![Page 1: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/1.jpg)
Maximizing Value Through Enterprise Risk Management
James LamPresidentphone: 781.772.1961Email: [email protected]: www.jameslam.com
ERM CourseMay 3, 2005
![Page 2: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/2.jpg)
2
Our president, James Lam, has spent 20 years in risk management
Professional President, James Lam &
Associates Founder and President, ERisk Partner, Oliver, Wyman &
Company CRO, Fidelity Investments CRO, Capital Markets Services
Inc., a GE Capital company
Industry Activities PRMIA Blue Ribbon Panel Member GARP Inaugural Financial Risk
Manager of the Year (1997) Published over 50 articles and
book chapters Quoted in Wall Street Journal,
Financial Times, Risk Magazine, and CFO Magazine
Academic Senior Research Fellow, Beijing
University Adjunct Professor, Babson College Lectured at Harvard Business
School as the subject of a HBS case study
MBA, UCLA School of Business BBA, Baruch College
Client Solutions
Consulting – ERM, strategic risk, financial risk, and operational risk
Software – Operational risk (with OpenPages) and ERM Dashboard (CXO Systems)
Training – board and management workshops
![Page 3: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/3.jpg)
3
We are singularly focused on risk management
Areas of Expertise Enterprise risk management Market risk management Credit risk management Operational risk management KRIs and risk reporting
Client Solutions
Consulting services Software products
• CXO Systems• OpenPages
Training programs
![Page 4: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/4.jpg)
4
As discussed in James’ recent book, we define ERM as a value added function
“An integrated framework for managing credit risk, market risk, operational risk, economic capital, and risk transfer in order to maximize firm value.”
Definition of ERM:
![Page 5: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/5.jpg)
5
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
![Page 6: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/6.jpg)
6
ERM is useful because the risks faced by companies are highly interdependent
Business Risk
OperationalRisk
FinancialRisk
IT and business process
outsourcing
Derivatives documentation and counterparty risk
FX risk in a new foreign market
Enterprise-Wide Risks Financial Risks
MarketRisk
LiquidityRisk
CreditRisk
Credit Risk Associated with
Investments
Credit Risk Associated with Borrowers and Counterparties
Funding Liquidity
Asset Liquidity
![Page 7: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/7.jpg)
7
Traditionally, risks were managed within organizational “silos”
StrategicRisk
BusinessRisk
FinancialRisk
OperationalRisk
Who
How
• Board of Directors
• CEO
• CFO
• Treasurer
• Business Managers
• Project Managers
• Internal Audit
• Compliance
• IT
• Strategic planning
• EVA
• Balanced scorecard
• Country and credit limits
• Trading and ALM Limits
• Financial derivatives
• Controls
• Audits
• Contingency planning
• Insurance
• Product plans
• Business reviews
• Project management
![Page 8: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/8.jpg)
8
Benefits
ERM is widely recognized as the best practice approach
Financial InstitutionsBarclays
GE CapitalJP Morgan Chase
Fidelity Investments
Non-Financial CorporationsMicrosoft
BoeingDuke Energy
Ford
Enterprise Risk Management
Chief Executive Officer/Chief Fisk Officer
Strategic Risk
Board
CEO
Business Risk
Line managers
Project Managers
Financial Risk
CFO
Treasurer
Operational Risk
Internal Audit
Compliance
IT
Broadens risk
awareness
Aligns risk profile and strategy
Minimizes surprises
and losses
Rationalizes capital
requirements
Assures regulatory
compliance
Improves ROE and
shareholder value
![Page 9: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/9.jpg)
9
The growing acceptance of ERM is driven by four key forces
Corporate Disasters
• Enron• WorldCom• Adelphia• Mutual Funds
IndustryInitiatives
• Treadway Report, US• Turnbull Report, UK• Dey Report, Canada
Best Practices
• Banks• Asset Managers• Energy Firms• Corporations
RegulatoryActions
• S.E.C.• Sarbanes-Oxley• Basel II
EnterpriseRisk
Management
![Page 10: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/10.jpg)
10
A proactive approach to ERM is based on best practices, not regulations
Reactive Approach Proactive Approach
Current state
New industry
standards
Sarbanes- Oxley
Basel II
Governance Requirements
Desired state (best practices or best-in-class
practices)
• Benchmarking • Gap analysis• Recommendations
• Common themes• Unique standards
Sarbanes- Oxley Basel II
New industry
standardsGovernance
Requirements
?
?? ?
?
