ERM Chapter 4

Question 1

What are the 7 major components of a successful ERM framework?

Answer 1

1. Corporate governance - to establish organisational processes and controls
2. Line management - to integrate risk management into business processes
3. Portfolio management - to aggregate risk exposures and identify diversification effects and concentrations of risk
4. Risk transfer - to mitigate excessive risk exposures cost-effectively
5. Risk analytics - to measure, analyse and report on risk
6. Data and technology resources - to support the analytics and reporting
7. Stakeholder management - to communicate and report on risk

Question 2

What is meant by corporate governance?

Answer 2

The way in which the board controls the company and the processes that it puts in place to ensure the company is being run by management in the best interests of shareholders.

Question 3

Outline the responsibilities of the board with regard to RM.

Answer 3

The board is responsible for running the company as a whole and will ultimately be held responsible for any failures. Specific responsibilities include:

Risk governance:

• Setting the vision, strategy and risk culture of the organisation
• Establishing a framework for measuring, managing and monitoring the risks facing the organisation
• Reviewing the outcomes of and lessons learnt from the RM process on an ongoing basis to achieve its goal of delivering long-term value to its investors.

Setting ERM policies:

• Defining the company’s risk appetite
• Establishing what skills are needed to implement ERM strategies successfully, and implementing training programs where skills are deficient
• Guiding decisions on the most appropriate approach to, and structure for, ERM within the organisation including roles and responsibilities
• Approving suitable internal controls and ERM policies, to ensure ERM is being applied to the required standards, whether these standards are set internally or arise from legislation or regulation.

Determining risk compensation:
- Aligning the interests of management with investors through appropriate remuneration packages.

Question 4

Outline the responsibilities of line managers with respect to ERM.

Answer 4

Line managers should implement ERM policies agreed by the board. This involves setting up suitable RM processes and integrating the risk information collected into business decisions.

It is essential that line managers understand the risks they are taking, and are aware of the extent of their risk-taking powers e.g. when they can automatically make decisions and when they should seek feedback from more senior figures.

Execution of the Board’s RM vision and strategy will be the responsibility of the CRO, through line managers.

Question 5

What are the main features of the UK Corporate Governance Code (based on the Cadbury Code of Best Practice)?

Answer 5

• It applies to all UK listed companies
• Compliance with the code is voluntary, although there is a requirement for firms to disclose whether they comply with the code and, in the case of non-compliance, explain any deviations.
• Allows companies the freedom to choose a suitable approach given their industry, and explain differences in their approach to shareholders and the market.

Question 6

What are the main recommendations from the Cadbury Code of Best Practice?

Answer 6

• Full board meeting at regular intervals
• Board should be made aware of any significant activities such as acquisitions, capital projects
• Non-executive directors (NEDs) should have key responsibility for certain controls and monitoring functions
• Shareholders should approve directors’ service contracts in excess of three years
• Directors’ remuneration should be subject to review by a remuneration committee made up of NEDs
• Company reports should be balanced and understandable.

Question 7

What is a non-executive director?

Answer 7

An individual that is a member of a company’s board of directors but does not engage in the day-to-day management of the organisation. They are involved in policymaking and planning exercises.

Question 8

Explain the four key principles for excellence in corporate governance.

Answer 8

1. Communication with stakeholders: The board has a duty to disclose certain information about the company to stakeholders, which may include details regarding the RM practices. This leads to greater transparency of information to shareholders, and more informed decision-making on their behalf.
2. Independence of the board: The board should not be involved in the day-to-day management of the company. It should be distanced to better oversee and monitor its’ management.
3. Board performance: The board should engage in regular, formal self-assessments to compare their performance to the best practices. This could be carried out at an individual, subcommittee or full Board level. Due to the possibility of bias, it may be better done using external consultants. There should be regular development reviews and training for new board members.
4. Board compensation arrangements: Executive directors should not be overly compensated, but must be rewarded to reflect the responsibility and risk of being a board member. A reasonable proportion of compensation should be in the form of company stock to align their interests with the success of the company. Remuneration should also be aligned with risk management objectives to ensure the successful implementation of ERM.

Question 9

Outline the roles of a risk sub-committee.

Answer 9

A risk management subcommittee should oversee and challenge management’s treatment of risk, set risk policy, and gather information relevant to risk.

Responsibilities include ensuring a suitable ERM framework exists within the company, assess whether RM objectives have been achieved, ensure compliance with supervisory requirements for RM, report on risk to the board, and keep abreast of developments in RM.

A risk subcommittee charter will be drawn up on establishment of the risk subcommittee. In addition to the above, the charter will contain notes on membership (who is responsible for what, what is their experience and why are they responsible), the frequency of meetings, performance assessment (what criteria will be used), and what resources are available (what departments will they work with, the extent to which external consultants can be used).

Question 10

Outline the roles of the audit subcommittee.

Answer 10

Exists to give auditors direct access to NEDs and ensure auditors retain their independence from business services provided by the audit firm. Roles include monitoring the integrity of financial statements, monitoring and reviewing internal assurance functions such as financial control, risk management and internal audit, and recommending, monitoring and reviewing the external auditor.

Question 11

What is risk culture?

Answer 11

A subset of the firm’s overall culture, which relates specifically to the approach taken to risk management. A good risk culture is one in which people know, and do, the right thing, even if there is no specific rule or policy telling them what to do, rather than acting in their own interests.

Question 12

What is encourage by a good risk culture?

Answer 12

Consultative leadership, participation in decision-making on risks, openness, accountability rather than blame, organisational learning, knowledge sharing, and good internal communication.

Question 13

What are the key features of a supportive risk culture?

Answer 13

• Focus on developing positive employee behaviours with regard to risk
• Support the development of these behaviours with appropriate training for all employees, including educating the workforce about upside and downside risks
• Include a requirement for proactive responses to risk in job descriptions
• Incorporate RM objectives into the performance management processes
• Tie incentives to RM performance objectives, with clear targets and measures of success
• Ensure RM responsibilities are clearly defined and individuals are aware of their responsibilities
• Introduce a process to escalate risks to the appropriate level of seniority
• Develop an environment of openness where employees raise issues in the knowledge they will be heard and be open to new ideas
• Avoid a ‘blame culture’, in which the focus is on what went wrong, rather than how it can be prevented from happening again
• Set risk culture from the top of the organisation - board and senior management need to display appropriate risk behaviours
• Take opportunities to praise those with good behaviours
• Evaluate the risk culture (e.g. surveys) and review progress on an ongoing basis