enterprise risk management (“erm”): more value and more challenges dolores atallo-hazelgreen...

Enterprise Risk Management (“ERM”):

More Value and More Challenges

Dolores Atallo-HazelgreenDeloitte & Touche LLP

April, 2007

Copyright © 2007 Deloitte Development LLC. All rights reserved. 2

Today’s topics

• Introduction

• ERM: Setting Expectations

• ERM Marketplace Perspective– Deloitte & Touche LLP 2006 Global Risk Survey

• ERM: Unlocking the Value

• Questions and Comment


ERM: Setting Expectations



“… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

Source: COSO Enterprise Risk Management – Integrated Framework. 2004. Committee of the Sponsoring Organizations (COSO).

Although there are multiple definitions of ERM, COSO provides a broad definition to support a broad mandate:

Kasparova, Olga

One of the decks also had AS/NZS definitions and Capital Markets definition, not sure if you want to use that version instead or even mention them.


• A process for providing a risk adjusted view of the achievability of enterprise objectives

• A means to enhance informed decision making and risk taking

• An aggregated portfolio view of risks and vulnerabilities and their potential interactions

• A methodology that supports accountability for risk across the organization

• A substitute for management’s judgment

• A bureaucratic exercise that is isolated from the business units

• A guarantee of a zero risk environment

ERM IS ERM IS NOT



• Align risk appetite and strategy• Enhance risk response decision

making• Reduce operational surprises and

losses• Identify and manage cross-enterprise

risks• Seizing opportunity• Improving the deployment of capital• Ensure effective compliance and

regulatory reporting• Focus on Achievement of Objectives

– Strategic

– Operations

– Reporting

– Compliance

ERM Foundation

Linkage of ERM to Business Decisions: ERM Goals

• Internal environment• Objective setting• Event Identification• Risk Assessment• Risk Response• Control Activities• Information and Communication• Monitoring

Top-Down and Bottom-Up: Components of ERM


ERM: Enterprise-Wide View of Risk

ERM function

Board of DirectorsSenior Management

Risk Committees

Business Units

Data Collection• Risk metric inputs

Operationalized View• Practices and procedures• Guidance on risk mitigation

and limit information

Aggregation and Integration• Risk metrics and limit data• Business unit risk

assessment reporting

The Top Down View• Risk appetite, risk policies,

guidelines, and framework

Illustrative


Why ERM: Drivers in Marketplace

Institution

Competition• Significant, well capitalized

competition in all sectors• Consolidation results in

winner survivor bias, continually strengthening competitive environment

Institution

Regulators• Detailed, comprehensive risk

based regulatory requirements• Regulatory capital required for

all risks taken• Proactive regulatory approach

taken

Products• Explicitly focused on risk transfer,

risk/reward, risk mitigation• Priced including effects of risk• Revalued on MTM basis daily or

more frequently• Innovation continues at high level

of complexity

Customers• Competition and provider’s

inability to differentiate increase customer power and pricing pressure

• Create credit risk which must be priced or otherwise accounted for

Investors• Superior risk adjusted returns

sought out – winners rewarded

• Low appetite for unexpected losses

Rating Agencies• Rating agency expectations for

sophisticated risk management• S&P requirements for ERM

benchmarking• High leverage in industry

increases RA focus


Concern for Cost and Overlapping Initiatives

You'd better be good at controlling expenses," Kenneth D. Lewis, Chairman, President, and

CEO Bank of America

"In this interest rate environment we're just going to have to be focused on expenses all the time," Kennedy Thompson,

Chairman and CEO Wachovia Corp.

"It's hard to predict when the environment will improve, but

we're going after the things that we can control, which is

the cost structure” Kerry Killinger, Chairman and CEO

Washington Mutual

“We mustn't allow inefficiencies into our business. We must

carefully manage costs going forward, so that we can

maintain our ability to continue to invest” Clive Standish, CFO

of UBS

"Our 2007 priorities are clear: generating sustainable growth in

U.S. consumer,… focusing sharply on expense management, and remaining highly disciplined in credit management," Charles

Prince, CEO of Citibank

“We have commenced some initiatives to look at our

operating expenses" Alan Levan, Chairman and CEO

BankAtlantic

“The evolution of the financial markets and the number of significant governance issues recently faced by

complex financial firms clearly underscore the need to view risk

management on an enterprise-wide basis… The silo approach to

compliance has prevailed for far too long.” Federal Reserve Governor

Susan Bies

A consolidated – or “enterprise-wide – approach to compliance risk management has become

“mission critical” for large, complex banking organizations….

