RISK MANAGEMENT TECHNIQUES AND STRATEGIESPRESENTED BY

VALDA FREDERICA HENRY, PhD, CFA, GPHR

FOR THE

9TH ANNUAL GENERAL MEETING & CONFERENCE

OF THE

CARIBBEAN ASSOCIATION OF AUDIT COMMITTEE MEMBERS INC (CAACM)

JUNE 11, 2015

SANDALS GRANDE, ANTIGUA & BARBUDA

OUTLINE

Role of the Board in Risk Management

Role of Audit Committee

Definition of Risk Management

Changing Face of Risk Management

Enterprise Risk Management

Tenets of Risk Management in the Banking Industry

Emerging Risks for Banking Sector

EPIGRAPH

If a bank is serious about risk management, then it will be serious from the top down,” (ATKearney, 2013)

ROLE OF THE BOARD IN RISK MANAGEMENT

Identify

Measure

Monitor

Control

Verify different risks within the banking industry

ROLE OF THE AUDIT COMMITTEE

UK Combined Code sets out main roles: Monitor financial statements

Review internal financial controls

Review internal control and risk management system

Monitor internal audit function

Review engagement and remuneration of external auditors

Review and monitor independence and objectivity of external auditors

ROLE OF AUDIT COMMITTEE II

1. Financial Reporting

2. Corporate Governance

3. Corporate control

PRACTICAL EXERCISE – ROLE OF AUDIT COMMITTEE (10 minutes)

On a scale of 1-5, rank the performance of your Audit Committee on these dimensions: Monitors financial statements

Reviews internal financial controls

Reviews internal control and risk management system

Monitors internal audit function

Reviews engagement and remuneration of external auditors

Reviews and monitor independence and objectivity of external auditors

Reviews compliance with relevant laws, regulations, prudential guidelines and by-laws

Reviews ethical conduct of the board, management and staff

PRACTICAL EXERCISE - ROLE OF AUDIT COMMITTEE II

On a scale of 1-5, rank the performance of your Audit Committee on these dimensions: Reviews controls with respect to the management of conflict of

interests of directors, managers and employees

Manages the whistleblowing process

Reviews pending legislation

Reviews and Manages cases of fraud

Conducts environmental scans and impact on the organisation

Reviews efficiency of operations

Reviews outcome of projects against the stated objectives

Reviews its performance annually

CHALLENGES FACING THE BANKING INDUSTRY

The “New Wave” Criminal Effecting cultural change More stress testing Dealing with heightened regulatory scrutiny Facing another economic downturn (Banking Tech, 2015) Bank funding, liquidity and collateral management remains a

concern Regulatory changes around the globe are introducing new strategic,

operational and potentially systemic challenges Cybersecurity and other geopolitical risks present unique oversight

challenges Economic and market conditions continue to pose short and long-

term risks (Ernst & Young, 2012)

DEFNITION OF RISK MANAGEMENT

Definition of risk The uncertainty that surrounds future events and outcomes.

Risk Management The systematic application of management policies, procedures, and

practices to the tasks of analyzing, evaluating, controlling, and communicating about risk issues. (Canadian Standards Association, 1997)

Enterprise Risk Management (ERM) A process, effected by an entity’s board of directors, management

and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. (COSO)

PRACTICAL ACTIVITY – RISK DEFINITION - GROUP WORK (15 minutes)

How do you define risk at your organisation?

What are the similarities?

What are the differences?

What are the implications of the differences?

Driving Forces Behind the Evolution of Risk Management

12

Stakeholders

Demand that management adequately identify all material risks that impact cash flow, capital and mission

Auditors

Current protocols require organizations to report risks in a forward-looking context

Activists

Secular business andnon-business activities – treatment of people, animals, …

Market and Credit Analysts/ Rating Agencies

Require that management strengthen its risk disclosure capabilities

Investors

Demand increased financial disclosure and transparency

Regulators

Increased interest in compliance and approval processes

The Company

The COSO ERM Framework and Sarbanes-Oxley Section 404

ELEMENTS OF ENTERPRISE RISK MANAGEMENT

Aligning risk appetite and strategy

Enhancing risk response decisions

Reducing operational surprises and losses

Identifying ad managing multiple and cross enterprise risks

Seizing opportunities

Improving deployment of capital

PRACTICAL EXERCISE – ERM IN PRACTISE (30 minutes)

Using the COSO Framework, conduct a risk assessment of your organisation?

