Upload
kaden
View
48
Download
0
Embed Size (px)
DESCRIPTION
Working with your Board to Improve Risk Management and Board Risk Oversight. Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University Arya Yarpezeshkan – CRO at the Navigator’s Group Joe Pugh – Sr. Advisor, ERM at AARP. Presenters. • Paul Walker, Ph.D., CPA - PowerPoint PPT Presentation
Citation preview
Page 1
Recording of this session via any media type is strictly prohibited.
Page 1
Working with your Board to Improve Risk Management and
Board Risk Oversight
Paul Walker – Schiro/Zurich Chair of ERM at St. John’s UniversityArya Yarpezeshkan – CRO at the Navigator’s Group
Joe Pugh – Sr. Advisor, ERM at AARP
Page 2
Recording of this session via any media type is strictly prohibited.
• Paul Walker, Ph.D., CPASchiro/Zurich Chair in ERM, St. John’s University
• Arya YarpezeshkanChief Risk Officer, The Navigator’s Group
• Joe PughSenior Advisor, ERM, AARP
Presenters
Page 3
Recording of this session via any media type is strictly prohibited.
Top Issues for Boards
• Board top issues:• Risk oversight• Strategic risks
• Investors want more information on strategy and risk oversight (what the board is thinking)
Page 4
Recording of this session via any media type is strictly prohibited.
SEC 2014 National Exam Priorities
• Designed to:• communicate with investors and registrants
about areas that the staff perceives to have heightened risk
• and to support the Securities and Exchange Commission (“SEC”) mission to protect investors;
Page 5
Recording of this session via any media type is strictly prohibited.
SEC 2014 National Exam Priorities
• Corporate Governance, Conflicts of Interest, and Enterprise Risk Management. The NEP will continue to meet with senior management and boards of entities registered with the SEC, including their affiliates where appropriate, to discuss how each firm identifies and mitigates conflicts of interest and legal, compliance, financial, and operational risks. This initiative is designed to: (i) evaluate firms’ control environment and “tone at the top,” (ii) understand firms’ approach to conflict and risk management, and (iii) initiate a dialogue on key risks and regulatory requirements.
Page 6
Recording of this session via any media type is strictly prohibited.
What to Expect
• Strategies for working with your board• Ways to present and report an integrated,
transparent view of your organization’s risks• Ideas on improving and benchmarking risk
management and board risk oversight
Page 7
Recording of this session via any media type is strictly prohibited.
1. INTERNATIONAL SPECIALTY INSURANCE UNDERWRITER
3. ONE OF THE “100 MOST TRUSTWORTHY COMPANIES” BY FORBES.COM
2. FOCUSED ON MARINE, ENERGY, SPECIALTY CASUALTY, AND D&O / PROFESSIONAL LIABILITY
Page 8
Recording of this session via any media type is strictly prohibited.
Recommendation: Have a governance framework that is appropriate and effective for your organization
8
Group ERM Management Committee
Group ERM Management Committee
Board of Directors – Risk Reporting
Board of Directors – Risk Reporting
Governance & Compliance
Risk Sub-Committee
Governance & Compliance
Risk Sub-Committee
UW & Claims Risk Sub-
Committee
UW & Claims Risk Sub-
Committee
FinanceRisk Sub-
Committee
FinanceRisk Sub-
Committee
OperationsRisk Sub-
Committee
OperationsRisk Sub-
Committee
Page 9
Recording of this session via any media type is strictly prohibited.
Recommendation: Clarify roles and responsibilities
Roles and Responsibilities Oversight
Escalation
Coordination
Ownership
Assurance
Page 10
Recording of this session via any media type is strictly prohibited.
Recommendation: Provide the Appropriate Information For the Board to Execute its Oversight
Duties
• Is the board receiving the information it needs to foster effective risk oversight, or is it drowning in data providing little knowledge or insight?
• Are we providing the appropriate information for the board to determine if management is effectively managing risk?
