effective stakeholder engagement v3 - amazon s3
TRANSCRIPT
Effective ERM Stakeholder EngagementALIETIA CAUGHRONChicago Actuarial Association Spring WorkshopsMarch 20, 2018
Introduction
• This presentation is based on a research paper, “Effective ERM Stakeholder Engagement”, sponsored by the Joint Risk Management Research Committee
• Kailan Shang, author• Copyright 2018 Canadian Institute of Actuaries, Casualty Actuarial Society, and the Society of Actuaries
• SOA website: https://www.soa.org/resources/research‐reports/2018/effective‐erm‐stakeholder/
2
Disclaimers• The opinions expressed and conclusions reached by the author are his own and do not represent any
official position or opinion of the Canadian Institute of Actuaries, Casualty Actuarial Society, and Society of Actuaries or their members. The Canadian Institute of Actuaries, Casualty Actuarial Society, and Society of Actuaries make no representation or warranty to the accuracy of the information.
• The views expressed in this presentation are those of the presenter and do not purport to represent the position of CNA.
• The purpose of this presentation is to provide information, rather than advice or opinion. It is accurate to the best of the speaker's knowledge as of the date of the presentation. Accordingly, this presentation should not be viewed as a substitute for the guidance and recommendations of a retained professional. Any references to non‐CNA websites are provided solely for convenience, and CNA disclaims any responsibility with respect to such websites.
• To the extent this presentation contains any examples, please note that they are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional and purely coincidental. In addition, any examples are not intended to establish any standards of care, to serve as legal advice appropriate for any particular factual situations, or to provide an acknowledgement that any given factual situation is covered under any CNA insurance policy. Please remember that only the relevant insurance policy can provide the actual terms, coverages, amounts, conditions and exclusions for an insured. All CNA products and services may not be available in all states and may be subject to change without notice.
3
Approach
• Pilot survey including phone and face‐to‐face interviews
• Online survey sent to members of the Joint Risk Management Section (JRMS) and International Network of Actuarial Risk Managers (INARM)
4
From Risk Officers …
• Helpful tips: Share stories where ERM has led to actionable items and influenced decision‐making; have a real understanding of internal stakeholders’ issues.
• Lessons learned: Use standard ERM terminology• Best parts of Risk Management Practices: Open discussion of risks, understanding the most important ones and taking actions to address them.
• Worst parts: Misunderstanding of risk management as merely auditing and risk avoidance still exists
5
“The first step is to help stakeholders understand that risk management is everyone’s responsibility.”
6
Topics Covered in the Paper• ERM Stakeholders• Current Practices• ERM Stakeholder Engagement
1. ERM Stakeholder Analysis2. Training3. Communication4. ERM Valuation5. Validation6. Accountability7. Culture
• ERM Stakeholder Engagement Example1. Analytic Infrastructure [Economic Capital]2. Product Risk Management3. Performance Measurement
7
Who are ERM’s stakeholders?
• Board of Directors• C‐suite• Functions managing risks in the business operations; risk owners
• Legal & Compliance• Internal Audit
8
Observations on current practices
• Internal stakeholders (excluding risk officers) have a more optimistic view of ERM than risk officers
• Demonstrating and quantifying the value of ERM is the most difficult challenge for risk officers
• Getting support from senior management is the least challenging for risk officers
10
Observations on current practices
• Relationship building, external stakeholder opinions, and effective communication of difficult risk management concepts are the most used and most effective methods of ERM stakeholder engagement
• Lack of resources can be a constraint to meeting new risk management requirements
• Face to face interviews are the most effective method of ERM communication, followed by regular reporting and workshops
12
Challenges with current practices
• Similar challenges to those faced by any innovation• 8 challenges identified including;
1. Difficult to measure the benefit2. Insufficient resources and internal politics3. Potential material changes to existing practices
and creating additional work4. Role of the risk management function and chief
risk office not clearly defined
15
Challenges with current practices
5. Risk management concepts rarely self‐explanatory e.g. stress scenarios, probabilities, stochastic models
6. Credibility of risk assessment results has room to improve
7. Model risk is high8. Value of risk management to improved decision‐
making may be overlooked
16
Sample Risk Attitude Assessment
Undesired Attitude Desired Attitude
Risk management is mainly for risk control and meeting regulatory requirements.
Risk management is also important for business decision‐making.
Risk is not good. Risk is challenging but also rewarding. Smart risk taking is fundamental to our business model.
Identifying risks is embarrassing and politically dangerous.
Identifying risks is the right thing to do.
Risk issues should be handled by the risk management team.
Risk issues should be handled together by all stakeholders.
Taking responsibility for a risk is dangerous. Managing risk is beneficial and rewarding.
19
Stakeholder Training
• Risk Management Framework• Impact on the business• Operational requirements
20
Stakeholder Communication
• Communication of the tone from the top as reflected in the company’s risk appetite statement and risk policies
• Education key to improving stakeholder understanding• Use of data visualization• Evidence‐based communication• Active involvement• Actionable suggestions• Use of plain language for technical information
21
Improving Risk Culture
• Resources include: FSB, rating agency ERM assessments, ORSA, IRMI
• Some key indicators of Risk Culture include:o Tone from the topoAccountabilityo Effective communication and challengeo Incentives
• Culture gap analysis
22
Healthy Risk Culture
1. Risk appetite is clearly defined and communicated by the Board and senior management
2. Roles and responsibilities of risk management are clearly defined
3. Ethics, code of conduct and professionalism are well established and communicated
4. People are encourage to be open‐minded and different opinions are welcomed
5. Risk failures are communicated in a constructive way. The focus is on learning rather than on blaming.
23
Healthy Risk Culture
6. People identify, monitor and manage risk actively and consistently
7. Risks issues can be escalated quickly in the organization
8. Decision makers can get high quality risk information in a timely manner
9. Risk management is effectively communicated and maintains a high level of transparency
10. Risk adjusted metrics are used to measure performance
24
Risk Culture Improvement Process
25
Risk Practices
Current Risk Culture
Intervention
Target Risk Culture
Gap Analysis
Improving Attitudes& Behaviors
Risk Culture Assessment
Action Plan
The benefit of risk management is difficult to recognize.
ERM Project Valuation; Communication; Culture.
Risk management projects may be affected by insufficient resources and internal politics.
Common Stakeholder Engagement Strategy; ERM Stakeholder Analysis; Training; Accountability; Culture.
Risk management may require material changes to existing practices and create additional work.
ERM Stakeholder Analysis; Training; Culture.
The role of the risk management function and the chief risk officer may not be clearly defined.
Accountability.
Risk management concepts are not widely understood.
Communication; Training.
Challenges and Areas of Improvement
26
Challenges and Areas of Improvement
27
The credibility of risk assessment results may be low.
Validation; Communication.
Model risk is high for risk management analysis.
Validation.
Risk management may be considered as risk control.
Communication; Culture.