Federal Reserve Governor Mark Olsen

• Increasing Laws and Regulations

• Overlapping Requirements / Increasing Costs

Regulator expectationsRegulator expectations Current Industry FocusCurrent Industry Focus


ERM: Value Proposition

• Compliance with laws and regulations, particularly regarding governance and oversight

• Favorable views from credit agencies, insurers, analysts and other stakeholders

• Improved understanding on the part of senior management and the board about the nature of risk in their business, including concentrations of risk exposures across risk types and business units

• Identifying situations where the enterprise’s aggregate risk exposure exceeds its risk appetite

• Freeing up capital and making improved capital investment and capital allocation decisions

• Promoting a risk-aware operating culture and accountability

• Enhancing reputation and transparency


ERM Marketplace Perspective:

Deloitte & Touche LLP2006 Global Risk Survey


Increasing Trend of Risk as a Board Responsibility

• Risk management continues to be elevated in priority– 70% of institutions said risk

management

– 60% of participating institutions reported that the board takes at least a “somewhat active” role in risk management

– 76% of institutions reported that their risk committee of the board played a “somewhat active” role in overseeing risk management


Strategic Role of the Chief Risk Officer (CRO)

CRO Reporting

Institutionswith a CRO


44% of institutions said they have a centralized approach, 35% said decentralized, while the remaining 21% used a mixed of both

• Key is to tailor the approach to the institution’s governance approach, organizational structure, size and operating philosophy

Risk Oversight Approach Varies


Traditional Risk Management Viewed as More Effective Risk Management

Effectiveness– Over 70% of

participants rated their institutions highly in managing market, credit and liquidity.

– With companies placing a greater dependence on models, an emerging risk that needs to be considered is model risk


• Despite its appeal, ERM implementation is still fairly limited – only 35% of institutions have an ERM program in place

• Continued interest in integrating ERM with the organization's decision making framework – 2/3 reported having a formal, enterprise-level statement of their risk appetite that is either quantitative or qualitatively defined and approved

ERM- A work in Progress


• Most institutions lack quantitative understanding of costs and benefits– Only 13% of firms

in the survey quantify ERM costs and just 4% quantify ERM value.

• ERM benefits cited most often:

-“improved understanding of risks”, “improved regulator perception” and “reduction in losses due to risk events”

ERM Value Exceeds the Costs for Many Institutions


Risk Types Included in ERM Vary


– Less than half the institutions have integrated ERM with IT risk or strategic planning

– Only about one-third have integrated it with budgeting or project management risk, and even fewer with vendor risk assessments

Lacks Integration with Other Initiatives


Technology Integration Concerns

• 58% of executives saying it is a major concern

• Additional concerns were:

• a lack of flexibility in extending current systems

• high cost of maintenance and vendor fees

• inability to provide frequent and timely reporting


Recap of Key Themes

• Risk Management responsibility is being elevated to the Board level much more commonly than in prior years

• The importance of the CRO role continues to increase with majority of CROs reporting directly to the CEO or the Board

• Fully implemented ERM is still work in progress

• Most institutions perceive benefits of the ERM programs to outweigh the costs, but few have quantified them

• Integration throughout the organization and with other risk initiatives is still a challenge in most cases


