Upload
ron-harasym
View
42
Download
4
Embed Size (px)
Citation preview
1
Strategic Risk Management
How A Comprehensive Approach to RiskManagement Can Improve Corporate Governance
and Increase Shareholder Value
Ron HarasymVice-President Risk Management
2
Agenda
Risk Management Post Sarbanes-Oxley
Governance Process
Best Practices – Risk Management & Internal Controls
Risk Management Infrastructure
Risk Management Hierarchy
Risk Culture – Processes vs. Getting it Right
Summary – Success Factors
3
Risk Management Post Sarbanes-Oxley
• Regulators and rating agencies are intensifying focus on RiskManagement standards; there is less room for negotiation.
• Recognition that risks are increasingly correlated across businessesand sometimes across different risk types, requiring a much moreintegrated approach to managing them.
• Heightened market sensitivity to unanticipated risk events; fiscalsurprises of any kind now leading to market penalties often amultiple of the real economic loss to shareholders.
• Boards and CEOs have responded by becoming more involved.End result has been the overhaul of Risk Management practices.
4
Governance Process
Board Committees• Approve risk appetite limits and set strategic direction for the
Corporation• Provide oversight for Risk Management activities
Management Committees• Develop strategic vision for key enterprise-level activities• Approve policies governing enterprise level activities
Working Committees• Develop framework for implementing key risk activities• Develop and adopt policies governing key risk activities
5
Best Practices – Risk Management &Internal Controls
• Best practices are about management, not models.
• Has Sarbanes-Oxley helped or hindered best practices?
• Core elements to best practices risk management are:
• Defining the risk strategy & risk appetite
• Instilling effective and efficient risk processes
• Full risk transparency
• Establishing a robust risk organization with a shared riskculture
6
Risk Management Infrastructure
• Strong and visible commitment from top management
• Central oversight of risk management across the enterprise
• Separation of duties
• Clearly defined responsibility and accountability
• Full ownership of risk and risk management at business unit level
• Cost effectiveness & Cost efficiency
• Adds value (not just bureaucracy) both defensively andoffensively.
7
Risk Management Hierarchy
Long-Term Strategic Plan
Performance Objectives & Compensation Risk Philosophy/Appetite
Risk Management Policy
Corporate Risk Management Policies
• Aligned with strategy• Risk limits/tolerances by risk pool• Absolute standards in line with risk appetite
Business Level Policy Guidelines
• Business specific guidelines• Aligned with Policy standards
Board Level
Management CommitteeLevel
Business/ManagementCommittee Level
Credit Administration Procedures
• Consistent measurement/monitoring of risk• Specific processes
Business/Administration Level
Approval andException Reporting: Examples:
• Risk Tolerance Limits• Risk Culture & Philosophy
• Policies for Key Risk Drivers
•Administration ProceduresManuals
•Risk-specific policies geared forthe business unit
8
Risk Culture: Processes vs. Getting it Right
• Processes:• Risk limits & policy setting.• Capital allocation• Risk adjusted performance measurement• Model validation• Documentation
• Getting it Right:• Building a partnership between Risk Management and the
Business Units• Aligning incentives & compensation• The search for talent.
9
Summary – Success Factors
• Board Involvement• Management Leadership• Corporate-wide Initiative• Values Based Process• Regulatory Partnership
Drivers of SuccessSuccess Factors
• Enterprise-wide View
• Effective & Efficient Governance
• Separation of Duties
• Aggregation of Risks
• Transparency of Risks & Reporting
• Consistency of Practices
• Accountability
“Best-in-class” Risk ManagementOrganization
Objective