• Is there sufficient agenda time for discussing the enterprise’s risks?
Page 11
Recording of this session via any media type is strictly prohibited.
Recommendation: Know Your Audience
• Broad or narrow skill sets?
• Big picture or detail oriented?
Unsure of the appropriate level of detail? Then ask them.
Page 12
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
1. Emerging risks and opportunities
2. Risk tolerances vs. actual
3. Key risks
4. Risk events
5. Appendix
Agenda
Page 13
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Emerging Risk Summary
Potential Impact
HIGH Emerging Risk 1 Emerging Risk 4 Emerging Risk 6
MEDIUM Emerging Risk 2 Emerging Risk 5 Emerging Risk 7
LOW Emerging Risk 3
< 6 months 6 m - 2 years >2years
Time frame
Risk Sub-Committee Owner
UW & Claims
Finance
Operations
Compliance & Governance
Page 14
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Risk Tolerance SummarySample Risk Tolerances
Figures in (000s)
% $ % $
1. Maintain a maximum single risk net incurred loss tolerance < x% of shareholder equity2. A single loss-producing event (natural or man-made catastrophe) will not generate net incurred loss of more than x% of shareholders equity, as measured at a 99.6th % excedance probability (1-in-250 year).
3. Multiple loss-producing events within a single 12 month period will not generate net incurred loss of more than x% of shareholders equity, as measured at a 99.6% excedance probability (1-in-250 year).
4. A single or combination of exogenous economic shocks will not result in a de-valuation of invested assets greater than x%, in any continuous 12 month period or less, as measured at a 99.6% excedance probability (1-in-250 year).
5. No single Division will constitute more than x% of our GWP in any single calendar year.
6. Maintain broad and deep intellectual capital in our underwriting units to ensure that business interruption from loss of key personnel cannot cause more than x% of lost GWP over the course of a single year.
7. Business interruption (from external event, disruption to systems / premises) will be mitigated so that no more than x% of GWP is lost over the course of a year.
Q4 13% of
Tolerance
Investments
Underwriting Management
Operational / Reputational
Tolerance Statements
Tolerance Q1 Risk Estimate Q1 14% of
Tolerance
Capital Management & Financial Performance
Page 15
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Capital Adequacy / Key Risks Summary(in USD Mi l )
Q12014
Underwriting Risk xxxNon-Nat Cat Risk xxxNat Cat Risk xxxReserve Risk xxx
Investment Risk xxx
Non-Investment Related Credit Risk xxx
Operational Risk xxx
Total Risk (Before Diversification) xxx(less) Diversification Benefit xx
Total Risk (After Diversification) xxx
Policyholder Surplus xxxSurplus : Risk Ratio xxx %
Page 16
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Key Risk Example: Investment Risk
SummaryInvestment risk increased by xx% as a result of heightened volatility in the Treasury Markets; however, the risk is still within our tolerances.
Risk DriversChanges in the macro-economic environment, etc.
Quantification
Key Risk Indicators…
Action Items…
$xx Stochastically modeled. Investment data as of 9/30/2013. Q4 13 1/100 yr $xx $xx $xx
Figures in (000s)
Period FrequencySeverity:
Minimum CaseSeverity:
Expected Case
Severity:Extreme Case
1/100 yr
SH EquityTolerance1/100 yr % of Tolerance Extreme Case - Methodology
Page 17
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Key Risk Indicators– Detail in AppendixInvestment Key Risk Indicators
Volatility of Expected Return by Risk Factor
Volatility at 99% VaR
Global Financial Stress Scenarios
Q3 2013
Global Financial Stress Scenarios
Portfolio Impact
%
Portfolio Impact
$
Tolerancex.x% of Invested Assets
% of Tolerance
% of Tolerance
Lehman Default - 2008 Russian Financial Crisis - 2008 Equities down 10% EUR down 10% vs. USD Oil Prices Drop - May 2010 Japan Earthquake - Mar 2011 Debt Ceiling Crisis & Downgrade 2011 EUR up 10% vs. USD Equities up 10% Greece Financial Crisis - 2010 Libya Oil Shock - Feb 2011 Equity Markets Rebound - 2009As of 9/30/2013
Q4 2013
Page 18
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Emerging Risk – Detail in Appendix
Analysis
Description
Likelihood Low
Severity High
Time horizon
Trend
Potential Impact (qualitative description)
Risk Drivers
Management Analysis
Action Plans / Mitigation Strategies
Monitoring Controls
Applicable Entity
Controls Owner
Risk Category
Executive Owner
Board Committee Owner
More likely.