ERM:Unlocking the Value


ERM: Value in the Sum and the Parts

IntegrationIntegrationEconomic Capital

& Value Based Management

Economic Capital & Value Based Management

Risk Management

Risk Management

Integrate Risk Learning

Capability

Integrate Risk Learning

Capability

Strategic Planning & Oper. Charges

Strategic Planning & Oper. Charges Risk MitigationRisk Mitigation

Risk Quantification

Risk Quantification

Quantitative Analysis &

Scoring

Quantitative Analysis &

Scoring

Calibration with Loss Event & Qual

Data

Calibration with Loss Event & Qual

Data

Risk Indexing and Aggregation

Risk Indexing and Aggregation

Performance & Risk Metrics Dashboard

Performance & Risk Metrics Dashboard

Assessment &Design

Assessment &Design

Business Unit Risk Analysis &

Diagnostics

Business Unit Risk Analysis &

Diagnostics

Business Process Structure & Value

Chain Assessment

Business Process Structure & Value

Chain Assessment

Cultural Risk AssessmentCultural Risk Assessment

Key Metrics & Risk Indicators Identification

Key Metrics & Risk Indicators Identification

Structure &Strategy

Structure &Strategy

Current Initiatives & Goals Review

Current Initiatives & Goals Review

Risk Identification Framework

Risk Identification Framework

Operational Risk Policies &

Procedures

Operational Risk Policies &

Procedures

Vision Strategy & Operational

Structure

Vision Strategy & Operational

Structure

Executive Management & Board Support

Executive Management & Board Support

Roles and Responsibilities

Roles and Responsibilities

Corporate Governance


ERM: Value in the Sum of the Parts

Vision

Governance

Culture

Methodology

Common Language

Risk Policies

Risk Appetite

Risk Assessment

Risk Measurement

Risk Monitoring

Reporting

Independent Verification/ Testing


ERM: Establishing a Shared Vision

Risks are treated as a portfolio at the enterprise level and are correlated and aggregated across risk types and business units.

Risk management is enterprise-wide and encompasses all risk types including strategic and operational.

Risk management functions independently within business units. Risk types managed are limited to hazard, financial, and compliance.

Risk management activities are ad hoc. No overarching risk management philosophy or objectives are defined.

Risk management is built into decision-making. The organization selectively seizes opportunities because of its special ability to exploit risks.

Description

• Calculation of risk measures that can be aggregated

• Risk treatment integrated and costs optimized

• Risks clearly linked to strategic objectives• Defined and documented• Forward looking• Clear accountability

• Capabilities vary across BUs• No cross-BU coordination• Some expertise within limited number of

risk types such as market, credit, or hazard

• Success depends on individuals• People are unaware of risks• Risks managed reactively

• Focus on value creation and preservation• Institutionalized • Confidence in ability to manage risks based

on track record

Commentary

Level 4Integrated

Level 3Comprehensive

Level 2Fragmented

Level 1Initial/Ad Hoc

Level 5Strategic

Maturity

No risk management capabilities are in place. There is a lack of any recognizable process.

• Applies to new entities• Ephemeral state

Level 0Nonexistent


Executive CommitteeExecutive

CommitteeAudit

CommitteeAudit

CommitteeERM FunctionERM FunctionBusiness UnitsBusiness Units Risk Committees

Risk Committees

RatifyRatifyApproveApproveOverseeOverseeMonitor & AggregateMonitor & Aggregate

Take and Manage Risks

Take and Manage Risks

• Ownership of business unit activities which give rise to risk and responsibility for risk management and mitigation

• Risk identification and self-assessments

• Developing strategy & taking actions to manage and mitigate risks within policy and risk appetite

• Providing assertions on risk exposure and controls for their business area / function

• Business Unit Risk Managers coordinate the Business Unit risk assessment, monitoring, and mitigation activities

• Ownership of business unit activities which give rise to risk and responsibility for risk management and mitigation

• Risk identification and self-assessments

• Developing strategy & taking actions to manage and mitigate risks within policy and risk appetite

• Providing assertions on risk exposure and controls for their business area / function

• Business Unit Risk Managers coordinate the Business Unit risk assessment, monitoring, and mitigation activities

• Establishment of consistent risk policies, governance framework, standards, and information reporting mechanisms to facilitate effective risk management

• Monitoring and participation in specific risk committees for the purpose of providing the enterprise view

• Providing summary information and analysis to the Executive Committee to assess, evaluate, and act on risk

• Establishment of consistent risk policies, governance framework, standards, and information reporting mechanisms to facilitate effective risk management

• Monitoring and participation in specific risk committees for the purpose of providing the enterprise view

• Providing summary information and analysis to the Executive Committee to assess, evaluate, and act on risk

• Oversight over risks within scope of authority

• Oversight and approval of measurement and management methodologies for risks within scope

• Oversight of changes in risk profile

• Oversight of Business Unit management of designated risk categories

• Oversight over risks within scope of authority

• Oversight and approval of measurement and management methodologies for risks within scope