CEO
![Page 11: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/11.jpg)
11
Early adopters of ERM have reported significant and tangible benefits
Benefit Company Actual Results
Market value improvement Top money center bank Outperformed S&P 500 banks by 58%
Early warning of risks Large investment bank Global risk limits cut by 1/3 prior to Russian crisis
Loss reduction Top asset management company
Loss-to-revenue ratio declined by 30%
Regulatory capital relief Large commercial bank $1 billion regulatory capital relief
Insurance cost reduction Large manufacturing company
20-25% reduction in insurance premium
![Page 12: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/12.jpg)
12
Annualized total shareholder returns (1998-2003) for differing degrees of risk model sophistication and business application
Source: PA Consulting Survey of Global Banks
![Page 13: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/13.jpg)
13
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
![Page 14: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/14.jpg)
14
Establish an ERM framework – policies, processes, and systems
Manage risk interdependencies and aggregations
Provide risk transparency to key stakeholders
Ensure company practices meet or exceed regulatory requirements
Balance business and risk requirements, and avoid “irrational exuberance”
Optimize risk/return by integrating ERM into strategic planning and day-to-day business processes
Attract, retain, and develop talented risk professionals
The role of a chief risk officer
![Page 15: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/15.jpg)
15
An ERM framework should encompass seven key building blocks
2. Line Management
Business strategy alignment
3. Portfolio Management
Think and act like a “fund manager”
4. Risk TransferTransfer out
concentrated or inefficient risks
5. Risk Analytics
Develop advanced analytical tools
6. Data and Technology Resources
Integrate data and system capabilities
7. Stakeholders ManagementImprove risk transparency for key stakeholders
1. Corporate Governance
Establish top-down risk management
![Page 16: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/16.jpg)
16
The enterprise risk management process
ERM Foundations
Risk Identification and
Assessment
Risk Measurement and Reporting
Risk Mitigation and Management
• Senior management and board participation (“tone from the top”)
• Governance structure
• Resource allocation
• Culture, principles, and values
• ERM framework and policies
• Linkage to strategy, performance measurement and incentives
• Organizational learning
• Top-down assessments– Barriers to strategic and
financial goals– Executive team CSAs
Bottom-up assessments– Barriers to business,
customer, and product goals
– Business unit CSAs– Functional unit CSAs
Independent assessments– Internal audit– External audit– Regulators– Customers– Other stakeholders
• ERM dashboard– Earnings volatility– Key risk metrics– Policy compliance– Real-time event
escalation– Drill-down
capabilities
• Scenario analysis– Historical– Managerial– Simulation-based
• Disclosure– Board reporting– External reporting
• Policy enforcement
• Value-based growth and restructuring strategies
• Risk transfer strategies
• Contingency planning and testing
• Event and crisis management
![Page 17: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/17.jpg)
17
1
Characteristics and sources of effective key risk indicators
Key Risk Indicators
Strategies/Objectives
Regulations & Policies
Losses & Incidents
Stakeholder Requirements
• Business plans• Management goals• Performance metrics
• Legal requirements• Regulatory standards• Policy limits
• Actual losses• Incidents• Industry data
• Customers• Vendors• Other
Reflect objective measurement
2Incorporate risk drivers:• Exposure• Probability• Severity• Correlation
3 Be quantifiable – $, %, #
4 Track in time
series against standards or limits
5 Tie to objectives, risk owners, and risk categories
6Balance of leading
and lagging indicators 7
Be useful – support business decisions and actions
8Can be benchmarked
internally or externally
9Timely and
cost effective
10Simplify risk without being simplistic
![Page 18: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/18.jpg)
18
Data Mining
CREDIT RISK
MARKET RISK
BUSINESS RISK
OPERA-TIONAL
RISK
ERM Dashboard
RISK “PILLARS”
Internal and External Data
Basic ERM applications:
• Executive reporting
• Key risk indicators
• Loss/incident tracking
• Control self assessments
• Early warning indicators
• Risk mitigation projects tracking
• ERM content management
Advanced ERM applications:
• Risk transfer
• Economic capital
• Scenario analysis
• Shareholder value management
An ERM dashboard provides an integrated view of all risks, with drill-down capabilities
![Page 19: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/19.jpg)