What new risks were identified during this exercise?

Were any black swans identified?

HOLISTIC RISK MANAGEMENT – ANOTHER LOOK AT RISK

Holistic risk management is a concept about managing all the risks simultaneously, where risks are considered holistically rather than independently. It is all about accountability (Chibayambuya, 2007)

THE JIG SAW HOLISTIC RISK MANAGEMENT FRAMEWORK (Chibayambuya, 2007)

TOP DOWN AND BOTTOM UP APPROACH TO HOLISTIC RISK MANAGEMENT (Chibyambuya, 2007)

LAM’S HOLISTIC RISK MANAGEMENT STRATEGIES

Know your business

Establish checks and balances

Set limits and boundaries

Keep your eye on the cash

Use the right yard sticks

Pay for the performance you want

Balance the Yin and the Yang (Chibayambuya, 2007)

CHIBAYAMBUYA’S HOLISTIC RISK MANAGEMENT CYCLE

CHIBAYAMBUYA’S RISK ASSESSMENT PROCESS (2005)

KLOMAN’S RISK MANAGEMENT FRAMEWORK

All risks emanate from global risks. The global risks are the drivers of the organisational

risks facing the banking industry and includes: Political fragmentation Pandemics Nuclear proliferation Religious fundamentalism Population explosion Climate change

KLOMAN’S HOLISTIC RISK MANAGEMENT FRAMEWORK II

RISK MANAGEMENT TECHNIQUES

SWOT Analysis

PESTLE Analysis

Risk Mapping

Strategic Planning

Monitoring and Evaluation Systems

RISK MAPPING

In a risk map, an organization’s risk are plotted along two dimensions, risk frequency and risk severity. It

permits the capture of a visual image of the key risks facing the firm.

resulting risk map will help in the development and prioritization of available risk mitigation and financing strategies.

25

26

Low Medium High

LIKELIHOOD

Low

Med

ium

Hig

h

IMP

AC

T

TOOLS FOR BUSINESS RISK ASSESSMENT

27

Key Risks• Critical risks that potentially

threaten the achievement of organization’s objectives

• Lower likelihood, but could have significant adverse impact on organization objectives

• Significant monitoring not

necessary unless change in classification

• Periodically reassess

Lesser significance, but more likely to occur

• Consider cost/benefit trade-off

• Reassess often to ensure changing conditions (move to key risks)

LikelihoodAlmost Certain

Rare

Impa

ct

Low

High

PRACTICAL EXERCISE – RISK MAPPING (15 MINUTES)

Map the risk identified in the ERM Exercise earlier

Has the mapping confirmed the key risks and black swans identified earlier?

What course of action do you plan to take when you return to your organisation?

CONCLUSION

Risk Management is everyone’s business

A holistic, enterprise-wide view of risks provide a more comprehensive analysis of the risks of an organisation

A risk management approach fosters accountability

Audit Committees have a key role to play in the identification, management and control of risks in an organisation

ACKNOWLEDGEMENT

We thank the ECSE for its permission to use slides no 11, 18, 19 & 20

BIBLIOGRAPHY

ATKearney (2009) “Seven Tenets of Risk Management in the Banking Industry,” ATKearney

Banking Act, Dominica 2015

Banking Tech (2015) “Challenges for the Banking Industry in 2015,” Banking Technology

Chibayambuya J & DJ Theron(2007) “The Application of Holistic Risk Management in the Banking Industry” University of Johannesburg

Committee of Sponsoring Organisations of the Treadway Commission (COSO) (2004). “Enterprise Risk Management – Integrated Framework, COSO

Economic Intelligence Unit (2011) “Too Good to Fail? New Challenges for Risk Management in Financial Services,” The Economist

Ernst & Young (2012) “Top and Emerging Risks for Global Banking,” Ernst & Young

Financial Action Task Force (2014) “Guidance for a Rsk0Based Approach – The Banking Sector,” FATF

KPMG (2009) “Never Again? Risk management in banking beyond the credit crisis,” KPMG INTERNATIONAL.

THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!