• Oversight of changes in risk profile

• Oversight of Business Unit management of designated risk categories

• Approval of key documents, such as:

– ERM Policy,

– Risk Appetite,

– Risk Governance Model,

– Authorities,

– Committee Charters

• Monitoring risk exposure status

• Approving Board reporting package

• Monitoring Business Unit mitigation plans and their status for top risks

• Approve limit exceptions

• Approval of key documents, such as:

– ERM Policy,

– Risk Appetite,


– Authorities,


• Monitoring risk exposure status

• Approving Board reporting package

• Monitoring Business Unit mitigation plans and their status for top risks

• Approve limit exceptions

• Ratification of key documents, such as:

– ERM Policy,

– Risk Appetite,


– Authorities,


• Ratification of key documents, such as:

– ERM Policy,

– Risk Appetite,


– Authorities,


ERM Governance: Key Stakeholder Roles and Responsibilities

Internal AuditInternal Audit

ValidateValidate

• Independent Verification and Testing of:

– Internal Controls,

– Quality of the Operational Risk Management Program,

– Quality and integrity of risk models

• Independent Verification and Testing of:

– Internal Controls,

– Quality of the Operational Risk Management Program,

– Quality and integrity of risk models

Illustrative


ERM: Migrating from “minimizing risk” to “managing risk”

Focus on establishing a culture within the organization that “manages risks” rather than just “minimizes risks”

Need to identify what is your organization’s style and ability to absorb an ERM initiative

Cultural issues with the great impact on organizations: Tone at the top Organizational alignment Communication Embedding ERM in organizational processes

Focus on establishing a culture within the organization that “manages risks” rather than just “minimizes risks”

Need to identify what is your organization’s style and ability to absorb an ERM initiative

Cultural issues with the great impact on organizations: Tone at the top Organizational alignment Communication Embedding ERM in organizational processes

CultureCulture


ERM Methodology

ERM policies and procedures should include identifying, measuring, monitoring and controlling operational risk across the organization

Well defined ERM umbrella can provide and receive information to satisfy multiple initiatives

Common language needs to be established including risk categories and risk appetite

Delineation between “risk taking” and “risk management”

Data capture, analytical frameworks, reporting and escalation protocols

Enterprise-wide view of risk

ERM policies and procedures should include identifying, measuring, monitoring and controlling operational risk across the organization

Well defined ERM umbrella can provide and receive information to satisfy multiple initiatives

Common language needs to be established including risk categories and risk appetite

Delineation between “risk taking” and “risk management”

Data capture, analytical frameworks, reporting and escalation protocols

Enterprise-wide view of risk

MethodologyMethodology


ERM: Measuring Risk Across a Maturity Continuum

Risk Assessment and Scoring

Risk Assessment and Scoring

Key Risk

Indicators (KRIs)

Key Risk

Indicators (KRIs)

Loss Event and Scenario Modeling

Loss Event and Scenario Modeling

Economic Capital Modeling and

Allocation

Economic Capital Modeling and

Allocation

Key Characteristics

• Risk framework

• Self-assessment

• Assessable entities are identified

• Impact and Likelihood

• Unmitigated Risk, Control Effectiveness, and Residual Risk

• Quantitative Risk Scale

• High, Medium, Low dollar thresholds

• Risk Scoring, Analysis and Quantification

Key Characteristics

• Risk framework

• Self-assessment

• Assessable entities are identified

• Impact and Likelihood

• Unmitigated Risk, Control Effectiveness, and Residual Risk

• Quantitative Risk Scale

• High, Medium, Low dollar thresholds

• Risk Scoring, Analysis and Quantification

Key Characteristics

• External and Internal Loss event categories identified

• Loss event database

• Causation factors captured

• Near misses captured

• Direct and Indirect Costs are tracked

• Thresholds set for reporting

• Scenario modeling performed by business experts to supplement loss data

Key Characteristics

• External and Internal Loss event categories identified

• Loss event database

• Causation factors captured

• Near misses captured

• Direct and Indirect Costs are tracked

• Thresholds set for reporting

• Scenario modeling performed by business experts to supplement loss data

Key Characteristics

• Overall framework and methodology for determining and allocating economic capital

• Methodologies should address all relevant risk types for entity

• Loss distribution (frequency and severity)