19
An ERM dashboard should address five key questions for senior management
1. Are any of our strategic, business, and financial objectives at risk?
2. Are we in compliance with policies, limits, laws, and regulations?
3. What risk incidents have been escalated by our risk functions and business units?
4. What key risk indicators and trends that require immediate attention?
5. What are the risk assessments that we should review?
![Page 20: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/20.jpg)
20
Case study:
• $1 trillion of assets under management
• Private company
• Decentralized business culture
Background 3-Year ERM Program• Organized Global Risk Forum
• Implemented annual Global Risk Review
• Automated loss accounting
• Developed ERM framework
• Implemented intranet-based Global Risk MIS
• Experienced significant reduction in loss ratio
![Page 21: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/21.jpg)
21
Risk Metrics
Risk Event Log
Event LossRoot
CausesControlsNeeded
Education
0%
20%
40%
60%
80%
100%
1995 1996 1997 1998
• New associates• Management• Business/Operational processes• Best practices• Lessons learned
Goal
MAP
Actual Loss Experience
85% Decline
Basic risk management processes can lead to significant improvements
![Page 22: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/22.jpg)
22
Expenses
-
Revenue
Equity
-
Losses
M&A
New Business
ERM provides linkage between risk management and key value drivers
Shareholder Value
Growth
ROE
Risk Management by Silos (5, 6)
4. Risk oversight costs5. Insurance/hedging expense
6. Credit, market operational write-offs
7. Capital management8. Risk transparency
9. New business development
10. M&A/Diversification strategy
1. Risk-based pricing2. Target customer selection3. Relationship management
Risk Management Impact
Enterprise risk management (1-10)
Integrated risk management (4–7)
![Page 23: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/23.jpg)
23
Economic capital represents a common currency for risk
Credit RiskEarnings volatility due to variation in credit losses
Market RiskEarnings volatility due to market price movements
Operational RiskEarnings volatility due to changes in operating economics (e.g. volume, margins or costs) or one-off events
Credit Risk
MarketRisk
OperationalRisk
Probability
Change in Value
Enterprise-wide Risk
![Page 24: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/24.jpg)
24
Calculate ROE Calculate Pricing
Exposure $100 mm $100 mm
Margin 2.50%
Revenue $2.5 mm $2.2 mm
Risk Losses <0.5 mm> <0.5 mm>
Expense <1.0 mm> <1.0 mm>
Pre-Tax Net Income $1.0 mm $0.7 mm
Tax <0.4 mm> <0.3 mm>
Net Income $0.6 mm $0.4 mm
Economic Capital $2.0 mm $2.0 mm
RAROC 20%
Economic capital underpins risk-based profitability measurement and pricing
2.20%
30%
![Page 25: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/25.jpg)
25
Companies without risk-based pricing suffer adverse selection
Risk Rating
Price
Will lose competitors who use risk-adjusted
price
Risk-Adjusted Price
Non-Risk-Adjusted Price
AAA AAA BBB
Will win business from competitors but earn below
hurdle rate return
![Page 26: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/26.jpg)
26
Business/risk reviews of major investments and projects
Key Business Assumptions
Monitoring Systems
Trigger PointsManagement Decision or
Action
Volume Margin Losses
What?
By Whom?
+Expected-
Accelerate Maintain Exit
![Page 27: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/27.jpg)
27
ERM requires balancing the hard and soft side of risk management
Hard Side
Measures and reporting
Risk oversight committees
Policies & procedures
Risk assessments
Risk limits
Audit processes
Systems
Soft Side
Risk awareness
People
Skills
Integrity
Incentives
Culture & values
Trust & communication
![Page 28: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/28.jpg)
28
Case study:
New capital markets business
Traders hired from foreign bank
Aggressive business and growth targets
Background 2-Year ERM Program Established risk policies and
systems
Instilled risk culture
Survived “Kidder” disaster
Captured 25% market share with zero policy violations
Recognized as best practice
![Page 29: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/29.jpg)
29
Engaged senior management and board of directors
Established policies, systems, and processes, supported by a strong risk culture
Clearly defined risk appetite with respect to risk limits and business boundaries
Robust risk analytics for intra- and inter-risk measurement, summarized in an “ERM dashboard”
Risk-return management via integration of ERM into strategic planning, business processes, performance measurement, and incentive compensation
Hallmarks of success in ERM
![Page 30: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/30.jpg)
30
Key trends and requirements
Best practices and practical applications
ERM in the future
Discussion outline
![Page 31: Maximizing Value Through Enterprise Risk Management James Lam President phone: 781.772.1961 Email: jameslam@comcast.net Website: ERM Course](https://reader031.vdocuments.net/reader031/viewer/2022013012/56649e265503460f94b16452/html5/thumbnails/31.jpg)
31
1. ERM will become the industry standard
2. CROs prevalent in risk-intensive companies
3. Audit committees will evolve into risk committees
4. Economic capital in; VaR out
5. Risk transfer executed at enterprise level
6. Advanced technologies key to advancement
7. A measurement standard will emerge for operational risk
8. Risk-based or economic reporting becomes standard
9. Risk becomes part of corporate and college programs
10. Salary gap among risk professionals continues to widen
Ten predictions on the future of enterprise risk management