Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Page 26
Whirlpool – net impact
Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Adapted from Source: ©Teacher & Educational Development, University of New Mexico School of Medicine, 2005 Page 27
Looking forward with insight
28 Source: Whirlpool
Recording of this session via any media type is strictly prohibited.
Page 28
Session Objectives
1. Define ECOR across entire organization – both insurable and uninsurable – including "hidden“ 2. Understand risk exposures that could cost the company money and how a Risk Manager can address them
3. Establish a risk dashboard to identify and monitor risk expenses
Recording of this session via any media type is strictly prohibited.
Page 29
Aligning Key Performance and Key Risk Indicators
• Key Performance Indicators (KPIs) help a firm see how it is performing in relation to its strategic goals and objectives. • Key Risk Indicators (KRIs) are leading indicators of risk to business performance, giving early warning about potential risk event • Zurich uses KRIs to monitor risks in the areas such as: • natural catastrophe risks (as % of group shareholder equity) • asset-liability matching (duration mismatch) • strategic asset allocation (% allowed in investment category) • credit risk (weighted average credit rating) • other risks specific to business or functional areas Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 30
Key Risk Indicator example
ERM Vulnerability: • Inability to attract and retain necessary talent, especially in key Possible KRI metrics to track risk significance and / or mitigation • Personnel turnover, especially in key operational areas • Number of declined job offerings • Time to fill job openings, especially key spots • Client disputes and / or losses • Qualitative measures, such as feedback obtained from HR areas personnel Source: Zurich
Recording of this session via any media type is strictly prohibited.
Process for Developing KRIs
For each KRI: • Establish the base or current condition • Define the target condition and the escalation threshold point. ‒ Establish KRI thresholds that indicate when vulnerability or impact have elevated to an unacceptable tolerance level. ‒ When thresholds are reached, protocols are established that escalate emerging risk information to the appropriate stakeholders. KRI is at target level or better KRI is at an acceptable level, trending toward unacceptable KRI is at threshold and risk is at unacceptable level • Determine frequency of measurement and reporting (e.g., quarterly, annually) by audience Source: Juniper Networks
Recording of this session via any media type is strictly prohibited.
Page 32
A risk scenario
Vulnerability What? Where?
Trigger(s) How?
Why? Existing Controls If any… Consequence(s) How big?
How bad?
How much? Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 33
Link risk scenario to business goal
Vulnerability What? Where?
Controls If any… Trigger(s) How?
Why? Consequence(s) How big?
How bad?
How much? Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 34
Link key performance indicators
Vulnerability Trigger(s) Consequence(s) What? Where?
How?
Why? How big?
How bad?
How much? Controls If any… Strategic Objective When? What? Where?
Who?
Key Performance Indicator(s) When? What? Where?
Who?
Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 35
Link key risk indicators to business
Vulnerability Trigger(s) Consequence(s) What? Where?
How?
Why? How big?
How bad?
How much? Strategic Objective When? What? Where?
Who?
Key Perform Indicator(s) When? What? Where?
Who?
Key Risk Indicator(s) When? What? Where?
Who?
Controls If any… Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 36
Link key risk indicators to business
Vulnerability Improve customer satisfaction Controls If any… Triggers Sales structure not aligned Consequence Poor customer satisfaction Strategic Objective Drive Satisfaction Key Perform Indicators Top customers assigned Client Execs No top client account team Customers move to competitors Escalations reduced Key Risk Indicators Customer Satisfaction Index Improved Lack of appropriate support & training Loss of revenue Fewer Returns Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 37
What you need to report & manage KRIs
Operational units held responsible or accountable
Source: Juniper Networks
Recording of this session via any media type is strictly prohibited.
Page 38
Understanding ECOR measurement
Risk How does it manifest Where does cost show up
Discontinued Operations S&P Rating Actual cost of running out of a portfolio exceeds initial estimate Negative outcome, of review Profit/Loss Statement Increase in cost of capitol Event risk M&A, divestiture Foreign exchange costs of operations Legal costs, settlements, judgments Talent management Increased integration costs, not realizing expected benefits Increased volatility in earnings Higher than normalized legal and settlement expenses Higher than normal employee turnover, vacancies filled externally • • Concentration risk few customers/suppliers adequately diversified (asset type, country of investment, currency of investment Higher cost of operations loss in value of investments investment portfolio not Source: Zurich Higher cost of operations Profit/Loss statement Profit/loss statement Reduced profitability Profit/loss statement Initially on balance sheet
Recording of this session via any media type is strictly prohibited.
Page 39
Understanding ECOR measurement
Risk How does it manifest Where does cost show up
Project Management Inefficient processes Project Management Inefficient processes • • • Cost overruns Opportunity cost (not completed on time) Do not deliver expected benefits • • • • • Higher cost of operations Manual ‘work arounds’ that may compromise internal controls Cost overruns Opportunity cost (not completed on time) Do not deliver expected benefits • • Higher cost of operations Manual ‘work arounds’ that may compromise internal controls • • • Balance Sheet Not captured in financial statements Not captured in financial statements Non-financial hence not captured in financial statements • • • Balance Sheet Not captured in financial statements Not captured in financial statements Non-financial hence not captured in financial statements Source: Zurich
Recording of this session via any media type is strictly prohibited.