• Statistical models to estimate risk exposure

• Calculation engines (e.g., Monte Carlo simulation engine for Value at Risk)

Key Characteristics

• Overall framework and methodology for determining and allocating economic capital

• Methodologies should address all relevant risk types for entity

• Loss distribution (frequency and severity)

• Statistical models to estimate risk exposure

• Calculation engines (e.g., Monte Carlo simulation engine for Value at Risk)

Key Characteristics

• Indicators relevant as proxy’s of risk levels for different risk types

• Possible metrics categories include those indicative of business volume, operational efficiency, error rates, losses or potential losses, control effectiveness

• Indicators selected should be relevant as risk measures for specific risks and analyzed whether they are leading, lagging or coincident risk measures

Key Characteristics

• Indicators relevant as proxy’s of risk levels for different risk types

• Possible metrics categories include those indicative of business volume, operational efficiency, error rates, losses or potential losses, control effectiveness

• Indicators selected should be relevant as risk measures for specific risks and analyzed whether they are leading, lagging or coincident risk measures


Enterprise-wide view of Risk Information Management, Reporting and Escalation

ERM function

Board of DirectorsSenior Management

Risk Committees

Business Units

Data Collection• Risk metric inputs

Operationalized View• Practices and procedures• Guidance on risk mitigation

and limit information

Aggregation and Integration• Risk metrics and limit data• Business unit risk

assessment reporting

The Top Down View• Risk appetite, risk policies,

guidelines, and framework

Illustrative


Serves as a Central Data Repository

Allows for Customized Reporting

Encourages Action Planning

Provides on-going Monitoring

Promotes Accountability

Supplies Management Reporting

Presents Consistent Formatting.

Tools are Needed to Support Your Risk Management Process and Manage DataTools play an important supportive role in providing efficiency and consistency in the on-going risk management process. The right people and process drive the quality of the information, the tool manages the information. The role of tools includes, but is not limited to:


ERM: Sample Supporting Architecture

Risk Data Warehouse

Market Risk Engine

Credit Risk Engine

Treasury/ALM Risk Engine

Operational Risk Engine

Hazard Risk Engine

Strategic Risk Engine

• Limits

• VaR

• Correlations

• Pricing Engines

• Transactions

• Limits

• CVaR, CE, PFE

• Correlations

• Pricing Engines

• Counterparty Info.

• Transactions

• Limits

• VaR

• Correlations

• Pricing Engines

• Transactions

• OpVar, Exposure

• Qualitative Exposure

• Scenarios

• KRIs

• RCSA

• Internal Loss Data

• External Loss Data

• Fraud & AML

• Tolerances

• Financial Projections

• Scenarios

• Initial Financials & Projections

Extract, Transform and Load

Data Quality Management Engine

• OpVar, Exposure

• Qualitative Exposure

• Scenarios

• KRIs

• RCSA

• Internal Loss Data

• External Loss Data

Enterprise Applications

IT Management

Systems

HR Management

Systems

Financial Systems

Audit Systems

Risk Management Applications

Workflow Management

System

Document Management

System

Issue Management

System

Risk Treatment Systems

Enterprise Level Analysis & Reporting

Risk Correlation

Risk AppetiteCapital

Calculation & Modeling

Aggregate Risk Portfolio

Scenario Analysis

Risk Reporting

DashboardingMonitoring/

Alerts/Limits/ KRIs


Integration Brings Both Challenges and Value

Marketplace recognition that many risk and control initiatives overlap

• Demand for Efficiency

• Demand for Data

• Demand for Value

Sarbanes-Oxley

Internal PoliciesBasel II

SEC Public Co Standards

FDICIA

PeoplePeople

ProcessProcess

TechnologyTechnology

Illustrative


NowNow

Management Reporting

Regulatory Requirements

Risk Initiatives

1)2)…………..

