Enterprise Risk Management

Rick Gorvett, FCAS, MAAA, ARM, FRM, Ph.D.Director, Actuarial Science Program

Department of MathematicsUniversity of Illinois at Urbana-Champaign

Finance 590 – UIUCSpring 2005

March 29, 2005

Agenda

• About me• A risky world• Broadening our perspective• Enterprise risk management (ERM)

– Evolution– Current state– Key considerations

• Conclusion

“Who am I? Why am I here?” - Admiral James Stockdale, 1992

• Currently– Director, Actuarial Science Program– Professor, Depts. of Mathematics and Finance– University of Illinois at Urbana-Champaign

• Prior– Senior Vice President– Director of Internal Audit & Risk Management

• Internal Audit• Corporate Investigations• Risk Management• Enterprise Risk Management• Business Continuity

$$

$$ $

$

$$

$

Let X = current academic salaryLet Y = proposed corporate salary

Let Y = 4X

Y > X (or, Y >>> X)

Hmmm....

Enron... Worldcom...Economy...Insurance industry...Gorvett’s Co. Announces$3.4B Loss

An Initial ERM Comment

• You don’t become a famous writer by…– Reading a book– Reading about other authors– Watching someone else write

• Similarly, you don’t become an “Enterprise Risk Manager” by…– Reading a book– Taking a course– Listening to a presentation

Rather, ERM is…

• A complex process…• … involving broad-based and in-depth

knowledge and understanding,…• … requiring an appropriate corporate culture,

…• … and creativity…• … born of a variety of experiences…• … and insatiable curiosity.

A Risky WorldAnd it just seems to be getting riskier!

• What’s getting riskier about our world?• What isn’t ?

– Perhaps aspects of technology, medical care,…?• Evidence of riskiness

– Catastrophic events in a more crowded world with greater vulnerabilities

– Current events– Books – e.g., Safe Food: Eating Wisely in a Risky

World– Financial markets

Steps in theRisk Management Process

• Determine the corporation’s objectives• Identify the risk exposures • Quantify the exposures • Assess the impact• Examine alternative risk management tools• Select appropriate risk management approach• Implement and monitor program

The Bottom Line:It All Boils Down to Capital

• “Capital”– Assets less liabilities; owners’ equity; net worth– Support for (riskiness of) operations– Thus, supports profitability and solvency of firm

• “Capital Management”– Determine need for and adequacy of capital– Plans for increasing or releasing capital– Strategy for efficient use of capital

Why Do We Care About Managing Capital?

• Leads to solvency and profitability• Benefits of solidity and profitability

– Higher company value– Happy claimholders– Better ratings– Less unfavorable regulatory treatment– Ability to price products competitively– Customer loyalty– Potentially lower costs

The “Problem” With Capital

• A certain amount of capital is needed in order to promote solvency– Thus, we need to be able to raise capital

• But.... If there is too much capital, profitability

(as measured by return on equity) will suffer– Thus, we need to be able to efficiently deploy capital

What Does Capital Management Entail?

CapitalManagement

ProductPricing Financial

Risk Mgt.

SettingObjectives

RaisingCapital

StrategicPlanning

LiabilityValuationAsset

Allocation

RiskManagement

Enterprise Risk Management• Or “Enterprise Risk and Assurance

Management”• What is ERM?

– Concerned with a broad financial and operating perspective

– Recognizes interdependencies among corporate, financial, and environmental factors

– Strives to determine and implement an optimal strategy to achieve the primary objective: maximize the value of the firm

Goals of ERM

• Ensure business continuity

• Enhance opportunities for the company to achieve its objectives

• Create and increase company value

• Make risk management more cost-efficient

• Stabilize earnings

Evolution of ERM• Historically: “risk silo” mentality• Mid-1990s:

– First “Chief Risk Officer”– First use of ERM terminology

• Late-1990s:– Risk-related regulatory requirements (e.g., Turnbull)– Earnings protection insurance debuts

• 2001:– September 11– Corporate scandals– Beginning of efforts to improve corporate governance (e.g.,

Sarbanes-Oxley)

Current State• Findings from various surveys

– An acknowledged need to improve risk management

– A recognition that a holistic approach is appropriate and preferable

– ERM can improve overall capital management and thus enhance corporate value and competitiveness

– A variety of approaches to improving risk management

– There are still problems to overcome

A Paradigm ShiftTraditional

• Risks managed in silos• Concentrates on

physical hazards and financial risks

• Insurance orientation• Ad hoc / one-off

projects

Emerging• Centralized mgt., with

exec-level coordination• Integrated consideration

of all risks, firm-wide• Opportunities for

hedging, diversification• Continuous and

embedded

Types of Risks• Operational

– Hazard– Physical

• Strategic– Capital / resource allocation– Industry / competitors

• Technological– Databases– Security– Confidential information

• Stakeholder

• Legal– Compliance– Regulatory

• Financial– Capital markets– Credit risks– Taxes

• Human capital– Retention– Training

• Reputational

Issues in ERM Implementation

• Different corporate cultures require different ERM approaches

• Who is going to be the ERM champion within the company– Among senior executives– Among departments / functions

• How to embed a risk management culture and responsibilities throughout the firm

Components of the ERM Process• Determine corporate objectives• Risk identification

– Goal: comprehensiveness– E.g., self-assessment

• Risk measurement– Volatility measures– Value at Risk (VaR)

Impact

Like

lihoo

d

Size of lossLi

kelih

ood

Components of ERM (cont.)

• Assessing the impact– Stress or scenario testing– Stochastic simulation

• Examine and select alternative risk management tools and techniques– Traditional risk transfer– Natural hedging / diversification– Integration of risks

E.g.,“dynamicfinancialanalysis”

Keys to Success in ERM• Senior management commitment and

sponsorship• Embed a “risk management culture” in the

corporation at the operational level• Provide for accountability, both specific and

widespread• Clearly defined responsibilities for

coordination and maintenance• Adequate communication

Conclusion

“The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk”

- Peter Bernstein, Against the Gods