Page 40
Sample Project Risk Dashboard
Overall Project Risk Current Key Risk Indicators Report Portfolio: 00_Group large Projects - in flight Updated on: February 18, 2014 Project Nam e Status Report Review Date Division Previous Month (-2) Previous Month (-1) Current Scope Managem ent Clarity of Business Benefits On-Tim e Delivery Rem aining on Project Budget Stakeholder Engagem ent Open Issues Approved End Date Revised Approved End Date Projected End Date Project Status
Open/A ppro ved P ro ject A B C 11.02.2014
UK Yello w Yello w Yello w Green Yello w Yello w Green Green Yello w 06.10.2014
06.10.2014
06.10.2014
Open/A ppro ved P ro ject DEF 11.02.2014
UK Green Yello w Yello w Green Green Yello w Green Green Yello w 01.05.2015
Open/A ppro ved P ro ject GGG 03.02.2014
US Green Green Green Green Green Green Green Green Green 31.12.2014
31.10.2014
P ro ject 123 05.02.2014
IT Green Green Green Green Green Green Green Green Green 31.03.2014
31.03.2014
31.03.2014
A ssumed Co mpleted Open/A ppro ved P ro ject 456 07.02.2014
NA NA NA Green Green Green Green Green Green Green 31.12.2014
31.12.2014
31.12.2014
Open/A ppro ved P ro ject delta P ro ject Go P ro ject M ary pro ject B o b 07.02.2014
GC 05.02.2014
EU 05.02.2014
FA 04.02.2014
FA P ro ject M essy P ro ject all o k 06.02.2014
04.02.2014
NA FA pro ject no thing wo rks 13.02.2014
UA Ho pe it wo rks Ist all o k 11.02.2014
11.02.2014
Glo bal GE No pro blems Cyclo ne Dubio us Ro cket launcher 03.02.2014
04.02.2014
05.02.2014
07.02.2014
GE GE SW EU A bbreviatio ns: YTD = Year-to -Date, FY = Full Year Green Green Green Red Green Green Green Green Green Green Yello w Green Green Green Yello w Green Green Green Red Green Green Green Green Green Green Green Green Green Green Green Green Green Green Green Red Green Green Green Green Green Green Green Yello w Green Green 31.12.2012
31.12.2014
03.06.2013
31.12.2014
31.12.2013
30.03.2015
27.03.2014
31.12.2014
19.03.2014
Open/A ppro ved 30.03.2015
Open/A ppro ved 26.09.2014
Open/A ppro ved 30.12.2014
Open/A ppro ved Green Green Green Green Green Green Green Green 27.02.2015
27.02.2015
27.02.2015
Open/A ppro ved Green Green Green Green Green Green Green Green 02.07.2010
30.09.2013
17.02.2014
Open/A ppro ved Green Green Green Green Green Green Green Green 13.11.2013
13.11.2013
14.03.2014
Open/A ppro ved Red Yello w Green Yello w Green Green Green Yello w 01.04.2013
28.11.2014
28.11.2014
Open/A ppro ved Green Green Green Green Green Green Green Green 31.03.2014
31.03.2014
31.03.2014
Open/A ppro ved Green Green Green Green Green Green Green Green 14.02.2014
14.02.2014
14.02.2014
Open/A ppro ved Green Green Green Green Green Green Green Green 30.06.2014
15.05.2014
20.05.2014
Open/A ppro ved Green Green Green Green Green Green Green Yello w 30.06.2014
30.06.2014
31.12.2014
Open/A ppro ved Green Green Green Green Green Green Green Yello w 31.03.2014
31.03.2014
Recording of this session via any media type is strictly prohibited.
Source: Zurich Simple Sco recard: 00_Gro up large P ro jects - in flight as o f: February 18, 2014 Page 41
Developing a dashboard
4 2
Recording of this session via any media type is strictly prohibited.
Source: Whirlpool Page 42
How can ECOR help business?
Robust risk culture and ERM can yield greater enterprise resilience: 59% Increased profitability 62% Reduced earnings volatility 86% Better risk - based decisions (learn from risk information + mistakes) 80% Increased management accountability (shareholder confidence) 79% Aligned governance practices
Recording of this session via any media type is strictly prohibited.
Page 43
Linking risk culture and results
A 2012 Federation of European Risk Managers Association (FERMA) study found firms demonstrating a more mature approach to Risk Management have better financial results • EBITDA growth of over 10% was generated by 28% of companies with “advanced” risk management practices, compared with just 16% of firms with “emerging” practices • Revenue growth of 10% was shown by 29% of companies with “advanced” practices, compared with 18% of companies with “emerging” practices Creating an active risk culture can be correlated with higher growth, as organization becomes more aware and accountable for risk.
Recording of this session via any media type is strictly prohibited.
Page 44
The proof is in the results
• Using Total Risk Profiling, Zurich moved from an asset-based approach to risk based approach for operational risk quantification and capital allocation • One Zurich business unit reduced operational risk-based capital (RBC) consumption by 21.7 percent • The business unit then identified high risk exposures, performed a deeper assessment and developed mitigation • They had an additional reduction of 28.9 % in operational RBC consumption • Capital not consumed was then available to fund profitable growth for Zurich.
Recording of this session via any media type is strictly prohibited.
Page 45
Another example of results
After pursuing a diversified financial services strategy for several years, Zurich reported a significant financial loss in 2001, leading to changes in leadership, and a renewed focus on underwriting: • Spun off reinsurance division, sold asset management business • Appointed new CEO, new Chief Risk Officer in 2002 • Guided by a robust Risk Policy, emphasized Enterprise Risk Management and implemented processes to measure and monitor risks to earnings, capital and reputation from all sources: • • Strategic Insurance • • Market Credit • • Liquidity Operational Zurich maintained a AA S&P rating through the 2008-2009 financial crisis and recently reported its 44th consecutive quarter of positive net earnings.
Recording of this session via any media type is strictly prohibited.
Page 46
The information in this presentation was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this presentation and sample policies and procedures, including any information, methods or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances The subject matter of this presentation is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. © 2014 The Zurich Services Corporation.
Recording of this session via any media type is strictly prohibited.
Page 47