10)

Shared Information

LaterLater

MaybeMaybe

Unlocking ERM Value: Finding Opportunities for Integration

Complexity


Sustained Integrated

Infra-structure

Sustained Integrated

Infra-structure

ERM Integration: Unlocking Value

InputsInputsOutputsOutputs

1. Catalogue Existing Lines of Business1. Catalogue Existing Lines of Business

4. Refine and Optimize Processes4. Refine and Optimize Processes

2. Identify, Catalog and Assess Existing Risks & Controls

2. Identify, Catalog and Assess Existing Risks & Controls

6. Streamline Governance6. Streamline Governance

5. Rationalize Infrastructure & IT 5. Rationalize Infrastructure & IT

3. Inventory Risk, Requirements and Controls3. Inventory Risk, Requirements and Controls

7. Assess outputs to Desired Goals and Success Factors

7. Assess outputs to Desired Goals and Success Factors

Transformational StepsTransformational Steps

Existing ‘Silos’

Existing ‘Silos’

Regulatory Environment Requirements

Regulatory Environment Requirements

Internal PoliciesInternal Policies

Market Pressures

/Competition

Market Pressures

/Competition

Managed Costs and

Operational Efficiency and Effectiveness

Managed Costs and

Operational Efficiency and Effectiveness

Streamlined Governance

and Interaction

Streamlined Governance

and Interaction

Improved TransparencyImproved

Transparency


Integrated ERM

Business Process [Policies, Procedures, Controls, Systems, People]Business Process [Policies, Procedures, Controls, Systems, People]

Loss Event

Data Base

OFFICE OF THE CROAggregate / Analyze / ReportOFFICE OF THE CROAggregate / Analyze / Report

Risk Events and Losses

Risk Events and Losses

Identify Risks (Market, Credit, Operational, Reputational,

Financial Reporting, etc.)

Identify Risks (Market, Credit, Operational, Reputational,

Financial Reporting, etc.)

BOD and Sr. MgmtBOD and Sr. MgmtRegulators (e.g., SEC, FHFB, OCC, etc.)Regulators (e.g.,

SEC, FHFB, OCC, etc.)

Estimate Risk ExposureE.g., Subject Matter Experts for Reputational Risk and Risk Analytics Engines for Market,

Credit, and Operational Risk

Estimate Risk ExposureE.g., Subject Matter Experts for Reputational Risk and Risk Analytics Engines for Market,

Credit, and Operational Risk

Internal AuditInternal Audit

Mitigate RiskMitigate Risk Allocate CapitalAllocate Capital

• Risk Exposure• Capital Allocation• Losses• Compliance with SOX• IA Testing Results, etc.

•Capital Requirements Compliance•SOX Attestation

Illustrative

Business Units, Finance, Legal Dept, etc.Business Units, Finance, Legal Dept, etc.

“RULES”

INTERNAL AUDIT

GOVERNANCE

RISK ASSESSMENT & MONITORING

RISK TAKING AND RISK MANAGEMENT

Risk Assessment Results to feed the Risk Based Audit Plan

Report Control Deficiencies (e.g., SOX)

• Ratified Risk Policies

• Ratified Risk Appetite

Test Internal Controls

Including SOX controls

Test Internal Controls

Including SOX controls

• Methodology• Policies• Risk Limits• Guidance• Enterprise View

• Reporting


ERM Case for Integration: Key Challenges

• Does underlying technology support integration?

• Does the organization have a commonly shared language for risk?

• Should integration efforts be divided into short-term and long-term efforts, or conducted at once?

• What has and has not worked for other organizations in integration, and what does that mean for my organization?

Although organizations are interested in integration, as the results of the 2006 Risk Management Survey confirm, most are still in the process of investigating options and planning for future efforts. Some challenges commonly faced by organizations include:


Questions and Comments

Dolores Atallo-HazelgreenFirm Director

Deloitte & Touche LLP(212) 436- 5346

[email protected]


About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other’s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names “Deloitte”, “Deloitte & Touche”, “Deloitte Touche Tohmatsu”, or other related names. Services are providedby the member firms or their subsidiaries or affiliates and not by the Deloitte Touche Tohmatsu Verein.

In the U.S., Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the U.S. member firm are among the nation’s leading professional services firms, providing audit, tax, consulting and financial advisory servicesthrough nearly 30,000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the U.S. member firm’s Web site at www.deloitte.com/us.

Copyright © 2007 Deloitte Development LLC. All rights reserved.

enterprise risk management (“erm”): more value and more challenges dolores atallo-hazelgreen...

Documents

enterprise risk management

risk mitigation

risk policies

deloitte development

global risk survey erm

erm foundation

risk environmenterm

multiple definitions