Solar Storm events, Failing infrastructures; Cyber attacks
The event could impact multiple lines of business and cause signficant supply chain disruptions.
Traditional loss scenarios only assume power blackouts for a few hours or days. However, space weather events or coordinated terror attacks could cause prolonged blackouts with significant impacts on society and industry. Critical infrastructure such as communication and transport would be hampered, heating and water supply would stop, and production processes and trading would seize.
6 m - 2 years (medium-term)
Prolonged Power Blackout
Page 19
Recording of this session via any media type is strictly prohibited.
Takeaways• Have a governance framework that is appropriate and
effective for your organization
• Clarify responsibilities
• Know your audience
• Use the Report Appendix to your advantage
The information presented herein is for informational purposes only and is not intended to be legal, accounting or other professional advice or opinions on specific facts or matters, used for trading or investment purposes or a complete description of certain aspects of the business of Navigators and its operating subsidiaries.
Page 20
Recording of this session via any media type is strictly prohibited.
1. SOCIAL MISSION ORGANIZATION
2. NON-PROFIT & NON-PARTISAN
3. FIGHTS FOR PEOPLE 50+
4. A TRUSTED SOURCE OF INFORMATION
5. OFFERS ACCESS TO PROGRAMS, SERVICES & DISCOUNTS
6. CONNECTS PEOPLE TO VOLUNTEER OPPORTUNITIES
Page 21
Recording of this session via any media type is strictly prohibited.
ERM at AARP
Program maturity
Modeling the message
Page 22
Recording of this session via any media type is strictly prohibited.
Recommendation: Assign ERM to the full board and keep them focused
• Does the full board have primary governance oversight?
• Is the full board focused on the top strategic risks?
• Is the full board dealing with the details of how management is managing the risks?
• Is the board’s role one of “risk” management or “list” management?
Page 23
Recording of this session via any media type is strictly prohibited.
Recommendation: Include ERM on board self-assessment
“Critical risks facing the organization are proactively identified by management and fully vetted with the board”
“An appropriate process is in place to effectively manage each of the critical risk areas”
“The board holds management accountable for effective ERM stewardship”
Page 24
Recording of this session via any media type is strictly prohibited.
Recommendation: Benchmark your program
•Board’s like to know how your program stacks up
•Is the board comfortable that you have an effective program in place for managing risks? – If not, share statistics•Are we “right-sizing” the benchmarking data?
Page 25
Recording of this session via any media type is strictly prohibited.
Recommendation: Keep risk reporting simple
•Does the board have the right information for effective risk oversight?
•Content over quantity
•Are we providing transparency and insight in our risk reporting?
Page 26
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Agenda1.Residual risk heat map2.Summary risk profile scorecard3.Individual risk mitigation scorecards
Page 27
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Sample Illustration Only
Page 28
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Sample Illustration Only
Page 29
Recording of this session via any media type is strictly prohibited.
Example: Board Risk Reporting
Sample Illustration Only
Page 30
Recording of this session via any media type is strictly prohibited.
Takeaways
• Assign ERM to the full board and keep them focused
• Include ERM on board self-assessment
• Benchmark your program
• Keep risk reporting simple
Page 31
Recording of this session via any media type is strictly prohibited.
Board Risk Oversight Improvement• ERM: required and also increases value,
lowers earnings volatility, leads to better decisions, improves reputation…
• Governance metrics are used by analysts, viewed by the market, bad/good news, impact the ability to attract board members
• We have governance metrics and board assessment but not BRO metrics or assessment
Page 32
Recording of this session via any media type is strictly prohibited.
Board Risk Oversight Improvement
• Benchmark, review, improve ERM and BRO• BRO Methods
• BRO assessment and self-assessment• BRO metrics and questions
Page 33
Recording of this session via any media type is strictly prohibited.
Board Risk Oversight Improvement
• NACD 10• Deloitte 20/21• BRO 30 (Walker et al. 2012)• RCC 27 (Walker et al. 2014)
Page 34
Recording of this session via any media type is strictly prohibited.
Board Risk Oversight ToolIn recent work the authors found that the number one tool used by
companies to manage risk is not some sophisticated modeling tool or even a risk assessment exercise. Instead, the number one tool preferred by many companies is to have a conversation about risks with management, and with and among the board. The tool presented here is not meant to replace that conversation, but should be used to ignite that conversation.
For each question for which the board believes there is a lack of consensus, the board should have a discussion about why they are not following this practice. In some cases, the questions are rooted in mandated regulations. In other cases, they are considered a best practice by many companies and by the research team.
34Confidential; not for distribution
Page 35
Recording of this session via any media type is strictly prohibited.
Tool• The board and the organization have a rigorous strategic plan which incorporates all
major and emerging risks.• The board is comfortable that management has identified all enterprise level risks.• The board has a clearly defined risk oversight process and has clearly established risk
responsibility.• The organization has a CRO or ERM leader with direct line reporting to the board or a
respective board committee.• The board quarterly reviews risk maps, risk dashboards, or related risk reporting.• The board and organization go beyond risk maps and generate risk action plans as well
as related risk metrics.• Corporate decision making includes a discussion of the potential risks embedded in
those decisions.• The organization is prepared for a S&P or Moody’s assessment of their ERM process.• The board is informed of emerging risks on a timely basis.• The board has received ERM training.
35Confidential; not for distribution
Page 36
Recording of this session via any media type is strictly prohibited.
Tool• Executives openly share all risk information with board committees.• The organization has had no major risk debacles in the past fiscal period.• Executives and management level risk committees have adequate
resources and training to identify and manage risks.• Important risk information is streamlined and reported to the appropriate
executives and board level committees promptly.• ERM is viewed as a critical way to create value and grow the organization,
while taking the appropriate risks.• The organization identifies the risks related to compensation plans.• Performance is evaluated in relation to the risks taken in achieving that
performance.• The organization views and assesses risk by business unit.
36Confidential; not for distribution
Page 37
Recording of this session via any media type is strictly prohibited.
Tool• The board is engaged in the discussion of strategy and the related risks.• The board includes some members who are experts in the organization’s
relevant risks or risk oversight.• The board feels confident in the risk oversight process.• The board examines its own talent for diversity of views and for the ability
to oversee risk.• The board examines risks that management missed to determine if the
risk was not identified or if it was not assessed properly. The feedback is used to manage future risks better.
• The board has good communication with the CEO on the risks facing the enterprise (both current and emerging).
• The board and management regularly assess their ERM process.
37Confidential; not for distribution
Page 38
Recording of this session via any media type is strictly prohibited.
St John’s Univ/Tobin College of Business
MS Risk MS Enterprise Risk Management MBA/MS Acct with a conc. in Risk and ERM Center for Excellence in ERM Executive Education – Certificate in ERM Booth _____
Page 39
Recording of this session via any media type is strictly prohibited.
Questions, Final Comments and Contact Information
Paul WalkerSchiro/Zurich Chair of ERM, St. John’s University
[email protected](212) 284-7011
Arya YarpezeshkanChief Risk Officer, The Navigator’s Group
[email protected](203) 905-6372
Joe PughSenior Advisor, ERM, AARP
[email protected](202) 434-3647